|

»

Interesting article on password guessing via cloud computing

View: New views

6 Messages — Rating Filter: Alert me

	Interesting article on password guessing via cloud computing by David Shaw :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html This is not, of course, an OpenPGP "crack", but rather high-speed password guessing. The nice thing about cloud password guessing is it enables people to spin up massive cracking farms without actually having to manage the racks and racks of running hardware. David _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users
	Re: Interesting article on password guessing via cloud computing by Josselin Jacquard :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Yes but you're supposed to pay to use ressource on a cloud system arn't you ? Is it usable computing for free ? 2009/11/4 David Shaw <dshaw@...> http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html This is not, of course, an OpenPGP "crack", but rather high-speed password guessing. The nice thing about cloud password guessing is it enables people to spin up massive cracking farms without actually having to manage the racks and racks of running hardware. David _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users
	Re: Interesting article on password guessing via cloud computing by David Shaw :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Nov 4, 2009, at 3:33 PM, Josselin Jacquard wrote: > Yes but you're supposed to pay to use ressource on a cloud system > arn't you ? Is it usable computing for free ? Of course not. Where did anyone say it was free? I said "The nice thing about cloud password guessing is it enables people to spin up massive cracking farms without actually having to manage the racks and racks of running hardware." Running hundreds of machines is difficult and expensive in terms of the physical plant: lots of racks, lots of cooling, lots of electricity, lots of management. Amazon does all that for you (and charges you for it, of course). Given Amazon's size, they can generally do the messy part of managing hundreds of machines (especially since they are virtual machines) cheaper than you can. David _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users
	Re: Interesting article on password guessing via cloud computing by vedaal :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message David Shaw <dshaw () jabberwocky ! com> wrote on 2009-11-04 18:34:49 : >This is not, of course, an OpenPGP "crack", but rather high-speed >password guessing. a trivial way to defeat this, would be to provide each client with a pgp keypair, (physically presented to the client upon the initial transaction agreement), and then encrypt the zipfile to a key and not even use a passphrase what would be even more interesting, is if it could be done in a way that truecrypt uses to protect its encrypted volumes, where the user can choose to use a keyfile as well as a passphrase, but it cannot be determined before decryption if a keyfile, passphrase, both or only one, has been used so, imagine if a client has a zipfile encrypted to both a trivial password and to a pgp key, and it is not determinable from the encrypted file itself, if it was encrypted to a key as well, all the cloud computing resources available will merrily spin themselves into exhaustion ubtil they decide that the passphrase is 'probably too long and complex to crack' vedaal _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users
	Re: Interesting article on password guessing via cloud computing by Robert J. Hansen-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message vedaal@... wrote: > a trivial way to defeat this, An even more trivial way is to use a strong passphrase. It's generally wise to use the smallest hammer necessary to drive in the nail. _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users
	Re: Interesting article on password guessing via cloud computing by Hardeep Singh-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi David Vedaal and everyone This is something even I have thought: this seems to be a sure way to prevent such computing from being able to 'guess' the password. Why is then, parallel computing being haled as the antidote to privacy? Regards Hardeep Singh http://blog.Hardeep.name Sent from Delhi, India On Thu, Nov 5, 2009 at 8:35 PM, <vedaal@...> wrote: > David Shaw <dshaw () jabberwocky ! com> > wrote on 2009-11-04 18:34:49 : > >>This is not, of course, an OpenPGP "crack", but rather high-speed > >>password guessing. > > a trivial way to defeat this, > would be to provide each client with a pgp keypair, > (physically presented to the client upon the initial transaction > agreement), > and then encrypt the zipfile to a key and not even use a passphrase > > what would be even more interesting, > is if it could be done in a way that truecrypt uses to protect its > encrypted volumes, where the user can choose to use a keyfile as > well as a passphrase, but it cannot be determined before decryption > if a keyfile, passphrase, both or only one, has been used > > so, imagine if a client has a zipfile encrypted to both a trivial > password and to a pgp key, and it is not determinable from the > encrypted file itself, if it was encrypted to a key as well, > > all the cloud computing resources available will merrily spin > themselves into exhaustion ubtil they decide that the passphrase is > 'probably too long and complex to crack' > > > vedaal > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@... > http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users