Praetorian, an Austin, Texas-based provider of information security solutions, has launched a new cloud-based platform that leverages the computing power of Amazon AWS in order to crack password hashes in a simple fashion.
Online at PWAudit.com, the service provides organizations with reports that measure password strength and policy effectiveness to identify potential risks stemming from weak passwords.
“With the click of a button, users can spin up multiple Amazon AWS EC2 instances, with GPU support, to efficiently scale users’ password cracking needs,” the company explained in an announcement.
The cloud-based password cracking service also offers hash management features, such as hash type auto-detection, multi-file upload, and drag-and-drop support, and supports popular hash types, including LM-NT2, MD5, MSCACHE, MS SQL 05, MYSQLSHA1, SHA1, SHA256, SHA512, ORACLE, ORACLE11G, and DES.
Furthermore, PWAudit.com’s context-based wordlist generator lets users to create custom wordlists based on information specific to their organization, such as city, state, zip, and web domain.
PWAudit.com also provides access to over 15 GB of prebuilt wordlists and 9 TB of rainbow tables, the company said.
“Throughout my career, I cannot count the number of times that a site-wide compromise of a client’s environment started with a weak, default or re-used password,” said Joshua Abraham, director of professional services at Praetorian. “Our team has built a solution that addresses these problems by enabling organizations to proactively test their security posture by identifying weak passwords throughout their environment in an ongoing manner.”
PWAudit.com offers interactive reporting which shows users a breakdown of various password types that have been cracked and alerts them to high-risk issues and weak passwords that should to be addressed immediately. ￼
“Passwords are often the frontline of digital defense, but also the weakest link,” Paul Jauregui, vice president of marketing at Praetorian, said. “Password auditing helps organizations demonstrate and manage the inherit risk associated with password-based user authentication.”
The company said that AWS credentials, hash files, cracked passwords, and all other user data are encrypted and stored using security industry best practices, though no specifics on the company’s security practices, or the level and method of encryption used, was provided.
Praetorian is offering the platform free of charge during a beta, but users will stay have to pay Amazon for their AWS usage. According to the company, the estimated cost for PWAudit usage on AWS with GPU support is $2. 20 / hr / GPU.
The service is similar to others such as CloudCracker, a platform built by security researcher Moxie Marlinspike in February 2012.