Password security threatened by powerful GPUs

13 Aug 2010

The growing ability to run a graphics card as a parallel processor to the GPU has made short passwords “hopelessly inadequate,” according to new research.

A study from Georgia Tech Research Institute (GTRI) has seen that this new calculating power can help attackers crack passwords much easier in order to gain access to other computers or networks.

“We’ve been using a commonly available graphics processor to test the integrity of typical passwords of the kind in use here at Georgia Tech and many other places,” said Richard Boyd, a research scientist at the GTRI.

“Right now we can confidently say that a seven-character password is hopelessly inadequate – and as GPU power continues to go up every year, the threat will increase.”

Parallel computing allows data to be divided between multiple cores, which can handle different parts of the data simultaneously.

They were previously difficult to use for anything beyond producing graphics, however, in February 2007, Nvidia released a software development kit that let users program a GPU using C programming language.

Parallel computing is now much more accessible, but its power could pose a large threat to online password protection.

The research group states that a password should be at least 12 characters long and would preferably contain different characters, numbers and cases to make it more secure.

“A computer keyboard contains 95 characters, and every time you add another character, your protection goes up exponentially, by 95 times,” said Joshua L. Davis, another GTRI research scientist involved in this project.

Ideally, they recommend that passwords should be full sentences in order to make them more complex yet easy for the user to remember.