If you don’t think your passwords suck, the video below will show you in just minutes why you’re wrong. Using a combination of free and readily available files and off-the-shelf graphics processors, thousands of passwords get cracked right before your eyes. Even if you use the oft-cited XKCD method. Below the video, we highlight the problem with the XKCD method, and provide links to all the tools you need to get crackin’!
WHAT YOU’LL NEED
Aside from a brain and the desire to do it this, you can get started with some simple tools, most of them free!
The Free Stuff
First, you’ll need a copy of the open source software called HashCat. Read the explanation on Wikipedia if you like, or just get it on the HashCat website. The tool is somewhat amusingly referred to as a “password recovery tool” instead of a “password hacking tool”. To be fair, it’s both.
Then, you’ll need some password lists and dictionaries. Thanks to the hacks of major sites like MySpace, Facebook, and RockYou, there are tons available on sites like SkullSecurity.org. It probably wouldn’t be hard to find the LinkedIn, AshleyMadison, or eBay lists, but you’re on your own there.
Not Free Stuff
The Do It Yourself Approach
Pretty much the only “not free” part of this is hardware. In the video, they’re using four of these consumer graphics cards, which are mainly aimed at the gamer market. It’s a 12GB card (the EVGA GeForce GTX TITAN X), which is probably at least six to twelve times faster than the one in your computer, depending on how nerdy you are. They’re usually purchased by gamers who play 4K games, so surfaces will render better. You’ll need to know how to rig these things so they’ll actually do what you need, which is another story. Here’s a starter article if you don’t know how.
The “I’m Richer Than God” Approach
Don’t feel like learning about GPU memory addresses, dedicated memory-streams, and data parallelism? No problem! Provided you have about twelve grand laying around. The Lambda Deep Learning DevBox is a plug-and-play Deep Learning GPU workstation development box that has the above cards already installed in a suitable box, with an OS and most of the applications needed to make it all run properly!
The XKCD Problem
You can easily get some experts debating what we’re about to say, but as mentioned in the video at the top, this method is only effective if the person selecting the words selects them intelligently. If all four words are common nouns, the method is considerably less effective than if they’re unique words, and a mix of nouns, verbs, etc.