Wisdom on the Move

  • You may have seen the recent article on ArsTechnica by Dan Goodin about KoreLogic. We (Rick Redman and Dale Corpron, KoreLogic consultants) dipped a computer inoil, and left it there, running, 24x7.Although this idea isn't really all that new (Cray did it in 1985!),our use of it is relatively rare. We dipped a GPU powered passwordcracking system in the oil. Thanks to Midas Green Tech's help, itwas really easy to do. Our hardware wasn't new or even custom, but it'srunning, right now, in mineral oil. So, why did we do it?Well, we built an additional hardened password cracking system out ofsome extra AMD Radeon 6990s that were sitting around the office. Next,we placed the system in an air-cooled COLO space, and, guess what? Itoverheated. So we added more fans, and it overheated again. Weremoved the side of the case, re-attached the heat sinks with betterthermal paste, and it still overheated. Granted, we could havemoved the 4U twin 6990 system to another COLO which chills their serverrooms to 60 degrees, but the cost would have been almost twice as much.Granted, that would have come with higher bandwidth too, but a GPUpassword cracking system doesn't really need that much bandwidth(unless it's downloading/updating wordlists). So we had an overheatingGPU system, with possibly malfunctioning Radeon cards, and the box wasair-cooled at a COLO that already does oil-based cooling. It justseemed logical.Midas assured us it was safe (they've been doing it for a while now).They had multiple other systems already submerged and knew how to doit. The vendor who supplied the hardware ( assured us the GPUswere safe to submerge. So, we decided to go for it.What it takes:Remove all fans from your system (except the power supply fan which is"required" by the power supplies). Remove all heat sinks from the CPUsand GPUs. Clean off all the thermal paste that was under the heatsinks, and replace with thermal tape (Just Google for "Thermal Adhesive Tape") and then re-attach just the heat sink (nofans). The idea of running Radeon 6990 cards without fans soundscrazy. They would overheat in 2 seconds in the air.The next step is tricky... Take your computer, drop it into a tank ofcooled mineral oil, and turn it on. Here is video of usdoing just that. We have to say, it was nerve-racking. It goes against everything youbelieve in. Computers don't run in liquid. But they do! They runcheaper at the same speed (if not faster) than air cooling. The liquidoil at Midas is pumped out, put through a cooler/radiator using "cold"water, and returns into our rack at approximately 80 degrees (F). Sure,we heat that oil up, but it's very quickly sucked out of the rack, andcooled. The temperature of the oil could be lowered to much coldertemps, but why? That would require more electricity.You can see the oil rising out of the GPU cards in the following video.Note, there are no fans on those cards, the oil you see movingis just the hot oil rising to the top of the rack. Notice the bubbleson the surface of the oil, see how they are moving? The blue light isthe power supply and (still intact) internal fan. (It's a 1200 wattpower supply, if you are curious). At the end of the video you can seewe pan over to the temporary X11 interface and see that we are runningoclHashcat-plus. (Don't trust the temps listed in the video, that was abug that was fixed later.)In conclusion, this method is cheaper for us as a COLO customer, usesless electricity, and prevents our systems from overheating. Why NOTdo it? Whats our attraction in inefficient air cooling? We will updatethe blog on details on how the system handles the oil long-term, butit's been weeks now, and everything is working great. Currently, the 4GPU cores and running at "full blast" cracking a few hundred thousandNTLMs and are running at 51-68 degrees Celsius. The oil is approx 21.6degrees Celsius. oclHashcat-plus will "abort" a GPU cracking job at 90degrees Celsius. Here are more pictures ofoil cooled systems. (KoreLogic has no relationship with GreenRevolution Cooling, we didn't coordinate with them on this write-up,etc.)Our answers to some questions:Yes, you can do this at home with an acrylic fish tank. Notice"our" tank is made of steel. I've heard that the eventually heat willmelt the sealant used on non-commercial tanks, so high-heat uses arenot encouraged. Detailshere. We are not affiliated with, nor sell/resell their systems.It's just a link.

