Good call. Seems like the third party confidentiality issue is the big hurdle. It may not be worth bringing up to the CIOs.
We can start with a few 290x cards @ $400 a piece. The cheapest way to do this is with risers and a milk crate case. But with how noisy and hot this will be we would not want to take it with us. Maybe the best bet is two cards and a case with good airflow.
On Apr 8, 2015, at 8:51 AM, Goble, Andrew Goble@dixie.edu wrote:
I have some concerns with a third-party cracking service, mainly the ongoing money processing as this is system money and I don't have a purchasing card that draws directly off the system accounts. The UofU accountants would have to be ok with ongoing reimbursement work. There may be some NDA issues or squeamishness on the part of some of the institutions about sending hashes up to a third-party service. We'd need to research the privacy practices / EULAs of cloudcracker and so on to make sure we were on ok footing.
Building a cracking box that is magnitudes better than anything we have now would be a plus... maybe we take a hybrid approach where we build a nice, but not freaking amazing crack box and leave the door open to cloudcrack with approval from the school if the situation called for it?
From: Jon Barclay Jon.Barclay@uvu.edu Sent: Tuesday, April 7, 2015 10:58 PM To: Goble, Andrew Cc: ushe-assess@lists.dixie.edu; Nate Henne Subject: Re: [USHE-assess] Equipment Request
Here is my 2 cents.
As much fun as a beefy cracking box would be, the money would probably be better spent by allocating $500 per assessment on cloudcracker.com. Looks like prices range from $5 to $35 depending on how large a dictionary you want them to use. Even their small dictionary is a lot bigger than what we use. We could use our existing cards to get the low hanging fruit and push high value hashes to the cloud fpga crackers.
If we do want to build a password cracking box we should try put it in a rack mount chassis and leave it in someone's datacenter. Something like this: http://blog.fox-it.com/2014/03/07/building-bowser-a-password-cracking-story/ The Radeon 295x2 card should be twice as fast as one 290, but apparently there is an issue with the 295x2 cards throttling themselves because of their enormous power draw. The GTX 980 cards might also be a good option.
On Apr 7, 2015, at 3:36 PM, Andrew Goble goble@dixie.edu wrote:
Hey,
I just learned the CIOs are meeting this Friday and will likely discuss and approve continuing the assessments for the next couple of years. I am going to ask for some equipment refreshment funding.
What do you think we need for a core equipment refresh? I want to stop lugging that giant box around, we could continue to use the gear in it, just want to leave it in one place. What do we need to buy to take on site with us?
Core Gear: Beefy workstation laptop or a tower workstation with lots of RAM and space for Kali, Nessus VMs, etc. Maybe 2? Small hardware firewall, maybe a small form factor Atom box running PFsense or something similar to handle the network. 8 - 12 port managed switch. Cracking box - Good pile of RAM and 3 or 4 nice GPU cards.
What other toys do you want? (proxmark, more PIs, duckies, etc) If you want it, give me a rough number on quantity and what it will cost?
I need a pretty good idea of the dollar amount we want to ask for by Friday at noon.
Thanks, Andrew _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess