2 posts • joined Tuesday 7th June 2011 16:56 GMT
Correct horse > incorrect math
Unfortunately, Randall has flawed math in that comic. An ATI Radeon HD 5770 running ighashgpu can check over 3.3 billion NTLM hashes/sec. That's 3.3 million times faster than the rate he assumes in the comic. Instead of 44 bits of entropy being 550 years, 44 bits takes less than an hour and a half on a $99 video card.
(550yrs) x (365 days/yrs) x (24 hrs/day) = 4,818,000hrs at 1,000pwd/sec (Randall's calc)
(4,818,000hrs) / (3,300,000) = 1.46hrs at 3.3B pwd/sec (GPU-cracking reality)
And that is for an attacker that resorts to a brute force attack. If you know the password is based off of words, the entropy drops sharply due to shared word roots and letter combinations.
I'm not even going to calculate the effect of renting time on a multi-GPU monster from Amazon, or throwing a botnet at the task.
If you want to really secure something, you can't just use a password anymore. You use multi-factor authentication.
Re: Gosh I love your headline
I agree with needing a headline contest. Coming up with Bin Laden porn titles was fun and this should be too. I'll start us off:
Weiner not hacked, but appears to be circumcised
Weiner's career goes limp
Press has a hard-on for Weiner
Weiner takes a beating in public eye
Fellow Congressmen say Weiner acted like a prick
Weiner caught red-handed
At least 6 fooled around with Weiner online
Weiner caught, feels the pain
Weiner rubs public the wrong way
Slick Willie conducted Weiner wedding