This year's 44Con, held in London last week, had plenty to offer to cryptography enthusiasts.
One of the conference sponsors, Elcomsoft, was on hand demonstrating its integration with Pico Computing's range of FPGA accelerator cards. Field Programmable Gate Arrays (FPGAs) allow cost-effective and highly tailored hardware acceleration for a wide range of computing problems and are a very economical solution to the processing needs of modern password cracking.
Using the Pico accelerator card adds the equivalent processing speed of around 300 dual core CPUs for a fraction of the cost and power consumption (an often underestimated issue, as power and cooling of high performance graphics cards is a major engineering issue for more traditional password cracking hardware).
For more demanding users, there are rack-mounted solutions offering even greater performance. Currently Elcomsoft's Phone Password Breaker and Wireless Security Auditor can utilise the accelerator, with support for the more generic Elcomsoft Distributed Password Recovery under development. Further information is available here.
All conference attendees also received a fully functional time-limited demo copy of the Elcomsoft Distributed Password Recovery toolkit.
44Con 2012 also saw the first presentation on a new ciphertext-only attack on the WWII Enigma cipher from Bob Weiss and Benjamin Gatti. Whereas previous attacks, including the famous efforts of the UK's Bletchley Park in WWII, relied on 'cribs' of known message fragments and other similar hints, this new attack requires only the encrypted text to work with.
Contrary to popular belief, brute forcing Enigma encryption even with modern systems is no easy task with the key length being around 77 bits. Weiss and Gatti took special care to properly credit the contributions of Polish and American cryptanalysts during WWII in their presentation, something that many commentators often overlook.
Using an ingenious approach of analysing letter distribution patterns, Weiss and Gatti were able to almost entirely remove the complexity introduced by the Enigma's ‘steckerboard', thereby reducing the number of combinations it adds from 150 trillion to a mere 17 thousand (almost irrelevant in cryptographic terms).
In addition, another new technique they termed ‘diagonal conflation' allowed the fine-tuning of the attack to determine the original wheel settings. These new insights, in combination with the power of modern GPUs, allow analysis of messages in real-time. During the demo the pair analysed an encrypted message prepared for the conference, with successful decryption taking only around 15 minutes.
A paper on the attack is in preparation for the journal Crytpologia, and the source code and examples can be downloaded in open source from http://www.enigmacrack.com/.