Saturday, January 15, 2011

Cracking Passwords With a Rented Computer

With a few institutional exceptions most amateur attackers have been always prevented, by limited computing resources, to calculate the billions of computations required to break passwords. That has now changed. Inexpensive access to powerful computing power has become readily accessible to anyone in the world for only a small expense. Cyber crime is costing less and is easy to do. Password cracking software is available.  All it takes is sufficient computing power to apply it, such as the WPA Cracker. * 

The new computing services are based on specialized semi-conductors, which offer Graphics Processing Unit (GPU) capabilities. These have recently begun making computational inroads as a replacement for general-purpose microprocessors that are used for more conventional information processing. GPUs have migrated into computationally intensive applications such as oil exploration, scientific image processing, linear algebra, image reconstruction and stock options pricing determination.

GPU-assisted servers, that were previously available only in supercomputers, can be now rented as a cloud hosting service. ** For instance, a commercial hosting service can be programmed to decode the Secure Hash Algorithm (SHA) that is one of a number of cryptographic codes published by the National Institute of Standards and Technology as a U.S. Federal Information Processing Standard. The SHA-1 is a 160-bit hash function. It was designed by the National Security Agency (NSA) to be a part of the Digital Signature Algorithm. In less than an hour the available  “cracking” software can examine very large tables using several hundred "cloud services" CPU clusters that contain GPU processors.

SUMMARY
It is easy to use Amazon EC2 services to process decryption services on GPU servers. All it takes is a simple log-on and a credit card. Amazon charges 28 cents per minute for such services. It may take only a few minutes to break a password. For such a low price, which costs less than a round of rifle ammunition, DoD is now exposed to attacks from more aggressors.


* http://www.wpacracker.com/
** http://www.infoworld.com/t/data-security/amazon-ec2-enables-brute-force-attacks-the-cheap-447