Building a Distributed Network in the Cloud: Using Amazon EC2 to Break Passwords

July 28th, 2016 by Oleg Afonin
Category: «Elcomsoft News», «General», «GPU acceleration», «Hardware», «Software»

Not all passwords provide equal protection. Some formats are more resistant to brute-force attacks than others. As an example, Microsoft Office 2013 and 2016 employ a smart encryption scheme that is very slow to decrypt. Even the fastest available GPU units found in NVIDIA’s latest GeForce GTX 1080 will only allow trying some 7100 passwords per second.

image001

One solution is employing a custom dictionary, possibly containing the user’s passwords that were easier to break. Observing the common pattern in those other passwords may allow creating a custom mask that could greatly reduce the number of possible combinations.

The number of combinations to try might still be in the order of billions, which would take many months or years to try. In these situations, employing multiple computers (each equipped with top of the line GPU acceleration hardware) to run the attack reduces the time required to try all possible combinations. Tools such as Elcomsoft Distributed Password Recovery provide linear scalability with zero overhead, meaning that 5, 10 or 100 computers will break the password 5, 10 or 100 times faster than a single PC. The more computers have joined the attack, the less time is required to finish the job.

This approach works great if you already have a data center equipped with fast hardware. If, however, you were to build a dedicated data center from scratch, you may be shocked with the final bill. Hardware and maintenance costs, electricity and air-conditioning bills (you’ll have to pay for, and dissipate, some 500W per computer) will add up quickly.

For those customers who require the fastest recovery speed without building and maintaining a dedicated data center, we are offering the ability to run Elcomsoft Distributed Password Recovery in the cloud. Using a cloud service means you’re getting a high-performance distributed network without having to build your own data center.

Amazon EC2

Elcomsoft Distributed Password Recovery can be installed into your Amazon EC2 account. Depending on your budget and requirements, Amazon EC2 can easily scale to speed up the job, and can be scaled back when not in use. Elcomsoft Distributed Password Recovery running in an Amazon cloud is a perfect solution for occasional password recovery tasks and one-off jobs.

This is how to build a distributed system for breaking passwords in Amazon EC2.

Selecting EC2 Instances

The first thing to do when building a network for breaking passwords is choosing the type of instances. Since a single GPU unit can work as fast as (if not faster than) 20 to 40 computers without a GPU, we’ll need instances equipped with graphic accelerators. At this time, Amazon offers a single instance type equipped with a GPU: the G2 instances.

amazon-g2

Source: https://aws.amazon.com/ec2/instance-types/

Launching Agents in Amazon EC2 Cloud

Creating EDPR agent in Amazon EC2 is a fast and simple procedure. Please follow these steps:

  1. Install and launch EDPR server. You can do it either on your local server or in EC2 cloud. Server must have external IP address with opened port 12121.
  2. Log in to your EC2 Management Console and click “Instances”.
  3. Select “Ireland” in the region selector:
  4. Press the “Launch Instance” button:
    am1
  5. Choose the virtual machine AMI. Select “Community AMIs” and type “Elcomsoft EDPR agent” in the search box.
    ami
  6. Choose and Instance type. To run EDPR agent fast and effective, you have to choose between g2.2xlarge and g2.8xlarge instance types. g2.2xlarge instance includes one core of NVIDIA K520 GPU and g2.8.xlarge includes 4 cores.am2
  7. Press “Next: Configure instance details”. Expand “Advanced details” and enter your server address and port number in “User data” field.am3
  8. Press “Review and launch”. Review all instance details and press “Launch”.
  9. Select your key pair or create a new one.
  10. Your new instance will launched shortly and after several minutes you will see your new EDPR agent in the console:am4All Amazon agents will be displayed as “WIN-QPVDPA47H57” with different IP addresses.
  11. To launch additional agents simply repeat steps 1-7. New agent will appear on server as soon as a new instance will be started:am5
  12. Please note, that Amazon EC2 instances are charged on the time basis. You have to stop all created instances when you don’t use EDPR to prevent extra charges.

You have just added an Amazon EC2 instance to your distributed network. Repeat the process to add more instances.

Amazon EC2 Performance

At this time (July 2016), Amazon G2 instances employ NVIDIA K520 GPUs based on the Kepler architecture from 2014. With GPU performance doubling every year, you cannot expect these instances to compete with the latest and greatest Pascal-based boards such as NVIDIA GTX 1080. In our tests, each Amazon EC2 instance equipped with 8 GPU cores (g2.8xlarge) is about 2.8 times slower compared to a PC with a single GTX 1080 board. However, you are free to set up as many additional instances as required, and release them as soon as the job is finished. This is what sets Amazon EC2 apart and makes it competitive compared to maintaining a dedicated data center.