Making waves in the infosec blogosphere today: Cracking a PGP-protected ZIP file using Amazon's EC2 cloud computing infrastructure. There's some interesting data presented, especially when extrapolating the cost involved with breaking the encryption. There are a number of flaws in the write-up, though. I'll take it to task here, then cover some of the important and extremely valid points that the write-up did make.
This was a brute force password attack
If you happen to intercept PGP communication between two people, there's no password in the world that can decrypt it. The password (or passphrase) only unlocks the secret key, which is actually needed to decrypt the communication. If you don't have the secret key, your options for recovering the encrypted content are mathematically tantamount to nil. If you do have someone's secret key file, that person did something very wrong and stupid. The proper thing for that person to do when there's reason to believe their secret key is compromised: revoke the key, and tell everyone that the key has been compromised! I cover some of this in my GPG Key Management & Signing Article. Some Cloud Crack™ was being smoked by someone, as the crackers had access to the secret key, which shouldn't ever happen.
It doesn't always cost millions of dollars for CPU cycles.
Ages ago, my friend Bob had distributed.net agents running on 90% of the lab computers at the college he attended. These were all fairly new computers, too. Have physical access to 100 computers? You can probably spawn 100 instances of EDPR. For free. As in free beer. Okay, free beer plus the cost of the EDPR entitlements.
Plain old CPU cycles are so '90s. These days, we have the ability to harness compute power of FPGAs, and thanks to things like the CUDA architecture, Graphics Processing Units (GPUs) as well. These technologies take traditional CPU cycle density and cost paradigms and turn them inside out. It doesn't come cheap, but it's surprisingly affordable, more efficient, and denser than building racks of x86 machines. The author spoke of a corporate espionage scenario, with budgets of around $1M to compromise a competitor's data. $1M would go a very long way with FPGA or CUDA technology.
Finally, there's the black-hat side. Botnet zombies are cheap. Spammers, scammers, and malware tycoons know this. If you have some skills, free time and lack a moral compass, you can roll your own botnet or hijack someone else's botnet zombies for free. Again, as in free beer. Don't think it happens? Don't kid yourself.
Brute Forcing is real
While brute force doesn't work against PGP in a perfect world, it does work almost anywhere a password is involved, and the numbers don't lie. An attack like this against an encrypted TrueCrypt volume, for example, would be bone-chilling if it succeeded. Normal "protected" zip files, documents, and accounts are vulnerable, and there are multiple tools to brute force almost any kind of password.
Longer is better, for the most part
Long, simple passphrases win out over short, complex passwords when it comes to brute force. Still, if you use something that's easy to guess, like the first sentence of the book currently marked as your favorite on some social networking site, you might be in trouble. The ways you choose, guard, and use your passwords are parts of a very complex problem that not even the best in the industry can agree on a solution for. Good luck with that.
If all else fails, there's always rubber-hose cryptanalysis. Remember, you can't hide secrets from the future with math.