OK. I was concerned that the basic technique of one could be applied to
another.
Jim G
On Sat, 2011-01-15 at 18:47 -0900, Christopher Howard wrote:
> On 01/15/11 15:14, Jim Gribbin wrote:
> > It seems to me if one of these GPU cluster thingies can be used to crack
> > this, it can be used to crack other things as well. A PGP encrypted hard
> > disk for instance.
> >
> > Maybe someone here can explain why I have no reason for concern.
> >
>
> Um... maybe because a PGP encrypted hard disk is a bit different from
> cracking WPA-PSK. Quotes from the article:
>
> "A German white-hat hacker named Thomas Roth claims he has found a way
> to use EC2 and some custom software to crack the password of
> WPA-PSK-protected networks in around 20 minutes. With some tweaks to his
> software -- which tests 400,000 passwords per second using the EC2
> compute power -- Roth said he has could reduce that cracking time to six
> minutes, about $1.68 worth of time on Amazon EC2. (Amazon charges 28
> cents per minute to use its services.). . . .
>
> "Roth attributes the success of his brute-force technique to a weakness
> in SHA-1. In an earlier blog posting, he wrote, "SHA-1 was never made to
> store passwords. SHA-1 is a hash algorithm, it was made for verifying
> data. It was made to be as fast and as collision free as possible, and
> that's the problem when using it for storing passwords: It's too fast!
> ... Instead of hash algorithms, one should use key-derivation functions
> like PBKDF2 or scrypt. Some of these functions hash passwords some
> thousand times and make brute forcing a lot harder."
>
> Brute-forcing /secure/ encryption setups is still pretty much
> practically impossible, even if you /own/ your own dedicated supercomputer.
>
> http://en.wikipedia.org/wiki/Brute-force_attack#Theoretical_limits
> http://www.lockdown.co.uk/?pg=combi
>
> Now, doubtless having instant access to cluster-level computing puts
> /insecure/ setups at greater risk.
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Jan 15 18:56:32 2011
This archive was generated by hypermail 2.1.8 : Sat Jan 15 2011 - 18:56:32 AKST