Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
Network Security
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR

  • From: Howell, Paul
  • Date: Wed Nov 04 13:56:07 2009 
At
http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

Friday, October 30, 2009
Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR
 
Cloud Computing has enabled some interesting projects:  undertakings
that wouldn't have been attempted without the cheap, flexible, easy to
provision and simple to release computing power that "cloud" delivers.

The New York Times used Amazon EC2 and S3 to create PDF's of 15M scanned
news articles.  NASDAQ  uses Amazon S3 to deliver historical stock
information.  We recently tapped into the power of the cloud to perform
brute force password cracking attacks which simply aren't feasible using
traditional IT infrastructure.

We at EA are "pro-cloud" and have been assessing the security of various
incarnations of cloud for some time now.  However, until recently we had
not had an opportunity to leverage the massive scalability that cloud
promises.  That changed a few months ago when we were approached by a
client who needed several PGP ZIP archives decrypted through brute
force.

When faced with the task of brute forcing PGP passphrases, we
immediately thought of Elcomsoft.  We had witnessed the drama at Infosec
2009 in London when PGP had banners removed from Elcomsoft's booth, and
that made a lasting impression.  We downloaded the trial version of
Elcomsoft's Distributed Password Recovery software,  but found that
unfortunately it was not able to properly parse the old PGP ZIP files.

Luckily, Andrey Belenko, the Elcomsoft wizard who gave the world GPU
accelerated password cracking was able to get us a patch for the EDPR
dll which handles PGP ZIP's. We were in business!  Unfortunately,  on a
fast dual core Windows7 box we were looking at something like 2100 days
to brute force a reasonably long complex passphrase for these PGP ZIPs.

This was clearly unacceptable, so we looked to the cloud for salvation.

[...]


------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.