Ben Gross, immer für fundierte Artikel zum Thema Sicherheit gut, plädiert für bessere Passwörter als Neujahrsvorsatz 2012. Was mich am meisten an seinem Beitrag schockiert, ist wie schnell Brute-Force-Attacken mittlerweile sein können.
Realistically, it’s getting to the point where unless you have a pretty fantastic password, if your password is in a database of poorly hashed passwords then someone with a bit of time can discover it. Why is that you might ask? Whitepixel the purveyors of fine open source GPU accelerated password hashing software report that it currently achieves 33.1 billion password/sec on 4 x AMD Radeon HD 5970 for MD5 hashes. This is fast enough to make rainbow tables (pre-computed hashes for a dictionary attack) much less compelling. If the attacker has any additional personal information this significantly increases the chance of a successful attack since so many people use bits of personal information in their passwords.
33,1 Milliarden Passwörter in der Sekunde!