Security Experts:

Commercial Software Harnesses Amazon Cloud to Crack Passwords Faster

Mountain View, CA based Passware, Inc., a provider of password cracking and decryption technology, announced this morning that its software now can harness the power of Amazon Elastic Compute Cloud– a highly scalable cloud computing platform – for accelerated password cracking, without the need to buy expensive hardware.

How does it work? The company’s Passware Kit Forensic software distributes the time-consuming password recovery process across eight Amazon Cluster GPU instances, each of which has two NVIDIA Tesla Fermi GPU cards – one of the most powerful types of graphic cards.

How much faster is it? The company says that a single Amazon Cluster GPU Instance accelerates the MS Office 2010 password recovery speed by 11 times. Using all of the eight Clusters, Passware Kit Forensic is more than 80 times faster and provides a password recovery speed of over 30,000 passwords per second (the actual speed depends significantly on the Internet connection speed).

(Video of the product in action is below - For a larger version click here to launch in a new window)

The company’s Passware Kit Forensic recovers passwords for more than 180 file types and hard disk images. For many file types, it provides instant password recovery or removal, while for some applications, such as MS Office 2010, that feature a strong encryption algorithm, decryption requires brute-force cracking, which is the slowest approach to password recovery.

Other hardware acceleration methods that Passware Kit uses for brute-force password recovery involve: network distributed password recovery with an unlimited number of computers connected to a single password recovery process, NVIDIA GPU graphic cards, TACC hardware accelerators by Guidance Tableau, and effective usage of multiple CPUs.

"Some types of encryption are so secure that without expensive hardware accelerators, it becomes literally impossible to recover passwords in reasonable time," said Dmitry Sumin, president of Passware, Inc. "This new feature allows the end user to rent computer time from Amazon for the use of the required hardware. Users now have an option to accelerate the password recovery process without the need to invest into expensive hardware clusters – making powerful password recovery affordable."

Passware Kit is available now with a suggested price for Forensic edition starting at $795 with one year of free updates. Users must pay for their own AWS Cloud Services directly.

This isn’t the first time Amazon’s cloud services have been used for password cracking, however. Thomas Roth, a security researcher from, Germany, demonstrated his research at the Black Hat conference in Washington, D.C. earlier this year when he showed how his password-cracking software running on Amazon's servers took could to crack a WPA-PSK protected wireless network in a matter of minutes.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.