EEJournal

editor's blog
Subscribe Now
August 22, 2013

An Anti-Security Tool for Gray Hats

by Amelia Dalton

We all know that if we want to be able to… well… transgress someone else’s private computer and internet stuffs, there’s a subterranean culture with a dress code involving black hats where, for the right price, you can get all kinds of tools that will open up all kinds of unsavory possibilities. These are the guys our computer security systems are trying to protect us from. They’re the guys your mother warned you about.

If we keep them out of our computers, then we’re ok. Right?

Oh yeah… there’s this NSA thing going around. Scooping up vast quantities of data (the exact amounts of which seem unclear, but all of which estimates seem to qualify as “vast”). Hmmm… and they’re not getting it from our computers, but rather from folks we pay for computer services (or, in some cases, from folks that offer the services for free). We can protect our data on our systems (or so we believe), but once it leaves us and starts traversing the net, we’ve lost control.

OK, not great, but at least we can encrypt our data and password-protect our files. Someone may intercept the transmission, but at least they won’t be able to read the payload, right? Assuming they’re not consorting with the black hats, anyway…

In order for… I’m not sure what to call the NSA types, since they don’t quite seem like white hats. Gray hats perhaps? In order for the gray hats to break into our actual messages, they’d need to figure out the key or some password or something. And that’s hard to crack – intentionally hard, or else it wouldn’t be secure. So we’re OK. Right?

It’s certainly hard to crack passwords and keys, but, given enough computing power, it’s doable. Of course, software takes time to execute, even when using GPUs; something that’s accelerated in hardware would be just the ticket!

And, voilà! Pico Computing has just announced an FPGA-based acceleration system for cracking passwords. Oops! Wait, sorry – “cracking” is an ugly word. “Recovering” is the preferred euphemism. As in, “Bob left the company and didn’t give us his password. How are we going to open his files?” Why, recover the passwords, of course. One obvious corporate use model. How often is that needed? Hard to say. Probably a lot less often than gray hats might want to recover a password, however.

This is where it’s easy to slip into the Land of Evil. Let’s be clear here: I’m not saying Pico Computing or their technology is being evil. (I know, I know: “Technology isn’t evil, People are evil.”) In fact, Pico Computing isn’t really doing the cracking; they’re accelerating tools from a company called Elcomsoft. Elcomsoft focuses specifically on locked documents that require a password to open, so it’s not so much about decrypting encrypted traffic.

Nonetheless, amidst a sea of technology announcements promising security, I think this is the first announcement I’ve seen that gleefully promises to help compromise security. Although they don’t really say it that way, of course… You can see what they do say in Pico Computing’s release.

Leave a Reply

featured blogs
Ooh! Another Tempting Diorama Project
Mar 5, 2021
The combination of the figure and the moving sky in this diorama -- accompanied by the music -- is really rather tasty. Our cats and I could watch this for hours....
More from Max's Cool Beans...
Here are the February 2021 Web Updates to Samtec.com
Mar 5, 2021
In February, we continued to build out the content on the website, released a new hierarchy for RF products, and added ways to find Samtec “Reserve” products. Here are the major web updates to Samtec.com for February 2021. Edge Card Content Page Samtec offers a fu...
More from Samtec, Inc....
Multi-Band Antennas for IoT on the Go — New White Paper
Mar 5, 2021
Massive machine type communications (mMTC) along with enhanced Mobile Broadband (eMBB) and Ultra Reliable Low Latency Communications (URLLC) represent the three pillars of the 5G initiative defined... [[ Click on the title to access the full blog on the Cadence Community sit...
More from Cadence...
How Sensor Fusion Technology Is Driving Autonomous Cars
Mar 5, 2021
Explore what's next in automotive sensors, such as the roles of edge computing & sensor fusion and impact of sensor degradation & software lifecycle management. The post How Sensor Fusion Technology Is Driving Autonomous Cars appeared first on From Silicon To Softw...
More from Synopsys...

featured paper

Ultra Portable IO On The Go

Sponsored by Maxim Integrated

The Go-IO programmable logic controller (PLC) reference design (MAXREFDES212) consists of multiple software configurable IOs in a compact form factor (less than 1 cubic inch) to address the needs of industrial automation, building automation, and industrial robotics. Go-IO provides design engineers with the means to rapidly create and prototype new industrial control systems before they are sourced and constructed.

Click here to download the whitepaper

featured chalk talk

TI Robotics System Learning Kit

Sponsored by Mouser Electronics and Texas Instruments

Robotics projects can get complicated quickly, and finding a set of components, controllers, networking, and software that plays nicely together is a real headache. In this episode of Chalk Talk, Amelia Dalton chats with Mark Easley of Texas Instruments aVBOUT THE TI-RSLK Robotics Kit, which will get you up and running on your next robotics project in no time.

Click here for more information about the Texas Instruments TIRSLK-EVM Robotics System Lab Kit