Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cracking PGP In the Cloud

Posted by kdawson on from the distant-thunder dept.

pariax writes "So you wanna build your own massively distributed password cracking infrastructure? Electric Alchemy has published a writeup detailing their experiences cracking PGP ZIP archives using brute force computing power provided by Amazon EC2 and a distributed password cracker from Elcomsoft."

4 of 167 comments (clear)

  1. Re:And tons of carbon enter the air by slim · · Score: 3, Insightful

    I was under the impression that crypto like PGP was based on stuff which would (in theory) take millions of years to crack even with every machine on earth dedicated to it?

    Yes, but the search space is significantly lower if you assume an password that's 1-8 latin alphanumeric characters, as this exercise did.

    It's still 122 days on 10 VMs. One tenth of that on 100VMs.

  2. Re:And tons of carbon enter the air by psp · · Score: 3, Insightful

    you'd need 28 characters chosen in a true random fashion (think scrabble tiles
    pulled out of a hat) to actually achieve a strength of 128-bit, that matches a
    128-bit crypto or hash algorithm.

    Scrabble tiles would be an exceptionally bad choice.

  3. Not the way of doing it by julesh · · Score: 4, Insightful

    I looked at EC2 for raw processing power earlier this year (my company needs to train a lot of neural nets) and it just isn't worth it, unless you only need the power short term. A high-performance EC2 node gives you 8 cores running at (very roughly) the equivalent of a 2GHz P4, and costs $0.68/hr == about $460 per month, which is only a little less than what an equivalent box (probably a 2.83GHz Core 2 Quad or similar) would cost you. Put power to run that box down at about $0.05 per hour and you can build your own local cluster of equivalent performance for around the same amount of money as you'll save in your first month and a half of operation.

    1. Re:Not the way of doing it by Slashdot+Parent · · Score: 3, Insightful

      Don't forget other cosets: cooling, system administration, datacenter space, backups, racks, switches, KVMs, UPSs, network administration, maintenance, etc.

      No question EC2 is expensive if you plan on fully-utilizing that hardware. But that's why it's called the Elastic Compute Cloud, not the Static Compute Cloud. If your computational needs are static, EC2 is most definitely the wrong tool for the job.

      --
      They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock