On 02/04/2015 02:08 PM, Lamar Owen wrote:
3.) Attacker uses a large graphics card's GPU power, harnessed with
CUDA or similar, to run millions of bruteforce attempts per second on
the exfiltrated /etc/shadow, on their computer (not yours).
4.) After a few hours, attacker has your password (or at least a
password that hashes to the same value as your password), after
connecting to your system only once.
Oh, and the program to do this can be found very easily. It's called
'John the Ripper' and has GPU support available:
http://openwall.info/wiki/john/GPU
https://en.wikipedia.org/wiki/John_the_ripper
Again, the real bruteforce danger is when your /etc/shadow is
exfiltrated by a security vulnerability of the type that allows
arbitrary remote code execution or arbitrary file access. Once the
attacker has your /etc/shadow, there is absolutely nothing you can do to
keep said attacker from cracking your passwords at full speed. Well,
nothing except the password strength itself.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
