General-purpose GPUs (GPGPUs), those silicon over-achievers that can deliver teraflops of computing power, can apparently be used for less noble causes than speeding up medical imaging or optimizing financial portfolios. According to researchers at the Georgia Tech Research Institute (GTRI), high-end GPUs are now able to crack passwords with relative ease. At stake is the whole IT security model, say the researchers.
Of course, the ability to breach password protection has been around for awhile, but it was generally restricted to million-dollar supercomputers. Now that anyone can buy a teraflop-capable GPU for a few hundred dollars, you no longer have to be rich and famous to get into the password-cracking “business.”
And it’s not just the GPU hardware that’s making it easier. GPU computing tools, like NVIDIA’s popular CUDA software makes it relatively easy for programmers to tap into the power of the modern graphics processor. And since password-cracking software is easily found on the Internet, ne’er-do-wells have plenty of material to start with.
In a case study on the GTRI website, the researchers warned that the typical password used nowadays is all but worthless. “Right now we can confidently say that a seven-character password is hopelessly inadequate – and as GPU power continues to go up every year, the threat will increase,” said Richard Boyd, a senior research scientist at GTRI. In fact, according GTRI research Joshua Davis, even 12-character passwords could be vulnerable, if not now, then soon. He believes useful passwords will soon have to be entire sentences.