GPU acceleration brings new security risks

[nsane.forums]

Multi-thread processing could speed up password cracking

The growing integration of graphics processors into normal computational tasks could threaten security protections a report has warned.

Georgia Tech Research Institute has found that general processing over GPU (GPGPU) platforms could dramatically increase the success rate for 'brute force' password cracking.

GPGPU platforms such as OpenCL have taken off recently as chipmakers and developers have sought to harness the power of GPU chips for compute-intensive tasks such as financial analysis or physics modelling.

By utilising the multi-threading capabilities of GPU chips, an attacker could increase the frequency with which new password combinations and log-in attempts are made, allowing an attack tool to attempt to guess a system password.

The researchers suggested that utilising the techniques with a normal consumer graphics card could allow an attacker to easily compromise passwords of up to seven characters.

Reasearch scientist Joshua Davis said that passwords under 12 characters could be vulnerable, and that administrators may need to institute alphanumeric passwords the length of entire sentences in order to keep their systems secured.

Security authentication vendors are pointing to the report as a call to adopt two-factor authentication systems, such as single-use security tokens.

"Ultimately, no matter how long and complex you make a password, it can still easily be hacked or stolen by means such as shoulder-surfing or malware," said Gridsure chief executive Stephen Howes.

"I therefore believe that static passwords have no place in today’s connected world and consumers should be offered more effective alternatives that offer better security without making their lives more complex or inconvenient."

View: Original Article