Amazon EC2 GPU becomes password cracker

By on
Amazon EC2 GPU becomes password cracker

Speedy cracker.

A German security enthusiast, Thomas Roth, has tested Amazon's new supercomputer-like instance to crack SHA 1 hashed passwords.

According to Roth, he cracked 14 one-to-six character passwords using a single instance within 49 minutes.

The SHA 1 hash, developed by the National Security Agency, replaces a password with a random string of characters, ultimately designed to protecting a password.

Amazon launched its new instance this week, describing it as the "nuclear-powered bulldozer that's about 1000 feet wide that you can use for just $2.10 per hour!"

While the new computing power may offer researchers more possibilities in the cloud, graphic processor units have been widely viewed as "democratising" password cracking capabilities.

Importantly, for Roth, Amazon's new instance runs on two NVIDIA Telsa M2050 "Fermi" graphic processor units.

"GPUs are known to be the best hardware accelerator for cracking passwords, so I decided to give it a try: How fast can this instance type be used to crack SHA1 hashes?", Roth wrote on his blog.

"I was able to crack all hashes from this file with a password length from 1-6 in only 49 Minutes (1 hour costs 2.10$ by the way.)"

Roth estimated that adding just one more character to that password, however, would increase the time it took to overcome that encryption with brute force to 77 hours, which would cost around $160.

He was not the first researcher to explore the possibility of harnessing Amazon's EC2 to crack passwords.

Security consultant David Campbell in 2009 worked out the cost to crack passwords using Amazon's then newly-launched 30 cent per hour "spot instance", noting that each new character drove the cost upwards exponentially.

While the cost of cracking passwords may increase with every character, Roth argued that a quarter of all passwords have just "6 lowercase characters".

Depending on the value of a the access an attacker was targeting, he pointed out it would be possible for just $20 per hour to have 10 machines on AWS cracking passwords simultaneously.

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

New Windows 10 users, are you upgrading from...
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista
How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?