Wednesday, July 4, 2012

On EC2 instances and password cracking

The general wisdom, rightly so, is that EC2 GPU instances are awful ways to spend your dollars for password cracking.  They're running obsolete Teslas, which are underclocked nVidias, which we all know are terrible for password cracking.

But... still.  I decided to go benchmark, because I don't like saying something sucks without good cause.

Let's say we're interested in a few NTLM length 8 passwords.  Fairly standard for a corporate audit.

I know, I know - glacially slow compared to "modern hash cracking rigs" - but how much does it cost to do?

Well, at 3B hashes per second, length 8 (95 characters) will take 615 hours.  At $2.10/hr standard GPU instance pricing, that's nearly $1300!  Ouch!  You're really better off buying a 6990 or something at that price!

But what about spot pricing?  Amazon clearly isn't having them heavily utilized, because their spot price is $0.346/hr right now.  And that, my friends, works out to $213.  Which is a whole lot more interesting - especially since that's the total cracking cost, if you use one instance and a month, or a bunch of instances and a lot less time.

Just something to think about...

Updated July 31 2012
If you are looking to actually do this, has links to the scripts to do so.  And the speeds are even better, making the cost less!

No comments:

Post a Comment