An Australian security firm is about to launch a clustered Linux distribution that aims to utilise the unused nightly processing power of desktop PCs.
Dubbed CHAOS, the software is able to remotely boot a computer and run it on Linux without affecting the local hard disk. With enough PCs, this has the potential of creating a distributed supercomputer.
The project was driven by one challenge: the lack of time, said Sydney-based Pure Hacking, which specialises in penetration testing — the external probing of corporate networks to ensure their security.
Pure Hacking senior security consultant Ian Latter explained that the company didn't have time — as a real hacker would — to spend 30 to 60 days decrypting password files as part of its client demonstration. The company needed its own cluster in order to crack passwords fast.
This is when Latter decided to tap into a hobby which he began in a previous life. In his last position as Internet and networking security officer at Macquarie University, Latter started on CHAOS with the idea to utilise idle processing power on hundreds of corporate PCs after office hours.
But now Pure Hacking plans to take Latter's hobby and make a professional distribution out of it. "CHAOS will be forged as a commercial tool and not a play-thing," said Latter. Future versions of the software will benefit from commercial security testing, be better documented and more useful in the business world.
Latter said CHAOS would be of interest to "those with large computational usage and particularly those with existing high investment in commodity equipment".
Although CHAOS is based on the openMosix Linux kernel extension, it will provide several additional features to the community.
Latter said that while existing clustering Linux distributions such as Quantian and ClusterKnoppix contained several gigabytes of software, CHAOS was only about 6MB in size.
This reflects the fact that CHAOS is not meant to be used on its own. Latter anticipates that users will use Quantian or ClusterKnoppix as the head node in a cluster, while the CHAOS distribution would run on ordinary nodes and provide "dumb power" to the cluster. This would make the process of adding or removing nodes from the cluster simpler.
A node is an individual PC in a cluster, and a head node is simply a node that controls the cluster and takes advantage of the processing power and memory offered by the other nodes.
However, CHAOS also brings security features. "The real challenge is that openMosix itself isn't secure," said Latter. He said that his software would implement the IPSec standard for encryption services between each node on a cluster.
According to Latter, this means that individual computers working together as part of a clustered system would even be able to operate across the public Internet. For further network security, CHAOS also implements the firewall capabilities found in the Linux kernel.
Latter said that Pure Hacking's own cluster initially attempting to crack Microsoft Windows-based SAM databases, DES encryption and Unix-based MD5 passwords — all of which are still commonly used despite being relatively outdated.
According to Latter, there was no real methodology behind choosing the project's name. "We were just looking for a groovy name that would stick out in a world of groovy names," he said. In several weeks, Pure Hacking will release the software — licensed under the GPL — through a new Web site.
Renai LeMay reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.