Graphics cards could be used as virtual battering rams to crack the majority of passwords thanks to their incredible parallel processing ability, a team of researchers has claimed.
A group of Georgia Tech researchers has stated that graphics cards now have so much power they can be used to work out many common passwords simply using mathematical brute force, potentially causing a serious security issue in the near future.
"Right now we can confidently say that a seven-character password is hopelessly inadequate - and as GPU power continues to go up every year, the threat will increase," Richard Boyd, a senior research scientist at the Georgia Tech Research Institute has claimed.
Increasingly, GPUs are not just being used for gaming, but also for High Performance Computing (HPC), where huge amounts of data need to be processed in parallel – something that graphics cards are very good at doing.
Since nVidia released its CUDA programming language, and ATI followed up with Stream, it’s been possible to write code to program a GPU directly, enabling full use to be made of the trillions of floating point operations-per-second capabilities of modern graphics cards. This ability to perform an incredible number of repetitive tasks simultaneously using multiple stream cores makes GPUs ideally suited for brute force number cracking, as they can be programmed simply to try one combination after another.
Easy-to-remember, lower-case passwords will be the first to tumble claim Joshua L. Davis, a research scientist working on this project.
"Length is a major factor in protecting against brute forcing a password," Davis said. "A computer keyboard contains 95 characters, and every time you add another character, your protection goes up exponentially, by 95 times."
Adding length, upper case letters, numbers and even symbols will therefore help protect your password. With programs designed to crack codes freely available online, and the availability of relatively inexpensive GPU hardware, it makes sense to start upping those defences now.