I tested distributed case processing and password cracking today by adding Amazon EC2 instances to the local processing resources. Purpose - tmp improve processing (& decryption) speed with security and budget in mind. I used Amazon "compute optimised" instances "c3.8xlarge", each with 32 Virtual CPU; 60GB RAM; 2 x 320 (SSD) and 10 Gigabit Network. "c3.8xlarge" instance costs around $3 USD per hour. My Internet link was a bottleneck, because it only supports 15.62 Mbps (15615 kbps). I used 'soon to be decommissioned' Free LogMeIN service, participating nodes were setup as "MESH" Network. Free account only supports up to five nodes in Mesh network.
Related Articles
In order to use LogMeIN Hamachi, it must be installed on each computer. Windows Server 2008 OS had issues with failing to connect to tunnelling engine, so to save time Windows Server 2003 OS was used instead. No problems encountered with installing and connecting the instances to the Mesh. Perhaps Windows Server 2008 R2 or later OS would also work without too much tinkering. I called my network "Passware", but had to use network ID instead to connect each instance.
Firstly, Passware Password Recovery Kit Forensic was used to decrypt SAM + System registry files. The tool has its own integration with Amazon Cloud, however I always had connectivity issues with it. Additionally, the purpose of this exercise was to make sure no data is transferred between the local network and external resources in a clear.
After the 1st EC2 instance was connected to the local workstation running Passware, I saw a significant improvement in speed compared to two (1CPU) local workstations at brute-forcing NTLM hashes.
When three remaining EC2 instances were connected, each added 153 000 000 pwd/sec to the pool.