It has been known since some time now that the massive parallel architecture of modern GPUs provide enormous acceleration when trying to break encryption- or hashalgorithms: GPUs are (depending on the algorithm and the implementation) some hundred times faster compared to standard quad core CPUs when it comes to brute forcing SHA1 and MD5. The enormous potential can also be seen in the supercomputing business: The Tianhe-1A, leader of the top 500 list of supercomputers, is not only equipped with 14.336 CPUs but also with 7.168 NVIDIA Tesla "Fermi" M2050 GPUs - each of which has 448 cores and 3GB RAM. Until recently, one needed to spend a lot of money to get a small cluster of GPU assisted servers, but Amazon now provides an instance type in it's EC2 cloud that sports two of the GPUs that are also used in the Tianhe-1A, resulting in a cheap way to boot up a cluster of GPU accelerated servers that can be used for own purposes. The first part of the talk will be about the design and the implementation of a massive parallel and GPU assisted environment for breaking encryptions: From generation, the storing and the use of rainbow tables to brute forcing in the cloud. In the second part of the talk the "Cloud Cracking Suite" is introduced: An open source suite designed to demonstrate the performance of breaking several algorithms in the cloud. The 'Cloud Cracking Suite' is splitted in two parts: The server side and the client. The server side consists of especially for the Fermi-architecture optimized, high performance implementations of SHA1 and MD5 with an interface to use them for rainbow table generation or brute forcing as well as a self-configuring Pyrit for WPA database generation. The client side provides an easy to use CLI which allows one to spawn and control a cluster for a specific task. As the server side will be available as a hosted AMI, everyone participating can simply download the client, create an account at the AWS and try it out himself.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.