Researchers use PS3 cluster to reveal internet security flaw

by Andrew Yoon { Dec 30th 2008 at 1:38PM }

Stopping cancer, simulating black hole collisions, and now ... breaking internet security? Is there anything the PS3 can't do? Researchers have been using the PS3 in interng ways. Most recently, a team of researchers from the U.S., Switzerland and the Netherlands have found a way of bypassing the security of digital certificates provided by companies like Verisign. These digital certificates help transmit your credit card information on the internet in a secure manner.

By using 200 PS3 systems linked together, researchers were able to do the math that helped them decrypt the MD5 hash that's used by Verisign. The researchers would be able to mimic online retail sites, potentially stealing tons of valuable information from consumers. It appears researchers want the hash to be replaced by a more potent one.

It's unrealistic to expect hackers will be able to replicate the results of these researchers any time soon. Getting 200 PS3s linked to each other can be quite a pricey feat! Of course, when you're stealing all of the internet's credit card info, you might be able to afford buying a few hundred PS3s.

[Thanks, BPerry!]

Tags: cell, ps3, research, security, verisign

Reader Comments (Page 1 of 2)

Thumbs @ Dec 30th 2008 1:50PM

"It appears researchers want the hash to be replaced by a more potent one."

I bet they do...ha ha

Draco @ Dec 30th 2008 1:56PM

PR0FT3A de V1DA @ Dec 30th 2008 2:46PM

I want some potent hash

Tom @ Dec 30th 2008 3:16PM

"Is there anything the Ps3 cant do?"
Yeah, play GOOD games!

Game_playa @ Dec 30th 2008 3:18PM

@Tom
STFU you trolling S.O.B

Rodrigo (psn: mexico4life) @ Dec 30th 2008 4:12PM

yea shut up you trolling son of a bear!

Tom @ Dec 30th 2008 4:39PM

Yeah, Im a troll. Excuse me for being disappointed with BOTH of my Blu-Ray players (PS3).

As soon as someone doesn't like something PS3 related they are a troll. Ive spent thousands on my systems, Id just like a little return on the investment.

what next, you going to tell me Home is awesome?

Rodrigo (psn: mexico4life) @ Dec 30th 2008 4:47PM

hell yea home is awesome specially when you give lap dances on ppl at the theathre ;) or dancin around when ppl is playing pool ;)

Mein Bratwurst @ Dec 30th 2008 5:31PM

Tom, he's calling you a troll for saying PS3 can't play any good games. That trolling line is like a year old now and is obviously not true. Seriously, get a new line... just not "OMG PSN IS LAGGY" cause that is played out as well.

Game_playa @ Dec 30th 2008 6:19PM

"Yeah, Im a troll."
You got that right.

iamkid @ Dec 30th 2008 7:32PM

tom, its not saying that that makes you a troll. its the fact that you come on a site that is dedicated to hardcore fans of the ps3 and talk shit on it. that qualifies you to become a troll.

C-Onor @ Dec 30th 2008 7:30PM

home isnt awesome, its useless. crap.huge disappointment. thats why it won the biggest disappointment of 2008 award.

Chainblast @ Dec 30th 2008 11:42PM

@Tom: Yeah the PS3 has no games to play, the 360 cannot play the games it has and the PC costs too much. We're all just really right fucked aren't we?

And I think you would be hard pressed to find a person that legitimately thinks Home is awesome.

HOMEsux @ Dec 31st 2008 12:48PM

OMG PSN is laggy!

Autopsy15 @ Jan 1st 2009 8:34PM

Everyone, please stop feeding the troll.

proog @ Dec 30th 2008 1:54PM

You can't "decrypt" MD5 hashes. MD5 is not encryption.

Thearon89 @ Dec 30th 2008 2:00PM

Apparently you can.

superaktieboy @ Dec 30th 2008 3:44PM

no but you can bruteforce it ;) which is why you'll need so many PS3's to crack it .. basically you are trying all the possible combinations and see if the hash of every possible combination is the same as the original one..

