RSS Alerts

Related Stories

  • RockYou users display poor password skills
    Social media site RockYou may be the subject of a lawsuit from disgruntled customers after it allowed 32 million of their accounts to be compromised, but new data suggest that many of its users are equally unsavvy when it comes to security, especially password security.
  • Cloud based wireless password crack service launches
    A hacker who found a flaw in the SSL protocol last year has launched a new project that cracks wireless network passwords using a cloud based computing service.
  • Bots used as password crackers
    Botnet machines are being used as password crackers, according to data released by Microsoft on Friday.
  • Find out how to implement least-privilege security management for Linux and UNIX
    A least-privilege security model has its merits, but it can be challenging to implement in for example Linux and UNIX environments where administrators often share passwords to root- or other superuser accounts. Find out how to implement least-privilege security management for Linux and UNIX for free on October 27 at 10am Pacific Time.
  • The Black Art of IT Forensics
    What makes a good digital forensics specialist? Steve Gold looks at some of the latest applications and investigates how the IT forensic investigator’s role has evolved in order to comply with changing customer priorities

News

Solid-state disk drives crack passwords 100 times faster

15 March 2010

Researchers have used solid-state disk drives (SSDs) to crack passwords 100 times faster than using conventional hard drives.

As reported in Heise Security, security firm Objectif Sécurité used the solid-state drives to optimize the use of its rainbow tables for XP password hashes. The company, which developed an open-source password cracking tool called Ophcrack, relies on lots of system resources to carry out computations needed for password cracking.

A password must be stored so that the system can refer to it later, when matching it against an access password entered by a user. In any secure system, a password is not stored in plaintext. Instead, the hash is produced by applying a mathematical function to the password. The hash is then stored in the system, and when a user enters their password to gain access, the same mathematical function is applied. If the second hash matches, then the user is authenticated.

Developments in computational power have enabled security experts to take as many password combinations as possible, and apply the mathematical functions to them in advance. The passwords and the hashes are then stored together in a rainbow table. When the hash for unknown password is presented, it can be searched for in the table, and a match found. However, the search process is very processor-intensive.

Objectif Sécurité pre-computes the intermediate steps associated with calculating a password from its hash, and stores these, to speed up the process. However, this increases the size of the rainbow table, and can make it difficult to stored in memory. Until recently, the only feasible option has been to store the rest of the table on a hard drive, but the relatively slow mechanical nature of a hard drive bogs down the whole process. By storing the rest of the table on solid-state drives, which have no mechanical parts and are much faster than their hard drive predecessors, the process can be dramatically improved.

Solid-state drives are still relatively expensive, although Hamish Macarthur, cofounder of storage market research and analysis company Macarthur Stroud, says that they will decrease drastically in price in the next few years. Performance is pushing people to use SSD for caching purposes. That makes it more attractive, and will also increase capacity,” he said.

Objectif Sécurité offers a demonstration recovery service for any Windows password hash on its website.

 

This article is featured in:
Internet and Network Security IT Forensics

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water