Password brute forcing

Posted on December 9, 2012 by mbnielsen

A researcher named Jeremi Gosney has a setup with 25 GPUs and some extra equipment, where he is able to hack password hashes. 8 characters passwords in 5½ hours for the now “old” NTLM security is quite fast, and weaker schemes (like the default Windows XP scheme) even faster. Reading it, just underlines that MD5 is not usable for secure hashing.

It is no surprise that fairly long and complex passwords are needed to avoid simple brute forcing. The interesting thing is that we now have off-the-shelf software to do distributed password cracking using GPUs (at home). I am always considering Wifi passwords to be good candidates – it is most likely “never” changed, so you only need to crack it once, and it can be done by passive sniffing and offline cracking, so on one will ever notice 🙂

And when it becomes that easy to calculate, I would expect the internet to be flooded with rainbow tables

Posted in IT security | Tagged , , , , | 1 Comment

Wireless hacking

Posted on December 6, 2012 by mbnielsen

In the latest INSECURE magazine, there is a cool story (on page 51)  about wireless password and how to break into a network with poor protection. He just tramples the poor network and servers with of-the-shelf tool from backtrack 🙂

I might add that there are a lot of very cool reads in the earlier issues also.

Posted in IT security | Tagged , , , | 1 Comment

Raspberry pi

Posted on December 3, 2012 by mbnielsen

Wired magazine had a collection of fun stuff to do with a raspberry pi. Just for inspiration 🙂

Well, I think it might about time that I acquire one myself.

Posted in Computers | Tagged , | 3 Comments

Syria offline

Posted on December 2, 2012 by mbnielsen

In hindsight, there was something very predictable about the Syrians cutting the internet. I suppose that one of the fundamental rules in most conflicts is to cut the enemy communications. It happened in Libya, Egypt and perhaps other places during their revolutions.

It should also remind everybody that the worldwide internet is actually a lot of connected networks that governments can shut down if they see fit. In the US, they have been discussing it a lot, and it appears that Obama got himself a nice red kill switch.

Posted in IT security | Tagged , , | 1 Comment

cyber shooting range (model city size)

Posted on November 30, 2012 by mbnielsen

A cyber shooting range is something DARPA has been working on – it is big and expensive. I stumbled on “cybercity“, which basically is a model city where you can crack the systems and derail trains and induce power failures.

And it was all built for less than $1 million.

Perhaps we should get one for our students 🙂

 

Posted in Uncategorized | 1 Comment

Some insights into the value of passwords

Posted on November 28, 2012 by mbnielsen

Wired magazine have had some nice articles about password and the lack of security they provide. One of their journalist had a bad day …

The initial article and a follow-up. Fairly long articles , but definitely good reads. One of the conclusions are that you should enable two factor authentication on your gmail account.

Posted in IT security | 1 Comment