At first blush it seems we're looking at a 100 fold increase in teenage cracking power, according to this piece from the BBC News.
Security researcher Nick Breese used a PS3 to crack supposedly strong eight-character passwords in hours.
Typically, previous attempts to crack such passwords took days to get the same result.
Eight-character passwords are used to protect PDF and Zip files as well as those produced by Microsoft Office.
The work to turn the PS3 into a password cracker was carried out by Nick Breese, who works for Auckland-based Security Assessment.
The Cell processor at the heart of the PS3 is the key to speeding up the time it takes to crack a password.
In a presentation given at the Kiwicon security conference in mid-November, Mr Breese said a powerful Intel chip could crank through 10-15 million cycles per second.
The architecture of the Cell processor meant it could speed through 1.4 billion cycles per second. This speed boost was possible because each Cell chip had several processing cores – each one of which could be effectively trying passwords at the same time.
This was important when attempting “brute force” attacks that go through all possible combinations for a password.
Speaking to the Sydney Morning Herald, Mr Breese said although the PS3 could be used to crack eight-character passwords featuring letters and numbers, stronger encryption systems – such as those used to safeguard web transactions – remained safe.
Mr Breese's research comes soon after work by Russian company Elcomsoft to use graphics cards to speed up password cracking.
Hmmm. Security comes from the multiple circles of defense that protect our resources. So this discovery has many implications.
Amongst other things, it reminds us that password encryption just isn't a solution to problems like the one faced recently by Britain's HMRC. You need approaches that are more structural – partition data and use strong auth.
[Thanks to Richard Turner for pointing me to this story. He loves passwords as much as I do.]
