GTX 1080Ti Needs One Hour to Crack 8 Character Digit Password →

· · 2 Comments

Jeff Atwood:

But that was 4 years ago. Exactly how secure are our password hashes in the database today? Or 4 years from now, or 10 years from now? We’re building open source software for the long haul, and we need to be sure we are making reasonable decisions that protect everyone. So in the spirit of designing for evil, it’s time to put on our Darth Helmet and play the bad guy – let’s crack our own hashes!

We’re gonna use the biggest, baddest single GPU out there at the moment, the GTX 1080 Ti. As a point of reference, for PBKDF2-HMAC-SHA256 the 1080 achieves 1180 kH/s, whereas the 1080 Ti achieves 1640 kH/s. In a single video card generation the attack hash rate has increased nearly 40 percent. Ponder that.

In the meantime, despite it being 2017, some websites and services still limit users to short passwords. Microsoft’s Outlook is limited to 16 characters as far as I remember and I know of even lower limits.

Edit

Fixed the title. Jeff pastes some examples later, using alphanumeric examples, hence my mistake.

Chcesz zwrócić mi na coś uwagę lub skomentować? Zapraszam na @morid1n.

  • @gracjangk

    Outlook has 2step verification

  • And that’s no excuse for not allowing passwords longer than 16 characters. 🙂