Elcomsoft, a Moscow, Russia-based company known for its security and anti-security tools, said this week that it had filed a patent for recovery of lost passwords using graphics processing units (GPUs). Thanks to massive amount of parallel processing engines, graphics chips can speed up password cracking by a factor of up to 25.

Using the “brute force” technique of recovering passwords, it was possible, though time-consuming, to recover passwords from popular applications. For example, the logon password for Windows Vista might be an eight-character string composed of uppercase and lowercase alphabetic characters. There would about 55 trillion (52^8) possible passwords. Windows Vista uses NTLM hashing by default, so using a modern dual-core PC one could test up to 10 000 000 passwords per second, and perform a complete analysis in about two months. With ElcomSoft’s new technology, the process would take only three to five days, depending upon the CPU and GPU.

Preliminary tests using Elcomsoft Distributed Password Recovery, the software that can take advantage of modern GPUs, to recover Windows NTLM logon passwords show that the recovery speed has increased by a factor of twenty, simply by hooking up with a $150 video card’s onboard GPU. ElcomSoft expects to find similar results as this new technology is incorporated into their password recovery products for Microsoft Office, PGP, and dozens of other popular applications.

The massive improvement of the password recovery speed is a direct result of the way modern graphics processors work and their massive multi-threading processing capabilities.

“A[normal computer processor] would read the book, starting at page 1 and finishing at page 500. A GPU would take the book, tear it into a 100,000 pieces, and read all of those pieces at the same time,” said Andrew Humber, a spokesman for Nvidia Corp., in an interview with New Scientist web-site.

Elcomsoft says it took three months to develop code to take advantage of a GPU, and the company plans to introduce the feature into some of its password cracking products over time, it was reported. Currently Elcomsoft Distributed Password Recovery can crack 40-bit and 128-bit encryption on documents and programs from Adobe, Microsoft, PGP, Lotus and so on.