Amazon EC2 GPU becomes password cracker

By Liam Tung on Nov 17, 2010 7:35 AM
Filed under Security
 

Speedy cracker.

A German security enthusiast, Thomas Roth, has tested Amazon's new supercomputer-like instance to crack SHA 1 hashed passwords.

According to Roth, he cracked 14 one-to-six character passwords using a single instance within 49 minutes.

The SHA 1 hash, developed by the National Security Agency, replaces a password with a random string of characters, ultimately designed to protecting a password.

Amazon launched its new instance this week, describing it as the "nuclear-powered bulldozer that's about 1000 feet wide that you can use for just $2.10 per hour!"

While the new computing power may offer researchers more possibilities in the cloud, graphic processor units have been widely viewed as "democratising" password cracking capabilities.

Importantly, for Roth, Amazon's new instance runs on two NVIDIA Telsa M2050 "Fermi" graphic processor units.

"GPUs are known to be the best hardware accelerator for cracking passwords, so I decided to give it a try: How fast can this instance type be used to crack SHA1 hashes?", Roth wrote on his blog.

"I was able to crack all hashes from this file with a password length from 1-6 in only 49 Minutes (1 hour costs 2.10$ by the way.)"

Roth estimated that adding just one more character to that password, however, would increase the time it took to overcome that encryption with brute force to 77 hours, which would cost around $160.

He was not the first researcher to explore the possibility of harnessing Amazon's EC2 to crack passwords.

Security consultant David Campbell in 2009 worked out the cost to crack passwords using Amazon's then newly-launched 30 cent per hour "spot instance", noting that each new character drove the cost upwards exponentially.

While the cost of cracking passwords may increase with every character, Roth argued that a quarter of all passwords have just "6 lowercase characters".

Depending on the value of a the access an attacker was targeting, he pointed out it would be possible for just $20 per hour to have 10 machines on AWS cracking passwords simultaneously.

Copyright © iTnews.com.au . All rights reserved.


Amazon EC2 GPU becomes password cracker
2 comments in this discussion
"Quote: one-to-six character passwords LOL"
By HubertCumberdale
 
Tags
amazon, ec2, gpu, becomes, password, cracker
Related Articles
Breaking Stories
 
 
Comments: 2
panto
Nov 17, 2010 2:41 PM
 Generate random hashes and match that up with what you're trying to crack? I can do that on my PC for free. Now if you could parallelize the workload of cracking a single hash and spread that across multiple EC2 instances, that would be news!
HubertCumberdale
Nov 17, 2010 3:08 PM
Quote:
one-to-six character passwords

LOL
Comments have been disabled for this article.
 
 
Top Stories
Photos: Google I/O 2013
Photos: Google I/O 2013
Evolution not revolution.
 
Photos: NextDC builds S1 data centre
Photos: NextDC builds S1 data centre
Prepares for September launch.
 
QLD Govt contributed to payroll project 'death spiral'
QLD Govt contributed to payroll project 'death spiral'
Inquiry hears from independent expert.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

Latest Comments
Powered by Disqus
Polls
Do you prefer the Coalition's NBN policy?
   |   View results
Yes
  19%
 
No
  81%
TOTAL VOTES: 1613

Vote
view previous polls »