Posts Tagged ‘passwords’

Surveillance Self-Defense Project fills the gaps in your security policy

Monday, April 13th, 2009

Michael Kassner placed an article about Surveillance Self-Defense in the TechRepublic, where he gives brief outline of the SSD website. Though some can endlessly brood over the grounds for the project foundation, for me one is clear that this site can be very much helpful to put all principal computer security guidelines together and close the gaps in your own security.

ATI, NVIDIA and WPA/WPA2 passwords

Friday, April 10th, 2009

In case if you missed it: new ATI Catalyst drivers (9.4) now available (you can read the release notes for details). For some reason, some driver files have been renamed (well, not in 9.4, but in 9.3 released a bit earlier, though that version was really buggy and we cannot recommend to use it anyway), and our WPA password recovery (audit) software was not able to recognize Radeon cards anymore.

Well, to make the long story short: simply download the latest ATI Catalyst drivers and updated Elcomsoft Wireless Security Auditor :). Just note that this (new) version of EWSA will not work with drivers version 9.1 or older.

In the meantime, NVIDIA CUDA 2.2 (beta) released. Does that actually matter? Yes, because NVIDIA Tesla C1060 and S1070 are now officially supported on Windows. Besides, we need to have a look at Zero-copy support for direct access to system memory, because it may speed-up the GPU-enabled password cracking on some particular algorithms.

Teach Yourself Secure Passwords

Monday, March 30th, 2009

lifehacker has started a series of posts on choosing and using secure passwords. Few days ago they published a list of handy tips from their readers on how to create passwords you can rely on. One of the readers admitted that in a company he works for IT administrators require password change every 30 days and

it just results in workers picking the easiest password that meets the requirements – as in a MM/YYYY-style password.

Sounds like it’s time to rethink password policies. What are your ideas?

Pen Testing with Distributed Password Recovery and GPUs

Thursday, March 19th, 2009

The German c’t magazine (issue 06/09) has published an article about cracking of NTLM-hashes with graphic cards. In this article pen test experts from SySS GmbH bring up a touchy question of how fast an intruder can break into your system. How long should your Windows logon password be, so that you could keep having your beauty sleep?

Elcomsoft Distributed Password Recovery was run on dual-core AMD Athlon X2 4850e, 2.5 GHz, with Nvidia GeForce 9800 GTX installed. The cost of the test system is worth the effort. One can fetch it for only $1K.

Now, what is the outcome?