Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Commercial Software Harnesses Amazon Cloud to Crack Passwords Faster

Mountain View, CA based Passware, Inc., a provider of password cracking and decryption technology, announced this morning that its software now can harness the power of Amazon Elastic Compute Cloud– a highly scalable cloud computing platform – for accelerated password cracking, without the need to buy expensive hardware.

Mountain View, CA based Passware, Inc., a provider of password cracking and decryption technology, announced this morning that its software now can harness the power of Amazon Elastic Compute Cloud– a highly scalable cloud computing platform – for accelerated password cracking, without the need to buy expensive hardware.

How does it work? The company’s Passware Kit Forensic software distributes the time-consuming password recovery process across eight Amazon Cluster GPU instances, each of which has two NVIDIA Tesla Fermi GPU cards – one of the most powerful types of graphic cards.

How much faster is it? The company says that a single Amazon Cluster GPU Instance accelerates the MS Office 2010 password recovery speed by 11 times. Using all of the eight Clusters, Passware Kit Forensic is more than 80 times faster and provides a password recovery speed of over 30,000 passwords per second (the actual speed depends significantly on the Internet connection speed).

(Video of the product in action is below – For a larger version click here to launch in a new window)

The company’s Passware Kit Forensic recovers passwords for more than 180 file types and hard disk images. For many file types, it provides instant password recovery or removal, while for some applications, such as MS Office 2010, that feature a strong encryption algorithm, decryption requires brute-force cracking, which is the slowest approach to password recovery.

Other hardware acceleration methods that Passware Kit uses for brute-force password recovery involve: network distributed password recovery with an unlimited number of computers connected to a single password recovery process, NVIDIA GPU graphic cards, TACC hardware accelerators by Guidance Tableau, and effective usage of multiple CPUs.

“Some types of encryption are so secure that without expensive hardware accelerators, it becomes literally impossible to recover passwords in reasonable time,” said Dmitry Sumin, president of Passware, Inc. “This new feature allows the end user to rent computer time from Amazon for the use of the required hardware. Users now have an option to accelerate the password recovery process without the need to invest into expensive hardware clusters – making powerful password recovery affordable.”

Passware Kit is available now with a suggested price for Forensic edition starting at $795 with one year of free updates. Users must pay for their own AWS Cloud Services directly.

This isn’t the first time Amazon’s cloud services have been used for password cracking, however. Thomas Roth, a security researcher from, Germany, demonstrated his research at the Black Hat conference in Washington, D.C. earlier this year when he showed how his password-cracking software running on Amazon’s servers took could to crack a WPA-PSK protected wireless network in a matter of minutes.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...