Sony's PlayStation 3 (PS3) console could be the perfect tool for hackers to crack passwords, according to a security research in New Zealand.
Nick Breese, a senior security consultant at Auckland-based Security-assessment.com, has been working on the 'Crackstation' project for the past six months, abd used the Sony PS3 console for his break-through research. The PS3's Cell Broadband Engine technology, created by IBM, Toshiba and Sony, consists of one scalar processor and eight vector processors.
By design, PS3 is very suitable for cryptography, said Breese. Intel processors are designed to do all kinds of complex calculations, whereas the PS3 is good at doing simple things very quickly. "And believe it or not, cryptography really is simple," he said. "Lots of simple operations being done one at the time."
The strength of cryptography implementations is usually based on its cracking time - how long it would take for someone to sit down and crack it, said Breese. He said that by implementing common ciphers and hash functions using vector computing, he's has pushed the current upper limit of 10 - 15 million cycles per second - in Intel-based architecture - up to 1.4bn cycles per second. His discovery has demonstrated that the capability of cracking encryption algorithms has multiplied by 100.
Breese's discovery "will unfortunately make cryptography cracking faster", he said. However, he hopes that his research will help drive the need for stronger cryptography to be used, and push for better implementations of cryptography.
The big implication for the industry is the fact that using Intel processors as a benchmark just is not good enough anymore, he said.
Within PS3, in Breese's case running Linux, there are six SPU (Synergistic Processing Unit) processor cores. Each core is able to do four calculations - so across all of the cores it is possible to do 24 calculations at the same time, he said. The simplistic design of the processor architecture also helped increase the speed, he said.
Breese was looking for a way to optimise processing to make MD5 calculations go very quickly, he said. MD5 (Message-Digest algorithm 5) is one of the most used cryptographic hash functions. The PS3 managed to conduct over 1.4 billion MD5 calculations a second, he said.
But the speed increase relates to the use of SIMD (Single Instruction, Multiple Data) computing, rather than solely the PS3, he said. "It's just that the Cell processor cluster within the PlayStation 3 is very good at it," he said.
Vector, or SIMD, computing involves performing calculations against a data group, rather than against a single piece of data, which is known as scalar computing, said Breese. Using vector computing allowed him to run cryptography calculations in parallel, he said.
Breese presented his findings at the Kiwicon hacker conference, held in Wellington earlier this month.
"We seem to have a world's first here, with potentially huge implications around the validity of some encryption algorithms going forward," said Security-assessment.com chief executive Peter Benson. "While we have not currently worked on distributing load across PS3s, the theory is there to increase this level of performance further."
The team rewrote some of the code to run under the vector-based methodology, and as soon as they did that they started getting "some pretty spectacular results", said Benson. It took a while before the company decided to release the numbers "because we just didn't believe them," he said.
Breese also increased the speed in x86 processors by using the same method on the x86-equivalent technology known as SSE (Streaming SIMD Extensions), but the increase was not as significant. He found that the x86 SSE2 implementation could conduct over three times the number of MD5 calculations than the scalar equivalent.
Breese said the initial reason for embarking on the research project was to get the company to buy him a PS3.