Sign in with
Sign up | Sign in

Nvidia's Tesla And Amazon's EC2: Hacking In The Cloud

Wi-Fi Security: Cracking WPA With CPUs, GPUs, And The Cloud
By

Cracking passwords works best on a scale exceeding what an enthusiast would have at home. That's why we took Pyrit and put it to work on several Tesla-based GPU cluster instances in Amazon's EC2 cloud.

Nvidia's TeslaNvidia's Tesla

Amazon calls each server a "Cluster GPU Quadruple Extra Large Instance" and it consists of the following:

  • 22 GB of memory
  • 33.5 EC2 Compute Units (2 x Intel Xeon X5570, quad-core, Nehalem architecture)
  • 2 x Nvidia Tesla M2050 GPUs (Fermi architecture)
  • 1690 GB of instance storage
  • 64-bit platform
  • I/O performance: 10 gigabit Ethernet
  • API name: cg1.4xlarge


This machine is strictly a Linux affair, which is why we're restricted to Pyrit. The best part, though, is that it's completely scalable. You can add client nodes to your master server in order to distribute the workload. How fast can it go? Well, on the "master" server, we were able to hit between 45 000 to 50 000 PMKs/s.

Computed 47956.23 PMKs/s total.
#1: 'CUDA-Device #1 'Tesla M2050'': 21231.7 PMKs/s (RTT 3.0)
#2: 'CUDA-Device #2 'Tesla M2050'': 21011.1 PMKs/s (RTT 3.0)
#3: 'CPU-Core (SSE2)': 440.9 PMKs/s (RTT 3.0)
#4: 'CPU-Core (SSE2)': 421.6 PMKs/s (RTT 3.0)
#5: 'CPU-Core (SSE2)': 447.0 PMKs/s (RTT 3.0)
#6: 'CPU-Core (SSE2)': 442.1 PMKs/s (RTT 3.0)
#7: 'CPU-Core (SSE2)': 448.7 PMKs/s (RTT 3.0)
#8: 'CPU-Core (SSE2)': 435.6 PMKs/s (RTT 3.0)
#9: 'CPU-Core (SSE2)': 437.8 PMKs/s (RTT 3.0)
#10: 'CPU-Core (SSE2)': 435.5 PMKs/s (RTT 3.0)
#11: 'CPU-Core (SSE2)': 445.8 PMKs/s (RTT 3.0)
#12: 'CPU-Core (SSE2)': 443.4 PMKs/s (RTT 3.0)
#13: 'CPU-Core (SSE2)': 443.0 PMKs/s (RTT 3.0)
#14: 'CPU-Core (SSE2)': 444.2 PMKs/s (RTT 3.0)
#15: 'CPU-Core (SSE2)': 434.3 PMKs/s (RTT 3.0)
#16: 'CPU-Core (SSE2)': 429.7 PMKs/s (RTT 3.0)

Are you scratching your head at this point? Only 50 000 PMK/s with two Tesla M2050s?! Although the hardware might seem to be under-performing, the results are on the order of a single GeForce GTX 590, which of course is armed with two GF110 GPUs. Why is that?

Nvidia's Teslas were designed for complex scientific calculations (like CFDs), which is why they so prominently feature fast double-precision floating-point math that the desktop GeForce cards cannot match. Tesla boards also boast 3 and 6 GB of memory with ECC support. However, the process we're testing doesn't tax any of those differentiated capabilities. And to make matters worse, Nvidia down-clocks the Tesla boards to ensure the 24/7 availability needed in an enterprise-class HPC environment.

But the real reason to try cracking WPA in the cloud is scaling potential. For every node we add, the process speeds up by 18 000 to 20 000 PMKs/s. That's probably not what most folks have in mind when they talk about the cloud's redeeming qualities, but it does demonstrate the effectiveness of distributing workloads across more machines that what any one person could procure on their own. 

Each GPU cluster instance is armed with a 10 Gb Ethernet link, restricting bidirectional traffic between the master and nodes to 1.25 GB/s. This is what bottlenecks the cracking speed. Remember that a single ASCII character consumes one byte. So, as you start cracking longer passwords, the master server has to send more data to the clients. Worse still, the clients have to send the processed PMK/PTK back to the master server. As the network grows, the number of passwords each additional node processes goes down, resulting in diminishing returns. 

