Nick Breese is a researcher with New Zealand based security outfit Security-Assessment.com and found himself giving a presentation at the Kiwicon hacker conference in Wellington earlier this week. His presentation looked at the use of the PlayStation 3 games console to crack passwords, and Breese concluded that when compared to the current best speeds of Intel for the same purpose, the PS3 performed an incredible 100 times faster.
According to Breese, eight character strong passwords can be brute force broken in just a couple of days by making the most of the Cell processor in the PS3 whereas before it would have taken weeks. The PlayStation 3 can be also be used to break basic encryption schemes with ease according to Breese who admits that when you reach levels even as low as the commonly used 128-bit SSL system which protects many an online banking transaction it will have little real world impact.
But there are many reasons why this is not, to be absolutely honest, a big deal for most of us. For a start, yes, it does mean that your average Office or PDF password could be cracked in the blink of an eye. However, where a password is handled more securely in software, say an eight character Linux password for example, the PS3 would still struggle to make an impact. Unless, according to Breese, “you had access to a thousand PlayStations” in which case it would take a few days. Yeah, right, a thousand PS3 consoles is an awful lot of money no matter where you live so I suspect even your Linux password will remain safe for now.
That said, if you are talking about comparing the processing grunt per buck, then the PS3 certainly tops the value for money charts, bringing supercomputer-challenging power into the home without most users even realizing it.
Think about it, whereas a top end Intel chip can manage 15 million cycles per second, the PS3 Cell processor can handle 1.4 billion cycles per second according to Breese, courtesy of the multiple processing cores within each one. So although the presentation is not perhaps as immediately scary as some media reports might have you believe, it should serve to focus our attention on the rapid advancement in affordable processing power and the implication upon security that has to have. If nothing else, we should all be beefing up our password length and strength to keep ahead of any brute-force password cracking advancements heading our way.
