Stories
Slash Boxes
Comments

SoylentNews is people

Kali Linux Can Now Use Cloud GPUs for Password-Cracking

posted by martyb on Sunday April 30 2017, @06:37PM   Printer-friendly
from the horrect-borse-stattery-caple dept.

Phoenix666 writes:

Think passwords, people. Think long, complex passwords. Not because a breach dump's landed, but because the security-probing-oriented Kali Linux just got better at cracking passwords.

Kali is a Debian-based Linux that packs in numerous hacking and forensics tools. It's well-regarded among white hat hackers and investigators, who appreciate its inclusion of the tools of their trades.

The developers behind the distro this week gave it a polish, adding new images optimised for GPU-using instances in Azure and Amazon Web Services. The extra grunt the GPUs afford, Kali's backers say, will enhance the distribution's password-probing powers. There's also better supoprt for GPU cracking, hence our warning at the top of this story: anyone can use Kali and there's no way to guarantee black hats won't press it into service. And they can now do so on as many GPU-boosted cloud instances as they fancy paying for.

Could some users of Kali Linux technically be called "thugs?"

Original Submission

 
This discussion has been archived. No new comments can be posted.
Kali Linux Can Now Use Cloud GPUs for Password-Cracking | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Interesting) by Anonymous Coward on Sunday April 30 2017, @08:26PM (5 children)

    by Anonymous Coward on Sunday April 30 2017, @08:26PM (#501980)

    Can someone please explain why having a 14 digit complex password is any better than having a 6 letter dictionary word? This is in the context of logging onto my bank account or credit card online. With only 3 tries before getting locked out I can't see any value in a password more complicated than a simple word.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Total Score:   1  

  • (Score: 2) by rigrig on Sunday April 30 2017, @09:10PM (1 child)

    by rigrig (5129) <soylentnews@tubul.net> on Sunday April 30 2017, @09:10PM (#502000) Homepage

    Because once someone seriously wants to target that bank they'll start brute forcing logins, locking out lots of customers. Then the bank has to choose between leaving all those customers unable to login, or disabling their three-strike policy...

    --
    No one remembers the singer.

    • (Score: 2) by hendrikboom on Monday May 01 2017, @01:49AM

      by hendrikboom (1125) on Monday May 01 2017, @01:49AM (#502093) Homepage Journal

      The three-strike rule is particularly difficult for people with disabilities, such as Parkinson's disease. They simply cannot type the password correctly in only three tries.

  • (Score: 2) by http on Sunday April 30 2017, @11:50PM (1 child)

    by http (1920) on Sunday April 30 2017, @11:50PM (#502052)

    It isn't.

    But it makes for great security theatre [xkcd.com].

    --
    I browse at -1 when I have mod points. It's unsettling.

  • (Score: 2, Informative) by davidjohnpaul on Monday May 01 2017, @01:11AM

    by davidjohnpaul (5377) on Monday May 01 2017, @01:11AM (#502076) Homepage

    There's an issue if the bank's password file/database is obtained by an attacker - they can then attempt to hack it while bypassing the "3 tries" rule, and dictionary words are much easier to try first. Hopefully the bank's just storing stretched, salted passwords, but that's impossible to know.
    Of course, if somebody does get access to your bank's password file/database, there's likely to be bigger problems...