Thomas Roth of Germany plans to unveil the method he used to crack the SHA-1 hashing algorithm. The National Institute of Standards and Technology has known the algorithm has flaws and has been working to replace it. The SHA-3 replacement is due to be announced in 2012. Roth accomplished the task using a GPU cluster in the Amazon EC2 cloud. Using the cluster Roth was able to crack all hashes from a file for passwords in 49 minutes using a brute force attack. However, some security experts believe that the lengths he went to were unnecessary and unimpressive. Paul Ducklin of Sophos pointed out that his Macbook Pro had a similar amount of success as the cluster system used by Roth. Ducklin was also quick to point out that the hashes cracked by Roth were for weak passwords using a weak hashing scheme. We will have to wait until the Black Hat conference to find out all the details.