This is insane for password cracking. I've been trying to get Pyrit working on the Centos image but have been having trouble compiling it. An 8 node cluster with Teslas is going to bring WPA-PSK cracking down to where WEP was a few years back for those who can afford it.
This is an incredibly disruptive thing for Amazon to do. They've just brought near-government grade crypto-breaking capabilities to the mass market.
I suspect the NSA doesn't care too much about bang-for-buck. 22nm FPGA's [1] seem like they would work pretty well.
In an interesting twist, The Register claims that Achronix's decision to use Intel was driven in part by national security considerations. We've reported extensively on the idea that chips fabbed overseas in insecure facilities could contain hidden kill switches or backdoors that would let an opponent cripple the US military, and Achronix allegedly wants to be able to sweeten its pitch to military customers by offering a home-grown solution.
Those are particularly interesting because they're asynchronous FPGAs -- they use local handshaking rather than a global clock to keep everything synchronized. That should make them easier to port to new, smaller process nodes, and they say it's responsible for their unusually high throughput.
Cool stuff, and all the more intriguing considering that Intel's getting involved.
I suspect the NSA doesn't care too much about bang-for-buck.
Bang-for-buck is pretty much the name of the game in brute-force cracking. You're right that NSA probably doesn't have any budget constraints, but they'd still be interested in getting the most hashes/second possible out of $10 million.
One would imagine that this isn't even remotely close to what government agencies have in terms of crypto breaking power. Don't underestimate what a basically unlimited budget can buy you.
For every instance you an go out and get they probably have a football field sized room full of stuff twice as fast.
Please don't assume that I'm referring to the US Government. I'm not referring to any specific government, just the concept in general.
The major powers have particularly good access to kit and people. There's a significant number of countries for whom this is actually more than they have (in fact I know of two or possibly three countries where the full capabilities definitely supercede existing ministry of interior type capabilities).
> I've been trying to get Pyrit working on the Centos image but have been having trouble compiling it. An 8 node cluster with Teslas is going to bring WPA-PSK cracking down to where WEP was a few years back for those who can afford it.
Are there legitimate uses for password cracking or is this about getting access to other people's accounts?
At my day job we mostly do penetration testing and incident response. Sometimes we need to crack passwords so we have these huge files called rainbow tables that can be used to look up a very high percentage of possible passwords for given algorithms, but aren't infallible and take time to search.
We sometimes crack passwords to do a password strength audit. Sometimes dictionaries aren't really enough (as someone might have chosen an obvious word in another language) so it's easier to just crack the passwords, automate analysis of the obvious and then scan through anything left behind.
WPA-PSK cracking is particularly useful in the UK Local Government sector, where local government in most cases needs to have an annual penetration test, often including their wireless networks. A lot choose WPA-PSK because it doesn't mean spending money on a full-blown wifi network.
The other thing we use password cracking for is when we do incident response work. Sometimes people encrypt things like documents or use PGP containers. This isn't quite making PGP cracking feasible, but certainly the majority of encrypted word documents should be doable with this.
This is an incredibly disruptive thing for Amazon to do. They've just brought near-government grade crypto-breaking capabilities to the mass market.