Interesting overview at PC Pro on how GPUs combined with utilities like ighashgpu are dramatically slicing into the time needed to brute force even relatively strong passwords,
Increase the password to 6 characters (pYDbL6), and the CPU takes 1 hour 30 minutes versus only four seconds on the GPU. Go further to 7 characters (fh0GH5h), and the CPU would grind along for 4 days, versus a frankly worrying 17 minutes 30 seconds for the GPU.
Now, I cannot imagine anyone managing to mandate a nine-character, mixed-case, random-character password on an organisation. But if you did, and you weren’t hanging from a tree by the end of the first working day, the CPU would take 43 years versus 48 days for the GPU.
He then went on to add in mixed symbols to create “F6&B is” (there is a space in there). CPU will take 75 days, GPU will take 7 hours.
I definitely notice this with end users. For example, for the main password I use for work-related activities, I use a 15-character password and I typically get very strange looks when I’m in a meeting or giving a presentation and people realize just how long the password I’m typing is. Frankly, 15 characters isn’t all that much to type in and remember for a password that I use a couple dozen times a day.
But where I’m most concerned is with encrypted files like my TrueCrypt whole disk encryption. Running TrueCrypt WDE isn’t much use if your password is ‘raspberry’. I wouldn’t dream of using a password of at least 20 characters there, and frankly even that is starting to look a little weak.
Will it work on raeon 6770 or 6490?