[access-uk] Password security!!
- From: Colin r. Howard <colin@xxxxxxxxx>
- To: access-uk@xxxxxxxxxxxxx
- Date: Sat, 14 Aug 2010 11:25:04 +0100
From: "David Pardy" <pardy@xxxxxxxxxxxx>
Date: Sat, 14 Aug 2010 07:43:22 +0100
http://www.bbc.co.uk/news/technology-10963967
Call to improve password security
As computer power gets cheaper it gets easier to crack passwords, suggests
research.
The growing use of graphics cards as surrogate supercomputers could spell
trouble for users of short passwords.
Researchers say the growing number of processors on graphics cards will soon
make it trivial for them to crack short passwords.
A password of seven characters or less will soon be "hopelessly inadequate"
they claim.
The researchers suggest passwords should be at least 12 characters long to
be safe.
Brute force
A team led by Richard Boyd from the Georgia Tech Research Institute has been
investigating what effect the number-crunching power of modern graphics
cards could have on the crackability of passwords.
Many graphics cards employ hundreds of so-called stream processors working
in parallel to render images. Many scientists now use the basic arithmetical
properties of these processors to help crunch through data generated during
experiments.
The number crunching abilities of graphics cards are now comparable to the
multi-million dollar supercomputers built about a decade ago, said Mr Boyd.
The parallel processing systems inside graphics cards are very good at
carrying out so-called "brute force" attacks that effectively try every
possible combination of letters and numbers until the right one is found.
Longer passwords take longer to crack and offer better protection, say the
researchers.
"Right now we can confidently say that a seven-character password is
hopelessly inadequate," said Mr Boyd, "and as GPU power continues to go up
every year, the threat will increase."
A better alternative, he suggested, would be a 12-character combination of
upper and lower case letters, symbols and digits.
Ultimately, suggest the researchers, users may be forced to rely on whole
sentences that are a mix of different sorts of characters to ensure no-one
else can guess their password and get at online services.
This email has been sent to you by Colin Howard, who lives in a small place
about 8 miles east of Southampton in Southern England.
** To leave the list, click on the immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** access-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
Other related posts:
- » [access-uk] Password security!! - Colin r . Howard
