GPU acceleration brings new security risks

'Brute force' attacks could soon be getting a lot more muscle

The growing integration of graphics processors into normal computational tasks could threaten security protections, according to a new report from the Georgia Tech Research Institute.

The organisation warned that general processing over GPU (GPGPU) platforms could dramatically increase the success rate for 'brute force' password attacks.

GPGPU platforms such as OpenCL have taken off recently as chipmakers and developers seek to harness the power of GPU chips for compute-intensive tasks such as financial analysis or physics modelling.

The multi-threading capabilities of GPU chips could allow an attacker to increase the frequency of new password combinations and log-in attempts, allowing an attack tool to attempt to guess a system password.

The researchers suggested that using the techniques with a normal consumer graphics card could allow an attacker to easily compromise passwords of up to seven characters.

Research scientist Joshua Davis said that passwords under 12 characters could be vulnerable, and that administrators may need to institute alphanumeric passwords the length of entire sentences to keep their systems secured.

Security authentication vendors are pointing to the report as a call to adopt two-factor authentication systems which combine conventional account information with single-use passwords or codes.

"Ultimately, no matter how long and complex you make a password, it can still easily be hacked or stolen by means such as shoulder-surfing or malware," said GrIDsure chief executive Stephen Howes.

"I therefore believe that static passwords have no place in today's connected world, and consumers should be offered more effective alternatives that offer better security without making their lives more complex or inconvenient."