PGP takes action against Elcomsoft
A poster by the Russian software producer ElcomSoft bearing the words "the only way to break into PGP" caused offence at the current Infosecurity Europe conference and exhibition. The show's organiser personally removed the poster from Elcomsoft's stand, after the PGP Corporation, whose stand directly faced Elcomsoft's, complained about it. He said that it contravened the basic terms and conditions for attending the show.
Jon Callas, CTO of PGP, took exception to the statement on the poster because, he said, Elcomsoft's software didn't break the encryption, but only cracked passwords. Elcomsoft Distributed Password Recovery (EDPR) needs a lot of computer power to do this, relying on assistance from modern NVIDIA cards and networked computers. In the case of PGP encryption, EDPR's GPU acceleration is only used for cracking PGP's whole disk encryption and PGP disks (PGD). The Compute Unified Device Architecture (CUDA) framework makes the acceleration possible by farming out intensive computing tasks to the graphics cards. Modern graphics cards, such as those from NVIDIA with 128 or more ALU shaders, are very suitable, particularly for tasks that are highly suited to parallel processing.
PGP points out that EDPR is not the only password-cracking tool that can theoretically crack hard disks or files encrypted with PGP by using brute-force methods, for example, and that there are other commercial and open-source tools that do the job, some of which support CUDA.
Elcomsoft has already caused confrontations at past security conferences. Dmitry Sklyarov, an Elcomsoft developer, was arrested by the FBI in 2001 following his presentation at Def Con 9. The cause was a legal dispute with Adobe about the removal of copy protection from eBooks.
- Improved WPA and WPA2 password-cracking tool causes concern, a report from The H.
- GeForce 8 cracks passwords, a report from The H.
- ElcomSoft blog, response from Vladimir Katalov, ElcomSoft CEO, to the removal of the poster.