PlayStation 3 Cluster Used to Break Security Algorithm

It seems that the PlayStation 3 gaming console from Sony has uses beyond simply playing the newest Prince of Persia. Some people have used the console as a Linux based computer, while others are using it, via the Folding@home program, to sort through data which could improve our knowledge of diseases and could lead to a cure for the big maladies of our time. Others are using clusters of PlayStation 3 consoles to break into encryption algorithms and create fake security certificates.

Computer World says that a team of security experts have put together 200 of the Sony made console in order to test the vulnerability of the MD5 hashing algorithm used to create unique security certificates that show whether a website is to be trusted or not by a user.

The computing power of the Cell processor, which was created by a consortium of IBM, Toshiba and Sony, is apparently very good at performing complex cryptographic operations. The team managed to exploit a weakness in the security standard and the RapidSSL.com certificate authority site, which is powered by VeriSign Inc., was duped into creating fake security certificates.

The vulnerability exposed could be used by hackers with malicious intent to create websites that appear to have all the legitimate security certificates but which can be used to steal personal data from the users who are tricked into logging into them.

The security team says that in the real world, hackers will probably not have access to 200 PlayStation 3 consoles, but the vulnerability can be exploited using regular computers. David Molnar, one member of the team from the University of California, Berkley, says that “It's a wake-up call for anyone still using MD5.”

Sony has not commented on this rather exotic use of the PlayStation 3.