Dani Reader @ Dec 30th 2008 3:51PM

well, you'd better go and tell those researchers that they are stupid, and have completely mispent all of that money. And while you're at it, I'll go and tell verisign nothing happened, shall I?

proog @ Dec 30th 2008 4:22PM

Of course, you can brute force and check for hash collisions all you want, but it's not decrypting.

P @ Dec 30th 2008 6:38PM

@ Dani:
He's right, and your an ignorant n00b. He's not saying their work is incorrect, he's correctly saying the terminology used to explain whats being done is incorrect, its simply impossible to decrypt MD5.
pw checks are done by encrypting your answer, and comparing it with the stored one, if they match then the stored answer must be a match. At no point is the stored value being converted to something accurate, therefor your not decrypting.

proog @ Dec 30th 2008 6:40PM

Well thank you, P.

Mark @ Dec 30th 2008 2:00PM

Assuming the rumors of Sony loosing $50 for every console they sell are accurate and that my count of the number of consoles there is right, that rack cost Sony $8,800.

PSN: Erdie @ Dec 30th 2008 2:29PM

Haha, that's what I was thinking too.

chukz @ Dec 30th 2008 7:07PM

And the publicity will make them a lot more $$$ :)

Draco @ Dec 30th 2008 1:58PM

What is 80 grand when you have the power to steal trillions? with those trillions they could buy like 2 billion PS3's and with that they could control the space/time Continuum.

Kattleox @ Dec 30th 2008 2:02PM

Or develop a cure for cancer and refuse to share it with the world unless they pay some exorbitant ransom. Muahahahaha!

Sylar @ Dec 30th 2008 3:50PM

Ingenious.

maidsandharem @ Dec 30th 2008 4:05PM

Did sony donate these consoles? Like all of the other experiment in the link?

Dan @ Dec 30th 2008 2:00PM

It's a hacker's LAN party!

rohan @ Dec 30th 2008 2:43PM

lol i can see that happening

kentuckyfried @ Dec 30th 2008 1:59PM

Why 200 ps3's? It's actually cheaper to use ps3's than a cluster of cheap PC's?

BSprague @ Dec 30th 2008 4:21PM

It's probably the Ps3's Cell Processor Technology which makes it a better candidate. It can do a whole load of simple equations at once, which is perfect for cracking codes/bruteforcing MD5 hashes.

Dahk @ Dec 30th 2008 2:00PM

Lol think you need to add some more letters to "interesting". You're missing like a whole 4 letters!

Mein Bratwurst @ Dec 30th 2008 2:16PM

I also found that to be interng.

Eduardo @ Dec 30th 2008 2:15PM

I personally believe more scientists should use the ps3, can you imagine Science is the reason the ps3 can win the title of second place in the console war.

Mr. Joe @ Dec 30th 2008 2:27PM

you're blinding me.. with science!

malfano1002 @ Dec 30th 2008 4:01PM

Hahaha

http://www.youtube.com/watch?v=2IlHgbOWj4o

Fick @ Dec 30th 2008 2:21PM

"Is there anything the PS3 can't do?"

Like, sell?

(I own one, I'm just having fun.)

Jerses @ Dec 30th 2008 2:29PM

Lol. i think this will affect december PS3 sale.

Mr. Joe @ Dec 30th 2008 2:28PM

200 ps3s?! that's like... a million dollars!

lepolohuevo @ Dec 30th 2008 2:45PM

it depends, if there is a copy of MGS4 inside each one of 'em, you can even hack into obama's blackberry ^^

vahdyx @ Dec 30th 2008 2:49PM

This is why sony sucks! most of their sales are coming from the airforce and people like this that just want the processing power, but the ps3 doesn't have enough ram so poop.

I want PS3 to be number one, but they're struggling here in the states. Son of a