New Password Cracking Analysis Targets Bcrypt
Cybersecurity firm Hive Systems has released the results of its latest annual analysis on cracking passwords through brute-force attacks.
Hive has been conducting this study for several years and until now it has targeted passwords hashed with the widely used MD5 algorithm. However, MD5 hashes can in many cases be easily cracked and organizations have increasingly turned to more secure algorithms, particularly Bcrypt.
Bcrypt is not the most secure, but based on data collected by Hive from the Have I Been Pwned breach notification service it has been the most widely used in recent years.
That is why Hive has decided to conduct its testing against Bcrypt password hashes, using a dozen NVIDIA GeForce RTX 4090 GPUs.
The tests showed that any password under seven characters can be cracked within hours. In last year’s tests, weak 11-character passwords were cracked instantly using brute force attacks. With Bcrypt, the same 11-character password now takes 10 hours to crack.
Hive’s analysis showed that strong passwords (containing numbers, uppercase and lowercase letters, and symbols) and fairly strong passwords (containing uppercase and lowercase letters) are difficult to crack if they are more than eight characters long — it takes months or years to crack such passwords if they are protected with Bcrypt.
Hive’s study assumes that the attacker has obtained a hash associated with a randomly generated password and attempts to crack it.
“Non-randomly generated passwords are much easier and faster to crack because humans are fairly predictable. As such, the time frames in these tables serve as a ‘best case’ reference point. Passwords that have not been randomly generated would be cracked significantly faster,” the company explained.
Looking for in-depth cybersecurity tips with analysis of the latest threats and scams? Subscribe to our premium newsletter for the information you need to stay secure. Plus get a free copy of our popular "Cybersecurity Starter Guide" to enable you to discover how to keep your systems secure.
Headlines
News
- Majority of Businesses Worldwide are Implementing Zero Trust, Gartner Finds
Almost two-thirds of organizations across the globe have either fully or partially implemented zero-trust strategies, according to a report released Monday by Gartner based on a survey of 303 security leaders.
- Attackers Leverage Black Hat SEO Techniques to Distribute Info-Stealer Malware
Threat actors utilize fraudulent websites hosted on popular legitimate platforms to spread malware and steal data. To evade detection, attackers employ obfuscation methods and checks on referral URLs.
- Report: Security Leaders Braced for Daily AI-Driven Attacks by Year-End
Most businesses are concerned about AI-enabled cyber-threats, with 93% of security leaders expecting to face daily AI-driven attacks by the end of 2024, according to a new report by Netacea.
- Report: Fifth of UK Companies Admit Staff Leaked Data via GenAI
One in five UK companies has experienced sensitive corporate data exposure due to employees' use of generative AI (GenAI), according to a report by cybersecurity services provider RiverSafe.
- ArcaneDoor Hackers Exploit Cisco Zero-Days to Breach Government Networks
The hackers, identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, began infiltrating vulnerable edge devices in early November 2023 in a cyber-espionage campaign tracked as ArcaneDoor.
- Google Ad for Facebook Redirects to Scam
Researchers observed a malicious ad campaign targeting Facebook users via Google search. The ad, which appears at the top of Google search results for the keyword "Facebook," redirects users to a scam page.
- From Water to Wine: An Analysis of WINELOADER
A recent malware campaign used weaponized ZIP files to distribute the WINELOADER malware. The attackers send phishing emails with ZIP attachments that, when extracted, execute a PowerShell script to download and install the malware.
Are you looking to keep ahead of security threats? Subscribe to our premium monthly newsletter for in-depth cybersecurity tips and analysis of the latest threats and scams. New subscribers get a free copy of our Cybersecurity Starter Guide.
Were you forwarded this email? Sign up here to receive this email weekly in your inbox.
|
