New challenges to password protection from cloud computing services

But, according to David Campbell, a security expert, hackers who use Amazon's cloud-computing services for password brute-force hacking, even if they don't use the combination of uppercase and lowercase letters that security experts recommend, It may also be impossible to use this service to crack a 12-bit length password for reasons of high cost. At present, Amazon provides users with a cloud computing network service called EC2, which is billed hourly. And if this service is to be used to brute force a 12-digit password, the hacker needs to pay a service charge of more than 1.5 million dollars. However, if the length of the password is shortened to 11 digits, then a service charge of less than 60,000 dollars will be required, while a 10-digit password will incur less than $2300. According to traditional security recommendations, it is safer to use uppercase and lowercase letters in a password, but according to recent research, the elevated security level is not as great as we think, and the number of digits in the password improves the security of the password. Using this hybrid form of 10-digit password only need to pay less than 60,000 U.S. dollars service charge, you can use EC2 cloud computing services brute force crack success. A 11-digit password would cost 2.1 million dollars. And if the length of the password is shorter, even if the user in the password to use such as "!@#$%" such as rare characters, brute force to crack the password is also easier. The cost of using the EC2 to calculate the 8-bit length of this password is about 106,000 dollars. The full text of this analytical article can be accessed by clicking on this link. This article is based on a study by SensePost security advisor Haroon Meer at the Black Hat conference earlier this year. In this article, Campbell introduces a way to use Amazon EC2 Cloud services to brute force and steal user credit card passwords. "As the Black Hat group has started to exploit supercomputing services such as cloud computing, our safety management technicians need to rethink some of the security details that we've overlooked in the past," he said. Hackers who steal credit cards from users can use the money in these cards to buy powerful machines that are even more powerful than the supercomputers in the national security apparatus. "Although Amazon has limited computing power to a single user, the hackers have a way of using multiple stolen credit card accounts to log into cloud computing services simultaneously." Cambell in this assumption is a very simple algorithm: in calculating the cost of violent cracking of a 8-digit cipher, he simply sets the number of violent cracking to 26 8 times, so that, with uppercase letters and 10 Arabic numerals, the number of violent cracking becomes (26+26+ 10) of the 8-time party. And his password-cracking software can be violently calculated 9.36 billion passwords per hour, dividing 62 of the 8 to 9360 million, then multiplied by the service charge of the EC2 service, 30 cents per hour, so that the cost calculation for the brute force to crack 8-bit full-letter passwords is: ((26+26+10) ^8/ 9,360,000,000 *. 30. And brute force. The cost of composing passwords from 12-bit uppercase and lowercase letters + Arabic numerals is ((26+26+10) ^12/9,360,000,000) *. 30 using cloud computing services instead of setting up maintenance servers in a company, is obviously good for saving the cost of the enterprise. But now it seems that the biggest beneficiaries of cloud computing services are groups such as hackers. Not so long ago, security experts were reassured by the length of the 102-bit RSA password. But with the development of computer technology, there are more and more security experts willing to use 2048-bit password length. And now cloud computing is also starting to join the campaign to provide services for password-cracking technology, and it is time to rethink and modify some of the traditional security measures.