As processors become more powerful are seven- character passwords inadequate?
It's been called revolutionary - technology that lends supercomputer-level power to any desktop. What's more, this new capability comes in the form of a readily available piece of hardware, a graphics processing unit (GPU) costing only a few hundred dollars.
Georgia Tech researchers are investigating whether this new calculating power might change the security landscape worldwide. They're concerned that these desktop marvels might soon compromise a critical part of the world's cyber-security infrastructure - password protection.
"We've been using a commonly available graphics processor to test the integrity of typical passwords of the kind in use here at Georgia Tech and many other places," said Richard Boyd, a senior research scientist at the Georgia Tech Research Institute (GTRI). "Right now we can confidently say that a seven-character password is hopelessly inadequate - and as GPU power continues to go up every year, the threat will increase."
For many common passwords, that doesn't take long, said Joshua L. Davis, a GTRI research scientist involved in this project. For one thing, attackers know that many people use passwords comprised of easy-to-remember lowercase letters. Code-breakers typically work on those combinations first.
"Length is a major factor in protecting against brute forcing a password," Davis explained. "A computer keyboard contains 95 characters, and every time you add another character, your protection goes up exponentially, by 95 times."
Complexity also adds security, he says. Adding numbers, symbols and uppercase characters significantly increases the time needed to decipher a password.
Davis believes the best password is an entire sentence, preferably one that includes numbers or symbols. That's because a sentence is both long and complex, and yet easy to remember. He says any password shorter than 12 characters could be vulnerable - if not now, soon.
Link:
http://www.gtri.gatech.edu/casestudy/Teraflop-Troubles-Power-Graphics-Processing-Units-GPUs-Password-Security-System