nanog mailing list archives
Re: gmail security is a joke
From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 27 May 2015 16:20:33 -0400
On Wed, May 27, 2015 at 01:51:35PM -0400, Barry Shein wrote:
Getting a copy of the database of hashes and login names is basically useless to an attacker.
Not any more, if the hash algorithm isn't sufficiently strong: 25-GPU cluster cracks every standard Windows password in <6 hours http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/ Quoting: "Gosney used the machine to crack 90 percent of the 6.5 million password hashes belonging to users of LinkedIn." Consider as well that not all attackers are interested in all accounts: imagine what this system (or a newer one, this is 2.5 years old) could do if focused on only one account. And of course epidemic password reuse means that cracked passwords are reasonably likely to work at multiple sites. And even if passwords aren't reused, there have now been so many breaches at so many places resulting in so many disclosed passwords that a discerning attacker could likely glean useful intelligence by studying multiple password choices made by a target. (We're all creatures of habit.) ---rsk
Current thread:
- Re: gmail security is a joke, (continued)
- Re: gmail security is a joke Aaron C. de Bruyn (May 26)
- Re: gmail security is a joke Scott Howard (May 26)
- Re: gmail security is a joke William Herrin (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke John R. Levine (May 27)
- Re: gmail security is a joke James Downs (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke William Herrin (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke Rich Kulawiec (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke Peter Beckman (May 27)
- RE: gmail security is a joke John Souvestre (May 27)
- Re: gmail security is a joke Jimmy Hess (May 27)
- Password storage (was Re: gmail security is a joke) Robert Kisteleki (May 28)
- Re: Password storage (was Re: gmail security is a joke) Christopher Morrow (May 28)
- Re: Password storage (was Re: gmail security is a joke) shawn wilson (May 28)
- Re: Password storage (was Re: gmail security is a joke) Michael Thomas (May 28)
- Re: gmail security is a joke Saku Ytti (May 26)
- Re: gmail security is a joke Valdis . Kletnieks (May 26)