No password is safe from this new 25-GPU computer cluster

The setup uses 25 AMD Radeon graphics cards and can make 350 billion guesses per second. All eight-character passwords fall in hours; some take only six minutes.

Don Reisinger
Former CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger

Your really, really strong password just became a little bit easier to break.

Jeremi Gosney, founder and CEO of Stricture Consulting Group, a company that handles password-cracking, has unveiled a computer cluster boasting 25 AMD Radeon graphics cards. The cluster's horsepower allows it to make 350 billion password guesses per second against the NT Lan Manager (NTLM) security protocol Microsoft has used in Windows Server since 2003.

Ars Technica was first to report on the cluster.

Speaking to Ars in an e-mailed statement, Gosney said that his company's technology "can attack hashes approximately four times faster" than it previously could. Using a brute force method, the cluster is capable of guessing every single eight-character password containing letters, numbers, and symbols in 5.5 hours. If companies use LM, an earlier password option for Windows Server, the cluster can figure out a password in six minutes.

So, how does the cluster do it? According to Ars, the cluster is running Virtual OpenCL, a platform that makes the GPUs believe they're all functioning together in a desktop computer. To actually crack a password, Gosney and his team uses a free password-cracker called ocl-Hashcat Plus.

Password security continues to be a major challenge for consumers, corporations, and online services. A so-called "strong" password, which in most cases wouldn't be broken for days, if not weeks, is now easier and easier to crack with advanced tools. In other words, watch out and create as strong a password as possible.