Cheap And Easy Cloud Cracking On The Way
Amazon recently announced a new instance type for their EC2 cloud service that they call the Cluster GPU which has an impressive spec:
22 GB of memory
33.5 EC2 Compute Units (2 x Intel Xeon X5570, quad-core Nehalem architecture)
2 x NVIDIA Tesla “Fermi� M2050 GPUs
1690 GB of instance storage
64-bit platform
I/O Performance: Very High (10 Gigabit Ethernet)
The really interesting part that has got a lot of people interested is the fact that it has two high-powered graphics cards which can be used to do massively powerful parallel computing. Now there are many potential applications for these GPUs — image and video processing, computational biology and chemistry, fluid dynamics simulation, CT image reconstruction, seismic analysis, ray tracing and so on. But what really interests me is the possibility of using these GPU instances for password cracking.
It’s now well-known that using a GPU to crack passwords can reduce the time required from something like 2 months to 3 days, but what happens when you throw one of these new Amazon instances at the problem? And what if it’s not just one instance but a cluster of them that is used to do the massively parallel computation? The sheer computing power that even a small cluster of these machines has available would make short work of cracking all sorts of passwords. Some that come to mind are:
- System Password files which use the MD4, MD5, NTLM or SHA1 algorithms.
- WPA-PSK or WPA2-PSK network passwords (WEP is already trivial to crack).
- Password protected RAR or ZIP files.
- Password protected Microsoft Office or Open Office files.
- Password protected PDFs.
- Encrypted disks
Some people have already tested these GPU instances to crack password hashes and Pyrit has been tested on it (could be used to crack WPA/WPA2). The performance of a single instance is impressive, the cost is equally impressive($2.10 for an hour). Just a few years ago this kind of computing power was only available to organisations that had a large amount of resources such as governments, large corporations and a few universities and research organisations. Now anyone with a bit of technical knowledge and a credit card has access to it.
It’s only a matter of time before someone uses a cluster of these instances in anger to start cracking passwords, in fact I’m sure someone already is. How long will it be before someone releases a commercial service based on this platform?
The only commercial service for password cracking that I’ve found so far is WPA Cracker who claim to have a 400 CPU cluster, however a service that uses a few EC2 GPU instances could blow away the performance of WPA Cracker. We could soon start to see passwords being cracked in just a few minutes with a large enough cluster. I wouldn’t be surprised if it wasn’t long before someone sets up a service like this which integrates nicely into backtrack or some other wi-fi sniffing software that grabs the required wi-fi packets and uploads it to an EC2 cluster that cracks the password in a few minutes.
All of this is a very strong argument for using longer and more complex passwords that are less vulnerable to dictionary and brute force attacks, and one more reason not to assume that your wi-fi network is secure because you are using WPA or WPA2 instead of WEP.