Jeremi Gosney, a respected researcher with a penchant for cracking codes, has released a report, the second one he’s done, detailing what it takes to crack any eight-character Windows password within six hours. He actually outdid himself, as he already accomplished a similar feat, only it took a full 24 hours to crack it. Gosney’s humble setup only costs $20k – 25 AMD GPUs formed into a computing cluster. A specific setup involving those GPUs and several other components(20 rack units of space in a server room, for example) will enable you to brute-force any eight character Windows password through deciphering its NTLM hashes in a matter of half a day.
Fortunately, Microsoft no longer advocates the NTLM system any longer, and does not implement it withing Active Directory logins. Sophos brought up an important point about this, however — Consumers and Small Businesses should take heed, as most D-I-Y network setups using an ad hoc network without Active Directory or a Domain will be a target.
Those getting by with meager networking means should begin utilizing Active Directory in order to offset this, as the average hacker can still crack a password with network access and a few days’ worth of sniffing around. More importantly… ‘Password’ is NOT a good password. Your name followed by ‘123’… that, too. Both are horrible examples. If they are that easy for you to memorize, imagine how easy it is for a deviant to use that. This article is a wonderful testament to the top 50 password choice we all need to avoid.
Passwords should be a combination of lowercase, uppercase, numbers & letters. Also, choose a password that represents the first letter of every word in a sentence. For example, let’s use our friend Bill Withers and the opening lines of “Ain’t No Sunshine” – Ain’t no sunshine when she’s gone. Translate that into a password by typing something like “@n$w$g” – “@in’t no $unshine w $he’s gone”. Te chances of cracking that decreases by about 1,000,000 for every extra character you throw into the mix. Inputting simple characters is like leaving your door closed, but unlocked. For further insight into how to safeguard your network, leave a message here!