Harnessing multiple networked computers to crack passwords isn't a new concept. But ultimately, it would have to be done differently to be more of a threat. Otherwise, desktop-class hardware is going to be faster than most cloud-based alternatives. For example, about a month ago, Passware, Inc. used eight Amazon Cluster GPU Instances to crack MS Office passwords at a speed of 30 000 passwords per second. We can do the same thing with a single Radeon HD 5970 using Accent's Office Password Recovery.

Display all 80 comments.
This thread is closed for comments
Top Comments
Other Comments
  • 6 Hide
    fstrthnu , August 15, 2011 4:50 AM
    Well it's good to see that WPA(2) is still going to hold out as a reliable security measure for years to come.
  • 9 Hide
    runswindows95 , August 15, 2011 4:52 AM
    The 12 pack of Newcastles works for me! Give that to me, and I will set you up on my wifi! Free beer for free wifi!
  • 9 Hide
    Soma42 , August 15, 2011 4:59 AM
    I think I'm going to go change my password right now...
  • 3 Hide
    Pyree , August 15, 2011 5:10 AM
    runswindows95The 12 pack of Newcastles works for me! Give that to me, and I will set you up on my wifi! Free beer for free wifi!


    Then either beer at your place is really expensive or internet is really cheap. Need 6x12 pack for me.
  • 14 Hide
    compton , August 15, 2011 8:01 AM
    Thanks for another article that obviously took a lot of work to put together. The last couple of articles on WiFi and archive cracking were all excellent reads, and this is a welcome addition.
  • 4 Hide
    Anonymous , August 15, 2011 9:38 AM
    What about the permutations of the words?
    i.e ape can be written:
    ape, Ape, aPe, apE, APe, aPE, ApE, APE.
    Thats 2^3=8 permutations. Add a number after and you get (2^3)*(10^1)=80 permutations.
    You can write PasswordPassword in 2^16=65536 ways.
    How about using a long sentence as a password?
    i.e MyCatIsSuperCuteAndCuddly, thats 2^25 permutations :) 
  • 7 Hide
    molo9000 , August 15, 2011 9:57 AM
    Any word on MAC address filtering?
    Can you scan for the MAC addresses? It's probably easy to get and fake MAC adresses, or it would have been mentioned.


    *scans networks*
    12 networks here,
    1 still using WEP
    10 allowing WPA with TKIP
    only 1 using WPA2 with AES only (my network)
  • 5 Hide
    agnickolov , August 15, 2011 10:50 AM
    Considering my WPA password is over 20 characters long I should be safe for the foreseeable future...
  • 10 Hide
    aaron88_7 , August 15, 2011 11:05 AM
  • 2 Hide
    ojas , August 15, 2011 12:24 PM
    Interesting article, i see that my fortress is safe :) 
  • 3 Hide
    dickcheney , August 15, 2011 1:40 PM
    molo9000Any word on MAC address filtering?Can you scan for the MAC addresses? It's probably easy to get and fake MAC adresses, or it would have been mentioned.*scans networks*12 networks here,1 still using WEP10 allowing WPA with TKIPonly 1 using WPA2 with AES only (my network)


    Same over here. I have a guest though, its a bit weaker than my main network. The guest is a 20 alphanumerical character long WPA2 AES-256bit. My main is 40 character long... Guess I went a bit overboard.
  • 0 Hide
    gokanis , August 15, 2011 1:43 PM
    aaron88_7"12345, that's amazing, I've got the same combination on my luggage!"Still makes me laugh every time!


    One of the best lines in the movie...
  • 1 Hide
    fausto , August 15, 2011 1:46 PM
    i better check on security when i get home
  • 3 Hide
    banthracis , August 15, 2011 1:50 PM
    molo9000Any word on MAC address filtering?Can you scan for the MAC addresses? It's probably easy to get and fake MAC adresses, or it would have been mentioned.*scans networks*12 networks here,1 still using WEP10 allowing WPA with TKIPonly 1 using WPA2 with AES only (my network)


    MAC address filtering is a joke, especially if the network actively broadcasts its SSID. Simple reason, MAC address and IP info is not even encrypted when sent over the air. So, wait for legit user to connect, grab his MAC, spoof MAC address and enjoy.
  • 6 Hide
    acku , August 15, 2011 2:11 PM
    Quote:
    "Why? Because an entire word is functionally the same as a single letter, like "a." So searching for "thematrix" is treated the same as "12" in a brute-force attack."