  • We are aware this isn't "ground breaking". But why aren't you doing it? Why isn't everyone doing it? Why, as an industry, are we cooling our systemsusing inefficient methods such as air conditioning? Why is this the onlyCOLO (we could find) that provides this service?

  • "Does it really save electricity?" - Well, We aren't runningthe COLO, so we aren't the best people to ask. But, it costsless (as a customer) to COLO in oil vs. air cooled. So, weassume someone has done the math.

  • "What about water cooling and/or water "blocks" for the GPUs?" -This is a decent solution for some people, and we have worked with thatfor some systems. It still requires lots of extra hardware, and tons ofnoisy fans. Plus, this is "ready to go" method for us, at a COLO.Just drop it in the oil, and start cracking!

  • "Why are you doing this?" - We are security professionals and abig part of what we do is performing security assessments andpenetration tests. We often encounter tens of thousands of passwordsthat we need to crack, in a short period of time, and we'd like tothink we've become pretty good at it. We've always believed that it isimportant to give back to the community, so we've published HOWTOs,given talks, published password cracking rules, forensics tools, andvarious widgets and utilities. We had some spare hardware lying aroundand we wanted to see how it would perform in this environment. Wethought some people might be interested in this too.

  • "You don't really crack 90%." - Sure we do. That was not just somemade-up value. Password cracking technology has come a long way.Consider the password cracking contest we run at DEFCON (Crack Me IfYou Can). We release over 120,000 password hashes and the teams thatparticipate have only 48 hours to crack as many as they can. The hashesare in many different formats, some extremely difficult andcomputationally expensive to crack. The contest tries to simulate realworld environments--but the crackers are so good now, that we areforced to include 12-16 and longer character passwords. The teams thatparticipate crack most of them in the 48 hour window.So yeah, we often crack over 90% of the passwords we encounter onpentests. This is a big part of what we do. Rick Redman has spoken atconferences (BSides, DEFCON, AHA, DerbyCon, etc.) on advanced passwordcracking techniques. One of our specialties is developingpatterns/rules/wordlists specifically designed to crackcorporation/enterprise password sets. Granted, many of the lists areNTLMs (from Active Directories) and those are easier to crack. ThanksMicrosoft ;)

  • "How is the oil cooled?" - Look in the pictures on's website.There is a large cooling tank in the back of the room. We do not havethe specifics on how it works, but it works. This is aprofessional/industrial solution. The only need for air conditioning inthe room, is for the humans.

  • "Noise?" - In the YouTube videos, we are whispering. There areapprox 40 or so 1U computers running (in oil) in that same room. The"beep" you hear is a laptop speaker about 5 feet away. So it's prettyquiet.

  • "Cost?" - It's based on power/bandwidth usage. This system pullsapproximately 6 AMPs of power. We will not disclose the actual cost toKoreLogic out of respect for Midas.

  • "Can I do it?" - YES! Midas Green Tech is a normal COLO and wouldgladly oil-dip your machines for you. We have no relationship withthem, they are just a group of friendly geeks doing cool stuff. Wereally like that we are supporting a local, small business by doingthis as well.

  • "Contamination of oil by dust?" - We do not know the details ofthis. Maybe there is an oil filter? We're willing to bet that evendust-filled oil is still better at cooling GPUs, than air is. We're notwilling to test that theory though.

  • "Why not overclock?" - Radeon 6990s are beasts as-is. And weobviously could overclock them, but to extend their life-span wecurrently aren't planning to overclock.

  • "What about your devices when you pull them out of the oil?" -According to Midas, "spraying electronics cleaner" will safely removethe oil and they are "safe" to run in the air afterwards. This has beentested by Midas (we have not validated this test ourselves).

  • "Warranty?" - According to Midas, "Several large server componentmanufacturers like SuperMicro warranty their products in the oil." Inthis case we were experimenting with spare hardware so it was not abig concern.

2 comments Posted by Rick at: 20:55


