[CentOS] Another Fedora decision
Lamar Owen
lowen at pari.edu
Wed Feb 4 19:16:15 UTC 2015
On 02/04/2015 02:08 PM, Lamar Owen wrote:
>
> 3.) Attacker uses a large graphics card's GPU power, harnessed with
> CUDA or similar, to run millions of bruteforce attempts per second on
> the exfiltrated /etc/shadow, on their computer (not yours).
> 4.) After a few hours, attacker has your password (or at least a
> password that hashes to the same value as your password), after
> connecting to your system only once.
Oh, and the program to do this can be found very easily. It's called
'John the Ripper' and has GPU support available:
http://openwall.info/wiki/john/GPU
https://en.wikipedia.org/wiki/John_the_ripper
Again, the real bruteforce danger is when your /etc/shadow is
exfiltrated by a security vulnerability of the type that allows
arbitrary remote code execution or arbitrary file access. Once the
attacker has your /etc/shadow, there is absolutely nothing you can do to
keep said attacker from cracking your passwords at full speed. Well,
nothing except the password strength itself.
More information about the CentOS
mailing list