Need more information on passwords in Active Directory environment — password policies, default settings, fine-graining? Then read Windows Passwords: Making them Secure article at WindowsSecurity.com. But we can also recommend using Proactive Password Auditor on a regular basis, to see how secure your passwords really are.
Archive for April, 2009
You should be aware that Distributed Password Recovery and Wireless Security Auditor work not only with NVIDIA GeForce cards and Tesla supercomputers (in terms of GPU acceleration), but with professional Quadro cards, too. We never compared the performance of GeForce and Quadro, though. Curious? Then read the Nvidia Quadro FX 4800: Workstation Graphics At Its Finest? article published at Tom’s Hardware today.
Technically, Quadro FX 4800 is very similar to GeForce GTX 280. But have a look at the Performance Comparison. On some tests, Quadro is up to 10 times faster than GeForce. Yes, almost the same GPU. Yes, same version of drivers. Amazing. Just note that the retail price on FX 4800 is in $1600-$2000 range. But if it can do password cracking at much higher rate than GeForce (again, we never tried it, sorry), it looks like a good investment.
An article Best Graphics Cards For The Money: April ’09 : March Review/April Updates also worth reading.
Michael Kassner placed an article about Surveillance Self-Defense in the TechRepublic, where he gives brief outline of the SSD website. Though some can endlessly brood over the grounds for the project foundation, for me one is clear that this site can be very much helpful to put all principal computer security guidelines together and close the gaps in your own security.
In case if you missed it: new ATI Catalyst drivers (9.4) now available (you can read the release notes for details). For some reason, some driver files have been renamed (well, not in 9.4, but in 9.3 released a bit earlier, though that version was really buggy and we cannot recommend to use it anyway), and our WPA password recovery (audit) software was not able to recognize Radeon cards anymore.
Well, to make the long story short: simply download the latest ATI Catalyst drivers and updated Elcomsoft Wireless Security Auditor :). Just note that this (new) version of EWSA will not work with drivers version 9.1 or older.
In the meantime, NVIDIA CUDA 2.2 (beta) released. Does that actually matter? Yes, because NVIDIA Tesla C1060 and S1070 are now officially supported on Windows. Besides, we need to have a look at Zero-copy support for direct access to system memory, because it may speed-up the GPU-enabled password cracking on some particular algorithms.
You’re probably aware that our Distributed Password Recovery works with Lotus Notes ID files (as well as with two dozen other file formats, of course). Some sad news: in latest versions of Notes (8.5), encryption has been improved. In older versions, only 64-bit and 128-bit RC2 options were available, but now you can also use AES (128-bit or 256-bit). Well, encryption itself does not actually matter, but the problem is that password verification routine is not much better (worse?) as well: 5,000/10,000 SHA-1 cycles have been added. EDPR will be updated accordingly to support new format (you can subscribe to our mailing list to be notified), of course, but don’t expect the high recovery speed: we can get several hundred passwords per second only. For older versions of Notes, the speed was ~100,000 passwords per second or higher.
Welcome to the newly opened, all-new ElcomSoft Blog! In this blog, we shall be covering various issues in the area of computer security. Windows hacks, weak passwords, security weaknesses of well-known products, electronic identity theft, new attacks and algorithms that help or prevent us from cracking certain passwords, and similar issues will be covered.
Here are the benchmarks for WPA recovery; we’ve run tests on one of the most powerful modern CPUs and a bunch of GPUs. Even GTX 280 outperformed Core 2 Quad Q6600:
Actually this has nothing to do with IT security, though the technique thought of by sharp guys from Princeton seems extraordinary. The research team made their way to identify fingerprints with help of a regular scanner:
This paper presents a novel technique for authenticating physical documents based on random, naturally occurring imperfections in paper texture. We introduce a new method for measuring the three-dimensional surface of a page using only a commodity scanner and without modifying the document in any way. From this physical feature, we generate a concise fingerprint that uniquely identifies the document. Our technique is secure against counterfeiting and robust to harsh handling; it can be used even before any content is printed on a page. It has a wide range of applications, including detecting forged currency and tickets, authenticating passports, and halting counterfeit goods. Document identification could also be applied maliciously to de-anonymize printed surveys and to compromise the secrecy of paper ballots.
Curious pictures publicized by Ed Felton in his blog. It is always challenging to give another life to common things we are surrounded by, similarly we suggested an alternative implementation of video cards and successfully use this technology to speed up password recovery. Inventive minds!