Hey guys,
I'm looking to improve our password cracking capabilities by integrating more GPUs, distributed processing and some Tableau TACC devices. We are already using Passware Forensic for cracking passwords and it comes with 5 agents for distributed processing. The distributed processing is all figured out. For the GPU processing, I found an interesting device called the GPU-Xpander Desktop from Cubix (
Before purchasing, I would like to know if someone had tried the device with Passware Forensic and if it works. I already contacted Passware, but the have not tried the GPU-Xpander yet. I also contacted Cubix to see if they had tried Passware Forensics, but I haven't got a reply from them yet.
Thanks.
This sounds like a lot of time and money. Do you have to access passwords that often? You may want to think about cloud computing, dependent on how often you require this kind of computing power
http//
https://
In Law Enforcement, it's not a matter of "how often" we encounter password, it's more of a matter of "if a file is password protected / encrypted, it might contain something worth digging into". We're starting to see more and more encryption in our cases and these things take a lot of time to crack. We usually allow from 3 to 6 months (and sometimes more time) for a decryption job, depending on the priority of the case. If I can increase by 50x - 60x the number of passwords/seconds over that period of time, I think it has an impact.
We've thought about using cloud computing for password cracking, but it is not viable for us for a number of reasons
1- Price As the article you mentioned states
after only 12 hours of password cracking, owning your own GPU becomes more cost efficient than using Amazon EC2 instances.
So the upshot is this for pentesters, buying a new GPU for the job and throwing it away at the end will crack more passwords than the equivalent money spent on Amazon EC2 instances.
2- Manageability I don't know if it's the same for all Law Enforcement agencies, but here, we really prefer investing in an in-house solution than having to pay for a service on a case-by-case basis. It's easier to manage.
3- Confidentiality When using cloud services for cracking, you never really know what part of your file is sent online, if it's kept on some server, etc. You kind of lose control over your evidence…
My opinion, anyway…
I used a Cubix solution for remote connectivity, and it was flawless. It was a different configuration than you describe though. It had a passive backplane, and each slot could take a full blown "system". Each system had a single slot, so it could take a co-processor, I presume.