WILL CLOUD BE EVIL?

Cloud computing, beside the other thousand of other meanings, refers to the possibility of running applications, or websites, on different virtualized hosts, with the benefit of scaling the need for CPU and memory instantly. The business model is in use now is a pay per cycle. Cost depends on the number of CPU cycles and the CPU-time consumed.

Thomas Roth, is a german guy who has cracked SHA-1 password with rented distributed CUDA computing. Although SHA-1 160bit is thought to be,relatively, insecure, it is still used for SSL and other important implementations. This sounds even more ironic if we consider that most of the SSL CA using MD5 when Sotirov et al, in 2009, managed to crack SSL through MD5 collisions, switched over to SHA-1 few days later.

New cloud cracking services are coming up. The most notorious is Moxie Marlinspike’s wpacracker.com, offering the rental of 400 CPU’s cluster to crack WPA passwords. English and German dictionaries are available or, in general, the digits dictionary can be used, which contains all 100 million permutations of passwords composed of 8-character long digits. Cost of the service is just $17, to have a response of 40 minutes at worst.

Source of Information :  Hakin9 November 2010

WILL CLOUD BE EVIL?