A new use for Boinc - password cracking.

[PoppaGeek]

Distributed Password Cracking [Kindle Edition]

Password cracking requires significant processing power which in today?s world is located at a workstation or home in the form of a desktop computer. Berkeley Open Infrastructure for Network Computing (BOINC) is the
conduit to this significant source of processing power and John the Ripper is the key. BOINC is a distributed data processing system that incorporates client-server relationships to generically process data. The BOINC structure supports any system that requires large amounts of data to be processed
without changing significant portions of the structure. John the Ripper is a password cracking program that takes a password file and attempts to determine the password by a guess and check method.
The merger of these two programs enables companies and diverse groups to verify the strength of their password security policy. This thesis goes into detail on the inner workings of BOINC, John the Ripper, and the merger of the two programs. It also details the work required to test the system to its full capability.

Have not tried it yet. Anyone? I think I may give it a shot. Curious.

[PoppaGeek]

Consider a strong password that has special characters, numbers, lower case letters, and upper case letters. This will allow for 95 distinct possible characters. A password that is n characters in length will then have 95n possible password combinations. With an eight-character password there are 6.63x10¹⁵ possible passwords. If you can process 100,000 passwords in a second then it would take about 2,000 years to check every possibility. On average the password can be found in half that time, but this is still far outside the scope of a normal password changing policy. Now consider if 10,000 computers checking 100,000 passwords a second work on that password. The time to check all possible passwords is about 2.6 months. Even with a strong password this is inside the time limits to change passwords for a normal password policy. With more computers working on the password and with the increased speed of computers today it is not unconceivable to have the ability to crack even passwords built with these rules in hours or days"
Distributed Password Cracking by Crumpacker, John R.
http://www.amazon.com/dp/B006GSAPUA

A strong password is not that hard and does not need to be that long. I use 12-15 for banking and shopping and Lastpass to remember them. I also never use the same password. Each is unique so if a web site gets hacked the password they get would not work anywhere else. I also have 3 email address. One for banking and business, one for personal and web sites. One for password recovery for the other 2. The last one is used for nothing else so as it is unknown. Since it is a safe guess I have an email account using poppageek I use a name that is not guessable. It would be very difficult to get the recovery email address.

n0w@y4U2N0myp@33 <- kinda simple but if you use pet names or model number of favorite item like PC case or gun then it is even harder form them easier for you.
H@f69o+i7Gtx78O@h0me <- if someone is targetting you and you have posted PC specs or favorite gun use something else not known.
nZ0e#l@pO033e!mKKJpp <- best

[Evantaur]

does microsoft still whine about passwords that are too secure?

[PoppaGeek]

nah, their bros at NSA got it covered.

[OmegaMerc]

A strong password is not that hard and does not need to be that long. I use 12-15 for banking and shopping and Lastpass to remember them. I also never use the same password. Each is unique so if a web site gets hacked the password they get would not work anywhere else. I also have 3 email address. One for banking and business, one for personal and web sites. One for password recovery for the other 2. The last one is used for nothing else so as it is unknown. Since it is a safe guess I have an email account using poppageek I use a name that is not guessable. It would be very difficult to get the recovery email address.

n0w@y4U2N0myp@33 <- kinda simple but if you use pet names or model number of favorite item like PC case or gun then it is even harder form them easier for you.
H@f69o+i7Gtx78O@h0me <- if someone is targetting you and you have posted PC specs or favorite gun use something else not known.
nZ0e#l@pO033e!mKKJpp <- best

[PoppaGeek]

Forgot to add: use 2 factor authentication where ever possible.

The present password system will be replaced before too long. Google and others are testing different auth systems.



Book is pretty good so far, have not gotten too far into it. Good description of Boinc client/server system and how it all works. All that is available online as well. So far no mention of using GPU for the cracking, CPU only. Hopefully it will be later. Not too interested in using CPU for this. Not interesting. multi GPUS: interesting.

[D_A]

The cracking apps I have make good use of GPU hardware and even modest GPUs can cut brute force cracking time down by 90%. With the use of good rainbow tables and expressions that can be cut down exponentially.
Of course that still relies on decent hardware, just not regular ol' CPUs.