WPA-PSK password cracked with Amazon Cloud for $5.60

Discussion in 'other security issues & news' started by Baserk, Jan 11, 2011.

Thread Status:
Not open for further replies.
  1. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    '(Reuters) - A security researcher says he has figured out a quick and inexpensive way to break a commonly used form of password protection for wireless networks using powerful computers that anybody can lease from Amazon.com Inc over the Web.

    Thomas Roth, a computer security consultant based in Cologne, Germany, says he can hack into protected networks using specialized software that he has written that runs on Amazon's cloud-based computers. It tests 400,000 potential passwords per second using Amazon's high-speed computers.
    '

    Reuters article link

    Thomas Roth website stacksmashing.net link
     
    Last edited: Jan 11, 2011
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Unfortunately the article doesn't say whether its WPA-TKIP or WPA-AES.
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    It would be interesting to know the length of the passwords broken. Not sure if it can brute force a 63 char password
     
  4. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    I may be missing something, but it seems the title is very misleading. This method did not "break" or "crack" WPA-PSK. Rather it appears the "researcher" employed an old-hat brute-force attack using a new tool, being the Amazon cloud.

    A brute-force is a brute-force is a brute-force. The revelation here is not that brute force attacks have become hugely more successful, but rather there's a new computational option for executing a brute-force attack.

    "400,000 potential passwords per second" doesn't sound very impressive to me. According to this website, a mere 8-character password using mixed upper and lower case alphabet plus numbers and common symbols has roughly 7.2 Quadrillion possible combinations. That'll take many, many years of automated guessing.

    http://www.lockdown.co.uk/?pg=combi

    My home network uses a "random" 63-character password "only" using upper and lower-case alphabetic characters plus numbers. Plugging this into Google tells me 400,000 guesses at my password per second will take until the end of time.
    (((((62^63) / 400 000) / 60) / 60) / 24) / 365.25 = 6.59952199 × 10^99 years
    I Am Not An Encrytion Expert, so I wonder if I am missing something.
     
    Last edited: Jan 11, 2011
  5. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    So the guy can use a cluster of machines to speed up a brute force attack. It would still take it 5.58 x 10^22 years to crack a 20 character long password consisting of upper/lower letters and numbers.

    In other news the sky is blue....
     
  6. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    And when Amazon catches on to a bunch of would be hackers abusing their network...?

    Me thinks it will not take too many attempted uses to have this resource eliminated.

    JMHO
    Mike
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.