Home > Security/Exploits > Mwa Ha Ha! Crack your 10 char password for under $3,000

Mwa Ha Ha! Crack your 10 char password for under $3,000

A recent article from  David Campbell also published on The Register reminded us that there’s a lot of computing power available for rent at the moment. Using a pretty standard brute force password cracker as a benchmark, and Amazon’s EC2 computing platform cost of $.30 per hour, he came up with some surprising, but perhaps unexpectedly low figures for how much money it takes to crack various strength passwords.Brute forcing of passwords has often been dismissed due to the high amount of processing power it takes to make a dent in good password choices, but perhaps we sometimes forget that computing power is a lot less expensive than it once was, and is readily available. As you can pay for this kind of service via fraudulent means, and have it set up and available almost real time, the threat is very realistic.

David makes the comment:

As it becomes possible now for the black hat community to get their hands on large amounts of computing power, we as security professionals are going to need to reassess threat models that we thought previously were not a factor, using stolen credit cards, they could create a super computer that would be faster potentially than what the three-letter agencies have and they wouldn’t be paying for the CPU cycles.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: