Recently, research students at Georgia Tech released a report outlining the dangers that GPUs pose to the current state of password security. There are a number of ways to crack a password, all with their different pros and cons, but when it comes down to it, the limiting factor in all of these methods is processing complexity. The more operations that need to be run, the longer it takes, and the less useful each tool is for cracking passwords. In the past, most recommendations for password security revolved around making sure your password wasn’t something predictable, such as “password” or your birthday. With today’s (and tomorrows) GPUs, this may no longer be enough.
Although the article never mentions them by name, the newest tools in password cracking are based around two tools, nVidia’s CUDA and AMD’s Stream SDKs. These tools allow programs to be written in C that can be broken up and utilize the parallel nature of the hardware that is usually optimized for graphics. GPUs are much better at large-scale mathematical operations than CPUs because of this parallel layout. Chances are, if you have a somewhat recent graphics card, it is probably compatible with either CUDA or Stream, and if you already know C, you have all the tools necessary to get started.
The lesson to learn here, the longer or more complex a password is, generally the safer it is. Because of this, a number of tools, both software and hardware, may become more and more popular, or necessary, to accommodate this need.