Friday, December 28, 2007

Popular Game Machine used for password cracking

As I was looking for some information on the web about MD5, I stumbled across this article from PC World Magazine. The article mentions about the efforts of a senior security consultant at an Auckland based security firm, who managed to dramatically increase the processing capability of cracking passwords by use of a Playstation 3.

By use of the PS3's Cell processor technology, the aforementioned security consultant could crack passwords by a factor of a 100 (and that is not a small factor) faster than Intel based processor architecture, for MD5 hashing (Message-Digest algorithm 5), one of the most widely used cryptographic hashing functions. I will not go through the technical details, however brief they are discussed in the article, but I will try to convey the significance of this effort.

As we all know, technology is progressing at increasingly fast paces. Cryptography (and Information Security in general), are not keeping up with it. Although there are cryptographic algorithms and techniques that provide a level of security that is acceptable (and even unbreakable), these are often computationally heavy on the underlying hardware, thus making both encryption and decryption/verification too heavy for most popular devices (a variety of hand held devices use very simplistic encryption/decryption schemes).

Having a $400 gaming machine, that can be outfitted with Linux in the hands of a capable hacker (which most of them are extremely good programmers), that can be turned into a password cracking machine, personal information is starting to become more and more prone to leaking into the wrong hands. As a student, I was told that certain algorithms where good for encryption, as it was, as stated, "computationally infeasible to generate the passphrase from the encrypted text". As it seams, this is not the case any more.

So, better algorithms are needed, and unfortunately, they are needed right now. The general public does not have the luxury of a million dollar security system, but needs their personal information to remain personal. All that can be said in the end is that nowadays, safely surfing the net and surviving is not just for the technologically literate, but also for the very lucky.