Comments on: Pen Testing with Distributed Password Recovery and GPUs http://blog.crackpassword.com/2009/03/pen-testing-with-distributed-password-recovery-and-gpus/ «...This blog is about <a href="/?s=password+recovery">cracking passwords</a>, <a href="/?s=forensic">forensics solutions</a>,<br><a href="/?s=security">computer and network security</a>, <a href="/?s=system+recovery">system recovery</a> and other things...» Thu, 11 Mar 2010 06:47:25 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Vladimir Katalov http://blog.crackpassword.com/2009/03/pen-testing-with-distributed-password-recovery-and-gpus/comment-page-1/#comment-1552 Vladimir Katalov Mon, 10 Aug 2009 10:49:14 +0000 http://blog.crackpassword.com/?p=22#comment-1552 Garrett, could you explain please? What exactly is incorrect? What type of password has been cracked (in less than 40 second)? I should say that it is NOT possible for NTLM authentication. The following number of passwords in the given range is: (26 + 26 + 10) ^ 12 = 3,226,266,762,397,899,821,056 Single Tesla (S1070) can test about 3 billion passwords per second. Even assuming that your "alfa" software is faster and makes 5 billion p/s, and you have as many as 1000 Tesla units -- trying all possible 12-character mized alphanumeric passwords will take about 20 years. If old-style LM authentication has been used, everything is much simpler, though -- passwords are not case-sensitive, and limited to 14 characters (divided into two 7-character parts). To crack *ANY* LM password, Tesla is not needed at all -- usual desktop PC is enough. Garrett, could you explain please? What exactly is incorrect? What type of password has been cracked (in less than 40 second)? I should say that it is NOT possible for NTLM authentication. The following number of passwords in the given range is:

(26 + 26 + 10) ^ 12 = 3,226,266,762,397,899,821,056

Single Tesla (S1070) can test about 3 billion passwords per second. Even assuming that your “alfa” software is faster and makes 5 billion p/s, and you have as many as 1000 Tesla units — trying all possible 12-character mized alphanumeric passwords will take about 20 years.

If old-style LM authentication has been used, everything is much simpler, though — passwords are not case-sensitive, and limited to 14 characters (divided into two 7-character parts). To crack *ANY* LM password, Tesla is not needed at all — usual desktop PC is enough.

]]>