On 10 Dec 2012 at 13:54, Stefan Jafs wrote: > I don't know if you have seen this: > http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-stan > dard-windows-password-in-6-hours/
Heard this discussed on the last SecurityNow podcast. The GPU cluster cracked only the old LanMan hashes, though. The newer NTLM takes a little longer (a few days?). As Schneier says, the attacks only get better. It is my understanding that financial institutions which have case-insensitive short passwords are using the web GUI as an interface to their old mainframe systems, which are not case-sensitive and usually have limited hard-coded password fields. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
