Cloud Computing Assists Crypto-Hackers

The following article, published 19 Nov 2010, shows how the powerful resources of the cloud could be used to assist crypto-analysts or, more ominously, determined hackers, in defeating “securely” hashed passwords, or other sensitive information at an affordable cost. It’s worth noting that many of the feedback comments to the article make excellent points concerning the fact that the SHA-1 algorithm is already considered obsolete and there are many strategies for strengthening password protection well beyond the current capabilities of the cloud.  However, the author’s conclusion seems less concerned with the specific test than sharing the idea that very affordable cloud-based resources can provide attackers with new tools and resources not previously available with such ease.  Besides, SHA-1 is still in very common use in business.

The article below also has a title indicating that ‘Strong encryption’ is being defeated using cloud-based resources and this really hasn’t been proven true in the tests performed here as hashing algorithms, such as SHA-1, are neither true encryption nor are they considered strong any longer.  Nonetheless, this article reinforces the idea that businesses must upgrade their security mechanisms to stronger hashes, better encryption and more security-conscious design principles such as padding passwords before hashing to greatly increase the number of permutations (and associated computing) for possible collisions.  Dark Matter Labs’ encryption appliances deliver strong, physically & logically protected encryption, for data at-rest, as well as a wide range of government validated secure hashes.

Topic Article:  http://threatpost.com/en_us/blogs/cloud-makes-short-work-strong-encryption-111910