HPC’s Impact on Cryptanalysis
by K K Hausman
The term “supercomputer” is often used interchangeably with high-performance computing (HPC), but typically refers specifically to the current most powerful computational systems. Since this is a constantly changing target for peak performance, access to a true “supercomputer” is limited to a small group for a short time before the next biggest systems evolve in turn using sophisticated one-off technologies and software solutions.
“Merely” HPC systems are becoming more and more powerful all the time, particularly since the Beowulf distributed computing system was developed for NASA to aggregate the distributed processing power of multiple commodity machines towards a shared purpose. Even globally-deployed systems can be aggregated using solutions such as the Berkeley engine (BOINC) that is behind projects such as Seti@Home or the World Community Grid. The total BOINC processing power of participating systems is roughly twice times that of the current most powerful supercomputer, and made up entirely of volunteer processing power from computers when they are idle and running the BOINC screensaver.
Recent developments in multi-CPU and multi-core processors within even off-the-shelf home computers is rapidly bringing computing power to the average gaming system greater than that of the #1 supercomputer of less than a decade ago. GPGPU (general purpose graphical processing unit) processors in video cards now sport more than 500 cores per chip, while field-programmable gate arrays (FPGAs) can be reconfigured as more than 1,000 special-purpose cores per chip. This processing power can be used for cryptanalysis purposes to break even very secure keys and passwords in an increasingly-short period of time.
Where raw processing power can allow multi-core CPUs to decrypt strong 8-character passwords using products like Cain and Abel in under a year’s time, new GPU-assisted products can bring that to under a day using a small group of commodity systems. FPGA systems are just beginning to enter into common use, but they too can speed up cryptanalytic review. Even rented cloud computing power (very low cost per processor) can be aggregated towards cryptanalysis and decryption.
Because of the rapid escalation of aggregate processing power, the days of simple passwords and transport encryption mechanisms are rapidly approaching the end of their usefulness in protecting valuable data and logons. However, even multi-factor authentication schemes can be rendered ineffective if their primary keys are exposed, as occurred with the popular RSA SecurID tokens. The next generation of cryptographic tools may involve the use of quantum-entanglement, specialized hardware like the Trusted Platform Modules (TPMs), or other more exotic solutions requiring security practitioners to be ever vigilant for emergent options and their implications in the enterprise.