    This is an extremely wrong conclusion. Extremely wrong.



    If you truly understand programming, then you know that my statement is a comparison of dictionary vs. brute-force attacks. In a dictionary attack, you provide a wordlist, which is used to make unique combination. For a brute-force attack, each letter is randomly selected and joined together in a string. The length of a password has no bearing on the number of KDFs. I suggest that you read Ivan Golubev's blog post and hit up the BackTrack forums if you need help understanding why this is the case.

    Quote:
    "Next Big Bang" do you known what moore's law is? that "All (Printable) ASCII characters" 12 character password will be cracked in your lifetime, possibly with the cpu power of your cell phone.
    in 1982 we had spectrum zx with a z80 cpu running @3.5mhz. now I've an intel E7-8870 with 10cores running @E7-8870. not to mention like you demonstrated that gpu's are far more powerful cracking passwords. Also you can use other programs, pyrit is not the best for cracking with gpu's. Also you can use rainbow tables.
    Your assumption that a WPA2 with 12 characters is safe forever is very wrong and missleading and dangerous. It's the same assumptions that made people believe WEP was ok to use forever. now we can crack wep under 1 minute.


    RISC? That better be distributed if we're going to walk down that path. And as I've explained time and time again, rainbow tables are not valid for this type of attack. I purposely explained why under "Understanding WPA/WPA2."

    Second, I'm not sure what you're using but Pyrit is considered the standard by which other brute-force crackers are measured for WPA/WPA2. It's what's used at DEFCON. Our version has some optimizations, but again, it you go to any of the major security conferences, you'll find that it's what people use.

    Third, WEP is can be broken with relative ease because it's not a brute-force attack that renders it ineffective. It's a related key attack. Any nondirect attack leverages weaknesses in order to compromise a system. That's a different ballpark. We're dealing with cracking at the lowest common denominator.

    Quote:
    What about the permutations of the words?
    i.e ape can be written:
    ape, Ape, aPe, apE, APe, aPE, ApE, APE.
    Thats 2^3=8 permutations. Add a number after and you get (2^3)*(10^1)=80 permutations.
    You can write PasswordPassword in 2^16=65536 ways.
    How about using a long sentence as a password?
    i.e MyCatIsSuperCuteAndCuddly, thats 2^25 permutations :) 


    Permutations of words don't count in a dictionary based attack. I mean com'on. :)  Let's be reasonable. You're either paranoid at this point or too smart. Though, I'd argue that caps on the first letter is easily defeatable.

    Cheers,
    Andrew Ku
    TomsHardware.com
  • 2 Hide
    custodian-1 , August 15, 2011 2:28 PM
    All through history people have tried to lock things if someone locks it someone else will figure how to unlock it. It may me mathematically impossible but it's not the only way. Someone will have to know the password and we are fallible.
  • 0 Hide
    WyomingKnott , August 15, 2011 4:03 PM
    Quote:
    or amateur script kiddies testing their meddle.

    I try to avoid picking on grammar or word errors, since it seems that many of these articles are translated from German. But this is a beauty.

    The phrase is usually "testing their mettle," which the dictionary on Yahoo! defines as "Courage and fortitude; spirit." The usual error on this phrase is the substitution of the word "metal" by spell checkers, dictation software, or people who don't know the origin of the phrase.

    But since these kiddies do indeed "meddle" with out networks, our data, and our lives, the substitution works elegantly.
  • -2 Hide
    jamie_1318 , August 15, 2011 4:17 PM
    Man sucks for all you people who live close enough to there neighbor to worry about their password being hacked. My nearest neighbor is more than 200m away, and than I live in a brick house, so it barely goes out the windows. It would be pretty obvious if some dude was standing outside my house accessing my files.
  • 3 Hide
    djridonkulus , August 15, 2011 4:17 PM
    Why don't they limit the number of authentication attempts like you said in the article like banks? Wouldn't that kill all attempts at brute force hacking?
Display more comments