At our talk on Cloud Security at MSPWorld we brought up a number of areas of risk surrounding Cloud Computing. One area that we did not cover was how Cloud Computing is speeding up password cracking.
Cloud Computing offers the ability to access extraordinary amounts of power for a small cost. While it’s a boon for users it also puts password cracking on steroids. Did I also mention that it’s incredibly cheap? For hackers this is a no-brainer; nevermind the harnessing of Cloud Computing Infrastructure to create a BotNet let’s move right into cracking encryption.
Recently, a security technology consultant, Thomas Roth, was able to harness the power of Amazon’s EC2 and Nvidia Tesla Fermi M2050 GPU’s to decipher data that was encrypted using the SHA-1 algorithm. For an investment of $2.10 and 49 minutes Thomas was able to decipher 14 passwords. Of course, for some of you this will not be shocking at all seeing that SHA-1 was first shown to have vulnerabilities in 2005. So what’s my point in all of this?
#1. Hackers can harness more firepower than ever before
#2. Encryption needs to and will get better
#3. People need to stop picking 6 character passwords that are easy to crack.I can’t say enough about creating difficult passwords, it’s frequently overlooked.
Does anyone have a story about weak passwords and security? Please share!