EEJournal

editor's blog
Subscribe Now
August 22, 2013

An Anti-Security Tool for Gray Hats

by Amelia Dalton

We all know that if we want to be able to… well… transgress someone else’s private computer and internet stuffs, there’s a subterranean culture with a dress code involving black hats where, for the right price, you can get all kinds of tools that will open up all kinds of unsavory possibilities. These are the guys our computer security systems are trying to protect us from. They’re the guys your mother warned you about.

If we keep them out of our computers, then we’re ok. Right?

Oh yeah… there’s this NSA thing going around. Scooping up vast quantities of data (the exact amounts of which seem unclear, but all of which estimates seem to qualify as “vast”). Hmmm… and they’re not getting it from our computers, but rather from folks we pay for computer services (or, in some cases, from folks that offer the services for free). We can protect our data on our systems (or so we believe), but once it leaves us and starts traversing the net, we’ve lost control.

OK, not great, but at least we can encrypt our data and password-protect our files. Someone may intercept the transmission, but at least they won’t be able to read the payload, right? Assuming they’re not consorting with the black hats, anyway…

In order for… I’m not sure what to call the NSA types, since they don’t quite seem like white hats. Gray hats perhaps? In order for the gray hats to break into our actual messages, they’d need to figure out the key or some password or something. And that’s hard to crack – intentionally hard, or else it wouldn’t be secure. So we’re OK. Right?

It’s certainly hard to crack passwords and keys, but, given enough computing power, it’s doable. Of course, software takes time to execute, even when using GPUs; something that’s accelerated in hardware would be just the ticket!

And, voilà! Pico Computing has just announced an FPGA-based acceleration system for cracking passwords. Oops! Wait, sorry – “cracking” is an ugly word. “Recovering” is the preferred euphemism. As in, “Bob left the company and didn’t give us his password. How are we going to open his files?” Why, recover the passwords, of course. One obvious corporate use model. How often is that needed? Hard to say. Probably a lot less often than gray hats might want to recover a password, however.

This is where it’s easy to slip into the Land of Evil. Let’s be clear here: I’m not saying Pico Computing or their technology is being evil. (I know, I know: “Technology isn’t evil, People are evil.”) In fact, Pico Computing isn’t really doing the cracking; they’re accelerating tools from a company called Elcomsoft. Elcomsoft focuses specifically on locked documents that require a password to open, so it’s not so much about decrypting encrypted traffic.

Nonetheless, amidst a sea of technology announcements promising security, I think this is the first announcement I’ve seen that gleefully promises to help compromise security. Although they don’t really say it that way, of course… You can see what they do say in Pico Computing’s release.

Leave a Reply

featured blogs
High Debug Productivity Is the FPGA Prototyping Game Changer: Part 1
Sep 21, 2021
Learn how our high-performance FPGA prototyping tools enable RTL debug for chip validation teams, eliminating simulation/emulation during hardware debugging. The post High Debug Productivity Is the FPGA Prototyping Game Changer: Part 1 appeared first on From Silicon To Softw...
More from Synopsys...
This Week in CFD
Sep 20, 2021
As it seems to be becoming a (bad) habit, This Week in CFD is presented here as Last Week in CFD. But that doesn't make the news any less relevant. Great article on wind tunnels because they go... [[ Click on the title to access the full blog on the Cadence Community si...
More from Cadence...
Steampunk Nuts and Bolts
Sep 18, 2021
Projects with a steampunk look-and-feel incorporate retro-futuristic technology and aesthetics inspired by 19th-century industrial steam-powered machinery....
More from Max's Cool Beans...
Megh Computing demos advanced, scalable Video Analytics Solution portfolio at WWT’s Advanced Technology Center
Aug 5, 2021
Megh Computing's Video Analytics Solution (VAS) portfolio implements a flexible and scalable video analytics pipeline consisting of the following elements: Video Ingestion Video Transformation Object Detection and Inference Video Analytics Visualization   Because Megh's ...
More from Intel...

featured video

Product Update: Complete DesignWare 400G/800G Ethernet IP

Sponsored by Synopsys

In this video product experts describe how designers can maximize the performance of their high-performance computing, AI and networking SoCs with Synopsys' complete DesignWare Ethernet 400G/800G IP solution, including MAC, PCS and PHY.

Click here for more information

featured paper

Detect. Sense. Control: Simplify building automation designs with MSP430™ MCU-based solutions

Sponsored by Texas Instruments

Building automation systems are critical not only to security, but worker comfort. Whether you need to detect, sense or control applications within your environment, the right MCU can make it easy. Using MSP430 MCUS with integrated analog, you can easily develop common building automation applications including motion detectors, touch keypads and e-locks, as well as video security cameras. Read more to see how you can enhance your building automation design.

Click to read more

featured chalk talk

PolarFire SoC FPGA Family

Sponsored by Mouser Electronics and Microchip

FPGA SoCs can solve numerous problems for IoT designers. Now, with the growing momentum behind RISC-V, there are FPGA SoCs that feature RISC-V cores as well as low-power, high-security, and high-reliability. In this episode of Chalk Talk, Amelia Dalton chats with KK from Microchip Technology about the new PolarFire SoC family that is ideal for demanding IoT endpoint applications.

Click here for more information about Microchip Technology PolarFire® SoC FPGA Icicle Kit