GPUs: Powering Your Gaming and Cracking Your Passwords
By Chris Head
Researchers at the Georgia Tech Research Institute, led by Richard Boyd, have demonstrated that off-the-shelf GPUs (the same that power the video card in your PC) are better at cracking passwords than had previously been thought, according to a BBC report.
The nature of GPUs require that they be able to process huge volumes of data in parallel. This technology is most commonly used to render high-definition 3d graphics for games, but has other, scarier implications.
Most GPU manufacturers have opened their hardware platforms to allow non-rendering applications to be written to run on the increasingly powerful cores, and one of the less-than-legal applications most suited to this type of technology is brute-force password cracking. Brute-force cracking requires testing every possible combination of characters that may make up a password, rather than checking a list of possible words in what’s known as a “dictionary attack”.
Modern GPUs are powerful enough that Boyd calls even a seven-character password “hopelessly inadequate” against the potential of a GPU, or multiple GPUs running in parallel. Of course, adding more characters to a password will make it exponentially more complex and difficult to crack via brute-force. Boyd suggests at least twelve characters (mixing numbers, letters, and symbols) to keep your data safe.. for now.
There are several excellent open source solutions to help generate and store secure passwords. My personal favorite is KeePass, which is available free on several platforms (including Windows, MacOS, Android as KeePassDroid, and iOS as MyKeePass). KeePass will help generate random, secure passwords and store them in an encrypted database.