[conspire] How to break the whole Web PKI framework, using PS3s

Edward Cherlin echerlin at gmail.com
Wed Dec 31 00:02:09 PST 2008

If a PS3 is worth 40 Intel processor cores clocked at 3GHz, and the
OLPC XO has a 433 MHz AMD Geode, then 200 PS3s comes to something on
the order of 75,000 XOs, with a quite large error bar. Several
countries have ordered several times that number. ;->

Conspiracy theorists used to talk about China destroying US cities by
having the entire population jump up and down in phase. Now a bunch of
schoolkids are in a position to take down the Net. Any spammeister's
zombie network could do it. You could write a Boinc client for it,
pretending that it was for solving some arcane math problem.

I see that the Cell processor includes a PPC core, and that Yellow Dog
Linux is available for it.

"IBM's latest supercomputer, IBM Roadrunner, is a hybrid of General
Purpose CISC Opteron as well as Cell processors. This system assumed
the #1 spot on the June 2008 Top 500 list as the first supercomputer
to run at petaFLOPS speeds, having gained a sustained 1.026 petaFLOPS
speed using the standard linpack benchmark."--Wikipedia

"...with 12,960 IBM PowerXCell 8i CPUs and 6,480 AMD Opteron dual-core
processors..."--Also Wikipedia

Rudy Rucker, in Wetware, wrote about "petaflop bopper" robots on the
moon breaking the encryption locks on the "Asimov" slaves on Earth
that were under the Laws of Robotics. Sadly (from a purely fannish
point of view), no. Breaking the encryption, yes, but strong AI, lots
harder than that.

Vernor Vinge, in Rainbows End, wrote about a government agent issuing
bulk revocations against a major Certificate Authority, with ensuing
global disruption. This now appears to be within the reach of most

On Tue, Dec 30, 2008 at 6:31 PM, Rick Moen <rick at linuxmafia.com> wrote:
> I wrote:
>> Herewith, full HOWTO instructions for a Sony PlayStation 3 high-performance
>> computing (HPC) cluster that anyone can construct using Fedora Core 8,
>> the IBM Cell SDK 3.0, NFSv3, and "Openmpi" Message Passing Interface
>> (MPI) libraries for cross-nodal communication -- further proof that the
>> IBM Cell Broadband Engine aka "Cell" CPU is _amazing_
>> (http://en.wikipedia.org/wiki/Cell_(microprocessor) ).
>> A test installation at University of Massachussetts at Dartmouth's
>> College of Engineering using eight PS3s is already doing serious
>> astronomy calculations, at supercomputer levels of performance.
> [...]

> And, it turns out, there are other _very_ interesting things you can do
> with the massive array of _two hundred_ PS3 gamer boxes -- this
> particular cluster being the one at EPFL in Lausanne, Switzerland:
> http://www.win.tue.nl/hashclash/rogue-ca/
> In short:  With just 18 hours of computing, they were able to crack a
> Certificate Authority MD5 signature -- loosely speaking -- such that
> they were then able to buy apparently genuine commercial SSL certificates
> that will be believed and accepted by all current Web browsers.  Thus,
> they are in effect able to run a rogue Certificate Authority.
>  In combination with known weaknesses in the Domain Name System (DNS)
>  protocol such as Kaminsky's "DNS Flaw" [K2] (see also [OMM]), the
>  vulnerability we exposed opens the door to virtually undetectable
>  phishing attacks. Without being aware of it, users can be redirected to
>  malicious sites that appear exactly the same as the trusted banking or
>  e-commerce websites they believe to be visiting. User passwords and
>  other private data can fall into wrong hands.
>  [...]
>  Other applications than secure web communication using SSL might be
>  vulnerable as well. Every Certification Authority that will honor
>  requests for MD5-based certificates and that has sufficiently
>  predictable serial numbers and validity periods, may be vulnerable to
>  similar attacks. This may include Certification Authorities in the areas
>  of e-mail signing and encryption, software signing, non-repudiation
>  services, etc.
> As the authors point out, MD5 hashing has been known to be weak (to have
> findable "collisions") since 2004, yet it keeps being perpetuated in most
> places.
> The authors estimate that the computing power in a single PlayStation 3
> is roughly equivalent to that of about "40 modern single-core processors".
> They say their 18 hours of runtime (albeit spread across 200 PS3s) got
> them results that would have taken _32 years_ on a typical desktop box.
> Replacements for MD5?  The commodity current choice is SHA-1, but some
> weaknesses were found in 2005, and SHA-2 still looks good.
> (There is currently an NIST competition to select SHA-3 from several
> dozen candidates:  http://www.schneier.com/crypto-gram-0812.html#11)
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire

Silent Thunder (默雷/धर्ममेघशब्दगर्ज/دھرممیگھشبدگر ج) is my name
And Children are my nation.
The Cosmos is my dwelling place, The Truth my destination.

More information about the conspire mailing list