Storm Worm Botnet More Powerful Than Top Supercomputers
September 8th, 2007
There is an interesting article on informationweek.com about the botnet built up with the storm worm. As the headlines says, it has become more powerful than leading current supercomputers. Because of its immense size of millions and millions of zombie computers it has vast powers. One aspect are the spamming capabilities:
A record was set on Aug. 22 when 57 million virus-infected messages — 99% of them from the Storm worm — were tracked crossing the Internet.
Another aspect which is not discussed is the power to crack encryped data. I did a quick calculation.
Brute Force DES
- 2^56 = 72.057.594.037.927.936
- 2^56 distributed on 4 million bots = 2^56 / 4.000.000 = 18.014.398.509,481984
- each machine being a AMD Athlon 64 3800+ X2 (Dual Core) with 14.564 MIPS at 2.0 GHz (see http://en.wikipedia.org/wiki/Million_instructions_per_second)
- will test all possibilities in 1,236.. seconds
Brute Force IDEA
- 2^128 = 3,4028236692093846346337460743177e+38
- 2^128 distributed on 4 million bots = 2^56 / 4.000.000 = 85.070.591.730.234.615.865.843.651.857.942
- same machines with 14.564 MIPS at 2.0 GHz
- will test all possibilities in 5.841.155.707.926.024.159.972,7857633852 seconds
- or in 185.221.832.443.113,39928883770178162 years
RSA
Now what about RSA, the de-facto standard of asymmetric encryption used today? As of May 2007, we know it takes about eleven month to factorize a 1017 bit long number (currently 1024 is assumed to be secure). For their tests, they had hundreds of computers at hand, but not millions. Now imagine 4 million computers working one third of their time cracking your personal private keys, the server certificate of amazon or the one of your bank. Wow! That bomb would explode. Wouldn’t it?
What do you think?
Leave a Reply