The Daily Parker

Politics, Weather, Photography, and the Dog

Quiet implementations of Moore's Law

Jeff Atwood uses a complaint about how computers have ruined chess forever to make an important point about security:

What's not clear in this table [of exponentially decreasing dollars per gigaflop] is that after 2007, all the big advances in FLOPS came from gaming video cards designed for high speed real time 3D rendering, and as an incredibly beneficial side effect, they also turn out to be crazily fast at machine learning tasks.

Let's consider a related case of highly parallel computation. How much faster is a GPU at password hashing?

Only 155 times faster right out of the gate. No big deal. On top of that, CPU performance has largely stalled in the last decade.

I'd like to emphasize how much it sucks to be an 8 character password in today's world. If your password is only 8 characters, that's perilously close to no password at all. That's also why why your password is (probably) too damn short. In fact, we just raised the minimum allowed password length on Discourse to 10 characters, because annoying password complexity rules are much less effective in reality than simply requiring longer passwords.

Talk about burying the lede. But Atwood is correct; unless you're in the habit (as I am) of using a strong, unique password for every single website, use a set of strong passphrases instead. (The Ars Technica article Atwood cited is pretty good.)

Also, I'm looking for a really good video card now...

Comments are closed