'War Games' mainframe's speed?

[Gomar]

Just re-watched 'WarGames' (1983). Ifcourse, for modern times the whole thing seems silly. However, back in '83 I was really mesmerized and fascinated by all the computer and tech stuff, jargon and gadgets.

Anyway, regarding the military mainframe hacking a code:

http://www.imdb.com/title/tt0086567/trivia?tab=gf

It is "CPE1704TKS"

capital letters and #s means 36 ^ 10 = 3,760,620,109,779,060

"the speed with which the computer breaks the password by brute force, etc) which passed much of the 1983 audience by,"...

but
https://www.grc.com/haystack.htm

says it would take 37.61 seconds; Assuming modern military/NSA/DoD mainframes are 100x faster than those in 1983, thus 3761 secs or 1hour; not bad and within the time frame.
[ifcourse, you need to know that _only_ capitals are used]

However, this is not realistic and probably not correct:

"When WOPR is searching for the launch code, it is shown to be able to lock onto each digit individually. In which case, it would only take 360 tries (one for each letter and digit), to definitely find the entire code."

When cracking there is no locking in to a correct letter (as far as I know); you either have the entire pw or you dont.

 

[TCM]

"Hacking" the launch codes was a plot device and most likely not at all related to any real computing speed back then.

Because a factor of 100 is a totally unrealistic assumption. It's likely to be much much higher.

 

[jjeff1]

A little higher, yes....

Lets assume that the WOPR was the fastest computer in the world, that would be the Cray X-MP, with a top speed of 800 Mega FLOPS.

The current fastest computer in the world is the CRAY XK7, with peak performance of about 27 Peta FLOPS.

So our modern computer is about 27 million times faster.

In terms of password cracking, that password would fall really fast. In 1998!!!, the EFF built a custom password cracker named Deep Crack that cracked a password 20 times as complex (larger key space) in 56 hours.

Modern GPUs and rainbow tables make cracking most passwords trivial. For a couple grand you can build a PC that will crack 4 billion hashes per second. So you can completely test your WPOR keyspace in 11 days.


Realistically though, no one does this. http://xkcd.com/538/

Far easier to use social engineering or security holes to gain access to things you shouldn't; then leverage what you learn about someone from one source (eg your hardforum account) to break into the rest of their accounts (facebook) and learn personal info (their fav sports team, first pet, etc...) to break into their accounts that actually matter (the bank).

So, what does that mean for mom doing online banking and facebook?

- Use a password manager
- Every web site gets a different, randomly generated password, of at least 12 characters
- When a web site asks you for "secret" password recovery questions, LIE TO THEM. Just treat it as another password. Save your lies in your password manager.
- Make sure your password manager password is secure and follows good rules for picking passwords.
- Goggle offers 2 factor authentication. Use it.
- If anything important (bank, insurance, loan, credit card, medical info, etc..) doesn't support strong passwords, get rid of them.
- If anything important doesn't support 2 factor authentication, ask them why not.

The US banking industry really hasn't gotten it, in terms of security. In the UK, they have Chip and Pin, and One Time Passwords for bank access; far more secure.