

Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR - edw519
http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

======
tptacek
This isn't "breaking PGP", it's guessing PGP passphrases. If they had guesses
a PGP _key_ using a cluster of virtual machines, that would be news.

~~~
cperciva
_it's guessing PGP passphrases_

Also, if you can brute-force a PGP passphrase using a cluster of EC2
instances, it's trivial to brute-force it in hardware (using FPGAs or,
ideally, ASICs).

If you want to protect something with a passphrase, use scrypt!

~~~
tptacek
No matter how you hash them, passphrases are still pretty secure. If you can
type your PGP passphrase very quickly, you're doing it wrong.

~~~
cperciva
_passphrases are still pretty secure_

... at least until someone comes along with a microphone (or a cell phone) and
exploits the acoustic side channel. :-)

------
bcl
The passphrase is the weak point in PGP. I suppose some people treat it like a
password, which is the wrong approach. It should be much longer and harder
than a normal password.

Their analysis does demonstrate how cost-effective it has become to crack low-
complexity passwords.

------
sharms
They would also need a way to validate the data unless the encryption was
symmetric, I don't think they have tested this out on data they didn't already
have.

~~~
Kadin
They were brute-forcing a PGP-encrypted ZIP archive, which would have been
symmetric encryption.

These kinds of archives were produced by the PGP Desktop application (at least
in earlier versions; I don't know if it still does) and were functionally
similar to using "gpg -c", although the actual file format is/was different
and incompatible.

Had the guy used a public/private keypair for encryption rather than a
password, I suspect the work needed to bruteforce it would be much greater.
But that doesn't look like the situation.

