Amazon EC2 GPU becomes password cracker

By on
Amazon EC2 GPU becomes password cracker

Speedy cracker.

A German security enthusiast, Thomas Roth, has tested Amazon's new supercomputer-like instance to crack SHA 1 hashed passwords.

According to Roth, he cracked 14 one-to-six character passwords using a single instance within 49 minutes.

The SHA 1 hash, developed by the National Security Agency, replaces a password with a random string of characters, ultimately designed to protecting a password.

Amazon launched its new instance this week, describing it as the "nuclear-powered bulldozer that's about 1000 feet wide that you can use for just $2.10 per hour!"

While the new computing power may offer researchers more possibilities in the cloud, graphic processor units have been widely viewed as "democratising" password cracking capabilities.

Importantly, for Roth, Amazon's new instance runs on two NVIDIA Telsa M2050 "Fermi" graphic processor units.

"GPUs are known to be the best hardware accelerator for cracking passwords, so I decided to give it a try: How fast can this instance type be used to crack SHA1 hashes?", Roth wrote on his blog.

"I was able to crack all hashes from this file with a password length from 1-6 in only 49 Minutes (1 hour costs 2.10$ by the way.)"

Roth estimated that adding just one more character to that password, however, would increase the time it took to overcome that encryption with brute force to 77 hours, which would cost around $160.

He was not the first researcher to explore the possibility of harnessing Amazon's EC2 to crack passwords.

Security consultant David Campbell in 2009 worked out the cost to crack passwords using Amazon's then newly-launched 30 cent per hour "spot instance", noting that each new character drove the cost upwards exponentially.

While the cost of cracking passwords may increase with every character, Roth argued that a quarter of all passwords have just "6 lowercase characters".

Depending on the value of a the access an attacker was targeting, he pointed out it would be possible for just $20 per hour to have 10 machines on AWS cracking passwords simultaneously.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?