US Government Using PS3s To Break Encryption

Entropy98 writes "It seems that the US Immigration and Customs Enforcement Cyber Crimes Center, known as C3, has replaced its '$8,000 Tableau/Dell server combination' with more efficient and much cheaper $300 PS3s. Each PS3 is capable of 4 million passwords per second, and C3 currently has 20 PS3s with plans to buy 40 more. Naturally this is only being used to break encryption on computers seized with a warrant and suspected of harboring child pornography."

Re:What

[Swift+Kick]

You're right. The submitter didn't read the article (or lacked the reading comprehension to understand it).

The article says that "the networked Playstation 3s can process 4 million passwords per second, cutting down on the time necessary to find the correct combination.". Nowhere does it say that a single PS3 can do that.

Re:Is this April 1st?

[Rattenhirn]

On the old (pre slim) PS3, you can install Linux legally and without any hard or soft mods. This was also possible with the old (pre slim, see the pattern?) PS2, if you bought a hard disk.

Re:What

[blueg3]

You usually don't care what the variable encryption scheme is when you're cracking -- typically, there is a method of simply verifying that the password is accurate, which is what they're doing. (Brute-forcing keys is fairly foolish with modern encryption systems, but brute-forcing passwords isn't.)

Re:Nit-picking the article

[Wonko+the+Sane]

Um, only if the person uses characters that can't be typed on a normal keyboard.

If the smart crooks are using any version of Windows then they can access all extended characters from their normal keyboard by holding down the ALT key and typing the character code on the numeric keypad.

I used character 255 back in the Windows 3.1 days to make directories that no one else could figure out how to get in to. (DOS had no problem but windows couldn't handle a file with that character in the name)

This only works on poor passwords

[Khopesh]

I've done a lot of password-cracking math, even toyed with the idea of writing an academic paper on it. Generally, I work on the (generous) assumption that a well-groomed single node can chunk through 100k passwords per second and that things scale perfectly, so 20 nodes would work through 2M passwords per second. They're claiming their 20-node cluster can handle twice that, and I fully believe it. Powerful GPUs are known to perform extremely well on password cracking, and PS3s certainly have them. That's twice the performance for half to a fifth the cost. Nice, but not "OMG."

They plan to scale up to 60 nodes, which is 12M pass/s. To break a 8-character monospace password (37 bits of complexity, which is pretty weak), it would take just under five hours ( 26^8/(12*10^6) /60/60 ). However, to break an 8-character alphanumeric password (case and numbers), that becomes seven months ( (26+26+10)^8/(12*10^6) /60/60/24/365*12 ).

This is only scary when you have a super-intelligent dictionary attack. Scrape the hard drive and any subpoenaed documents for words and add that to a dictionary of common password parts, then perform your dictionary attack -- dreadfully powerful. To avoid falling victim to this, a good rule of thumb is that words are awesome to use, and they're more secure, but they're only about as secure as two random characters (three with a rich vocabulary including 3 or more of: arcane words, uncommon foreign words, uncommon misspelled words, uncommon proper nouns, l33t-speak ...). So that 13-char "secure password" you use that looks like metropolitan8 effectively only has three or four characters to a dictionary attacker, and that clever 14-char password of spageti4dinner has only five or six, depending on how good the attacker's dictionary is at misspelled words. A tip: put punctuation inside your words to break them up (without forming words), e.g. metr[opo;%litan8, and you've pretty much defeated the dictionary attack.

Re:This only works on poor passwords

[bertok]

However, to break an 8-character alphanumeric password (case and numbers), that becomes seven months

Ah... theory!

In practice, even very long passwords are trivially cracked in little time, using simple methods.

Unfortunately, I lost the source, but while studying cryptography myself, I stumbled upon a quote from some guy involved in government decryption in the US, and (paraphrasing), he said that their technique was basically to pick up the hard disk from the machine with the protected content, and then simply try every consecutive range of bytes as a password.

Unless the disk was encrypted with 'whole disk encryption', it works something like 90% of the time, simply because of stupid software saving plain-text passwords, users reusing passwords for various purposes, things like hibernation and page files, etc... I suspect that on disks from corporate networks, it would work even better, because if any one disk reveals the network admin password, you can unlock everything else from there.

So if you have a 100 GB disk, and you try all byte ranges from 4 to 20 bytes long (to account for various password lengths), and you try every byte range as both an ASCII and UTF-16 string, that's merely 17x2x100*10^9 = 3400 billion passwords to try, or 3.2 days at your quoted "12 million passwords per second".

In practice, most disks would crack much faster than that, if you aim the algorithm at the most likely sources first, such as the page and hibernation files, the user registry, and the web browser cache and configuration folders.

The lesson I took away from that is that against an attacker with physical access, it really doesn't make the slightest difference how strong your password is, unless the entire disk is encrypted.

Re:What

[Ash+Vince]

Why do you quote US sentences with other countries? "Innocent until proved guilty" comes from US, and while usually true elsewhere too, you seem to just flame with this shit again.

Sorry to disapoint you but your legal system is only based on ours (I am a UK citizen). The presumation on innocence and the adversarial system you inherited just stems from english common law. Here is a link regarding presumption of innocence:

http://en.wikipedia.org/wiki/Presumption_of_innocence

Here is a link on english common law:

http://en.wikipedia.org/wiki/English_law

For the most part it is a reasonable system so your founding fathers chose not to change too much of it when they threw off the yoke of english rule.

Re:I call sheeninagan on that

[bertok]

That would only works if the password is kept on a temporary file. Otherwise there is no reason whatsoever the password would be anywhere on disk. And that does not work at all if you use a bootable CD.

But that's not how it happens in the real world. Most people don't run their computers from read-only media with the swap turned off!

First of all, there's lots of bad developers out there. Passwords get saved all over the place, in the registry, configuration files, etc... I've seen web sites that were "https", but then put the plain text password into the URL, which is saved in the unencrypted browser history!

Second, even if you store passwords in memory only, the pagefile might still contain it, if a page containing the password was swapped out. It's even more likely with hibernation files, which swap out everything, including kernel space marked as non-pageable.

In theory, there's features like "protected memory" that developers can use to store passwords securely in memory, but this takes a lot of work. In Win32 there's a set of APIs for it, but many developers don't use it, or haven't even heard of it. It's such a low level "buffer manipulation" style API that lots of high-level languages can't or don't use it. It's only recently that C# got support for it, for example, and I don't think Java has anything comparable. Most garbage-collecting languages are vulnerable, because memory can be relocated (copied) at any time, which may prevent buffers from being properly cleared.

One of the worst culprits are those "I forgot my password" web pages that email you your plain text password to your mailbox, so that your email client can then cheerfully write it all over the place. Even if you encrypt your PC's disk, but use corporate email, your password is now in plain text, on the server's disk.

In practice, real security is hard. Very, very hard. As a consultant, I've been to over 100 clients, including major banks and very security sensitive government institutions, and I've only ever seen 2 secure networks: One financial services company, and the internal LAN on the new generation Boeing planes.