I’ve made several posts over the past year about the use of GPUs and how they are fundamentally altering our security landscape. I previously discussed issues you might encounter when building a GPU Workstation and just last week I discussed supercomputing with an inexpensive notebook computer that is equipped with the latest generation of nVidia GPU.
Then today I found this article:
Wow! Only 5.9 minutes to crack a 14-character Windows XP password! As the article points out: “Passwords on Windows XP? Not good enough anymore,”
Note that the above benchmark was done on a hash of the password and not on a live system. It is however very common for password hashes to be stolen thus giving the hacker plenty of opportunity to use such a GPU based computer to crack your password with brute force. While this is no doubt a monster machine, that it was built by an individual as opposed to a government agency or corporation says that the barrier of entry to massive supercomputing capacity is now relatively modest. You can be assured that these days the bad guys have no problem getting access to the compute power they need to hack your passwords in minutes. The best you can do is to use the longest possible passwords you can manage and change them often so that by the time they have hacked them you will have something different in place. A password manager such as Keepass will help with this task.