iTnews

Amazon EC2 GPU becomes password cracker

By Liam Tung, iTnews on Nov 17, 2010 7:35AM
Amazon EC2 GPU becomes password cracker

Speedy cracker.

A German security enthusiast, Thomas Roth, has tested Amazon's new supercomputer-like instance to crack SHA 1 hashed passwords.

According to Roth, he cracked 14 one-to-six character passwords using a single instance within 49 minutes.

The SHA 1 hash, developed by the National Security Agency, replaces a password with a random string of characters, ultimately designed to protecting a password.

Amazon launched its new instance this week, describing it as the "nuclear-powered bulldozer that's about 1000 feet wide that you can use for just $2.10 per hour!"

While the new computing power may offer researchers more possibilities in the cloud, graphic processor units have been widely viewed as "democratising" password cracking capabilities.

Importantly, for Roth, Amazon's new instance runs on two NVIDIA Telsa M2050 "Fermi" graphic processor units.

"GPUs are known to be the best hardware accelerator for cracking passwords, so I decided to give it a try: How fast can this instance type be used to crack SHA1 hashes?", Roth wrote on his blog.

"I was able to crack all hashes from this file with a password length from 1-6 in only 49 Minutes (1 hour costs 2.10$ by the way.)"

Roth estimated that adding just one more character to that password, however, would increase the time it took to overcome that encryption with brute force to 77 hours, which would cost around $160.

He was not the first researcher to explore the possibility of harnessing Amazon's EC2 to crack passwords.

Security consultant David Campbell in 2009 worked out the cost to crack passwords using Amazon's then newly-launched 30 cent per hour "spot instance", noting that each new character drove the cost upwards exponentially.

While the cost of cracking passwords may increase with every character, Roth argued that a quarter of all passwords have just "6 lowercase characters".

Depending on the value of a the access an attacker was targeting, he pointed out it would be possible for just $20 per hour to have 10 machines on AWS cracking passwords simultaneously.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
amazon becomes cracker ec2 gpu networking password security

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Liam Tung, iTnews
Nov 17 2010
7:35AM
0 Comments

Related Articles

  • Amazon turns to Chinese firm on US blacklist to meet thermal camera needs
  • Ubiquiti says cloud-hosted IT systems 'accessed' by unauthorised party
  • US lawmakers to back $2.5b Huawei, ZTE swap-out fund
  • Apple, Amazon, Google partner to make smart home devices more compatible
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Tyro halts trading following week-long outage

Tyro halts trading following week-long outage

Signal to ramp up hiring after WhatsApp controversy drives download surge

Signal to ramp up hiring after WhatsApp controversy drives download surge

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.