Need more information on passwords in Active Directory environment — password policies, default settings, fine-graining? Then read Windows Passwords: Making them Secure article at WindowsSecurity.com. But we can also recommend using Proactive Password Auditor on a regular basis, to see how secure your passwords really are.

You should be aware that Distributed Password Recovery and Wireless Security Auditor work not only with NVIDIA GeForce cards and Tesla supercomputers (in terms of GPU acceleration), but with professional Quadro cards, too. We never compared the performance of GeForce and Quadro, though. Curious? Then read the Nvidia Quadro FX 4800: Workstation Graphics At Its Finest? article published at Tom’s Hardware today.

As you may guess, it is ATI Radeon HD 4890 X2. It is not available yet, but coming soon. We’re very impatient to try our WPA password recovery software there.

Michael Kassner placed an article about Surveillance Self-Defense in the TechRepublic, where he gives brief outline of the SSD website. Though some can endlessly brood over the grounds for the project foundation, for me one is clear that this site can be very much helpful to put all principal computer security guidelines together and close the gaps in your own security.
(more…)

In case if you missed it: new ATI Catalyst drivers (9.4) now available (you can read the release notes for details). For some reason, some driver files have been renamed (well, not in 9.4, but in 9.3 released a bit earlier, though that version was really buggy and we cannot recommend to use it anyway), and our WPA password recovery (audit) software was not able to recognize Radeon cards anymore.

You’re probably aware that our Distributed Password Recovery works with Lotus Notes ID files (as well as with two dozen other file formats, of course). Some sad news: in latest versions of Notes (8.5), encryption has been improved. In older versions, only 64-bit and 128-bit RC2 options were available, but now you can also use AES (128-bit or 256-bit). Well, encryption itself does not actually matter, but the problem is that password verification routine is not much better (worse?) as well: 5,000/10,000 SHA-1 cycles have been added. EDPR will be updated accordingly to support new format (you can subscribe to our mailing list to be notified), of course, but don’t expect the high recovery speed: we can get several hundred passwords per second only. For older versions of Notes, the speed was ~100,000 passwords per second or higher.

Looks like a very good system for password cracking (using GPU-accelerated Elcomsoft Distributed Password Recovery), isn’t it? Especially assuming that even single GeForce GTX 295 is faster than Intel Octa-Core CPU (to be released later this year).

Welcome to the newly opened, all-new ElcomSoft Blog! In this blog, we shall be covering various issues in the area of computer security. Windows hacks, weak passwords, security weaknesses of well-known products, electronic identity theft, new attacks and algorithms that help or prevent us from cracking certain passwords, and similar issues will be covered.