I previously wrote about the weak passwords most people choose to use. See http://mythoughtsonit.com/?p=279 for a refresher.

There are all kinds of attacks against our passwords. From shoulder surfing to keystroke logging to rainbow tables. What we had going for us is that a brute force attack where a computer guessed all possible combinations of possible passwords took years. Well that timeframe has been greatly shortened with the use of your video cards GPU. GPUs are optimized for mathematics. This gives us some very realistic video in games like Call of Duty: Modern Warfare 2. The GPUs have been getting faster and faster which means better video in game play. It also means that when these processors are used for other tasks such as offline password cracking they do it very fast.

A scary example, from a ZDnet article, illustrates how much this speeds up cracking a password:

Take a password consisting of seven characters, mixed-case/symbols random password like ‘F6&B is’ (note the space), that’s gotta be tough for a bruteforce attack. Right? A CPU will take some 75 days to churn through the possibilities, while a GPU is done with it in 7 hours.

What took 75 days is now only 7 hours – yikes! It is a known issue that short passwords were going to become easy to break as machines get faster and faster. It is just happening faster than previously thought. You may want to move to random 15 character passwords sooner rather than later.

Here is the full ZDnet article: “Cheap GPUs are rendering strong passwords useless”