![]() There was quite a bit of unnecessary data in the raw SQL dump, like user email and IP addresses. ![]() Hopefully, this illustrates just how easy it is for anyone with a modern GPU to crack hashes after a database has leaked. That's an estimated 1,949,600,000 (~2 billion) password attempts per second. After discovering the dataset of 1,100 hashed passwords was using vBulletin, a popular forum platform, I ran the Hashcat benchmark again using the corresponding ( -m 2711) hashmode: hashcat -b -m 2711 In fact, most provide very poor protection against such brute-force attacks. Not all encryption and hashing algorithms provide the same degree of protection. Imagine 18 Intel i7 CPUs brute-forcing the same hash simultaneously - that's how fast one GPU can be. The equivalent of 155.6 kH/s is 155,600 password attempts per seconds. Hashcat (v4.1.0) starting in benchmark mode. But here's a Hashcat benchmark ( -b) against WPA2 hashes ( -m 2500) using a basic AMD GPU: hashcat -b -m 2500 To someone unfamiliar with brute-force attacks, that might seem like a lot. That's 8,560 WPA2 password attempts per second. To give readers some idea of how much faster GPU-based brute-force attacks are compared to CPU-based attacks, below is an Aircrack-ng benchmark ( -S) against WPA2 keys using an Intel i7 CPU found in most modern laptops. Many Null Byte regulars would have likely tried cracking a WPA2 handshake at some point in recent years. ![]() Step 3: Putting Brute-Force Attacks into Perspective
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |