Ivan Golubev’s blog points out that power supply and heat dissipation can impact the speed of brute forcing passwords with graphics cards.

Apparently lowering GPU core frequency resulting in “closer to estimations” performance. My first guess was that there is internal throttling in 6990 and so overheating causing performance drop. I’ve even posted in official forum about this but some more experiments reveals that I wasn’t totally true. Answer was pretty simple:

[…]

Yep, by default it isn’t enough power provided for 6990 to make it work with 100% performance

[…]

…make sure you have proper cooling and PSU as looks like official 375W TDP can easily became 450W and this means A LOT of heat you’re need to deal with somehow.

The Radeon HD 6990 graphics cards have dropped to under $400, which is very tempting, but only for air-cooled. So the cost of reaching peak brute-force performance levels of 10 billion passwords per second with ighashgpu really must be measured in terms of cost of liquid cooling and clean supply of power (around $4,000 for a complete system). It’s a nice example of how security is tied to energy and efficiency. Golubev actually provides a spreadsheet of performance per dollar but it doesn’t mention environmental factors that support peak performance.

To put this all in perspective, a strong mixed upper-lower case alphanumeric with symbols password that is 8 digits long on a Microsoft OS could take around 20 days to crack for less than $5,000. Since password change cycles are usually 90 days…

I get asked all the time whether it is “safe enough” to run different levels of security on the same physical hardware if you have a hypervisor separating the load. The answer is, of course, it depends. We have complex control models and detailed explanations that prove hypervisors can reach even the highest (e.g. FISMA High) level of measurement. But the issue is really not about controls available, it is about management decisions and configuration.

To put co-tenancy in a broader context, consider the latest decision by the Obama administration regarding the obvious plight of Polar Bears. The U.S. Fish and Wildlife Service today published in the Federal Register a proposed rule and draft environmental study. This new draft is meant to replace a Bush administration 2008 attempt at a rule that was voided in 2011 by federal court. The public has two months to comment and already there is a clear backlash based on broad risks of co-tenancy.

A proposed rule aimed at protecting endangered polar bears doesn’t even mention how the federal government will address global warming, which is seen as the primary threat to the Arctic predators.

[…]

Both the current proposal and the previous Bush rule exclude activities occurring outside the range of polar bears — such as the greenhouse gas emissions of industrial polluters like coal plants — from regulations that could help stop the bear’s extinction.

Unfortunately, it seems bears have no service level agreement with their provider that they can use for leverage against the harm that is coming from their neighbours. The administration also presents an interesting argument against controls that seems completely upside-down.

In the new environmental assessment, Fish and Wildlife managers argued that not issuing an exemption for harm to polar bears outside the Arctic would lead to a plethora of citizens’ lawsuits which, the agency said, had little chance of prevailing. Such suits would take up agency staffers’ time that could better be spent helping polar bears, they said.

I often refer to a USC economics study of parking behaviour when speaking in private on correlation and insider risk but apparently I have not yet mentioned it on my blog, so here it is: “Cultures of Corruption: Evidence from Diplomatic Parking Tickets”

Corruption is believed to be a major factor impeding economic development, but the importance of legal enforcement versus cultural norms in controlling corruption is poorly understood. To disentangle these two factors, we exploit a natural experiment, the stationing of thousands of diplomats from around the world in New York City. Diplomatic immunity means there was essentially zero legal enforcement of diplomatic parking violations, allowing us to examine the role of cultural norms alone. This generates a revealed preference measure of corruption based on real-world behavior for government officials all acting in the same setting. We find tremendous persistence in corruption norms: diplomats from high corruption countries (based on existing survey-based indices) have significantly more parking violations.