Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking

    Amazon EC2 Used to Crack Password Encryption on Wireless Networks

    Written by

    Fahmida Y. Rashid
    Published January 10, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Specialized software running over Amazon’s cloud services can be used to crack passwords on wireless networks, said a German security researcher on Jan. 7.

      Thomas Roth, a security and software engineering consultant at Lanworks AG, in Cologne, Germany, will be publicizing his research at the Black Hat conference in Washington, D.C., Jan. 16-17.

      According to Reuters, the password-cracking software on Amazon’s servers took about 20 minutes of processing time to break into a WPA-PSK protected wireless network in Roth’s neighborhood. Since then, he has updated the tool to cut down processing time to 6 minutes.

      “People tell me there is no possible way to break WPA, or, if it were possible, it would cost you a ton of money to do so,” he told Reuters.

      WPA-PSK scrambles data flowing on wireless networks using a single password. Once the intruder figures out the password, the network is wide open. The most commonly used encryption for wireless networks, WPA-PSK, can be cracked if the attacker has enough powerful computers testing password combinations, said Roth.

      His password-cracking software employs a “brute force” attack, where passwords are deciphered by successively varying combinations of numbers and digits. Weak passwords that are “too short and simple” are particularly vulnerable to this kind of technique, Roth told eWEEK.

      “If you’re using easy words or sentences, it’s pretty likely that it’s in a wordlist,” he said in an e-mail to eWEEK.

      Roth’s password-cracking software can test 400,000 potential passwords per second using Amazon’s cloud clusters, according to Reuters.

      Anyone can lease computers on Amazon Web Services or Elastic Computing Cloud, which is an inexpensive way to obtain the required processing power. Amazon charged 28 cents a minute for the computers Roth deployed in his research.

      “Just imagine a whole cluster of these machines cracking passwords for you, which is now easy for anybody to do, thanks to Amazon,” Roth wrote on his site, where he discusses using the cloud to accelerate the time needed to break encryption algorithms.

      Using brute force to find passwords has long been assumed to be too expensive to be widespread because of the costs of obtaining and maintaining the powerful equipment necessary to run the calculations.

      Roth will discuss his research at Black Hat later this month to convince network administrators that WPA-PSK is not strong enough to keep out intruders and that they should be using stronger encryption algorithms.

      “Once you are in, you can do everything you can do if you are connected to the network,” he said.

      The existence of the tool does not violate Amazon’s usage policies, Drew Herdener, an Amazon spokesperson, told Reuters. “Testing is an excellent use of AWS,” Herdener said, as Roth’s research can be used to “show how the security of some network configurations can be improved,” he said. It would be a violation of the site’s usage policies if the software was used to actually break into a network without the permission of its owner, he said.

      Roth told eWEEK in an e-mail that he had permission from his neighbor to perform the attack.

      Herdener also noted that Roth’s research isn’t “predicated” on using Amazon EC and can be used on any cloud service. There is ample evidence that criminals can lease botnets very cheaply as well.

      This isn’t the first time Roth has used Amazon’s cloud services to prove that inexpensive cloud computing services make it easier and faster for hackers to crack encryptions and passwords. Using a cluster he rented from Amazon for $2.10 per hour, he was able to break the SHA1 encryption algorithm to decipher 14 passwords in 49 minutes in November.

      Even though SHA1, developed by the National Security Agency, has been deprecated in favor of the stronger SHA2 algorithm, it is still commonly used, he said.

      He also noted on Twitter that even though hash algorithms like SHA1 are not intended to be used as passwords, the recent breaches at Gawker and Mozilla indicate that plenty of administrators are doing so. Both Gawker and Mozilla used MD5 hash to store passwords.

      Amazon is “providing a pretty comfortable and large-scale password-cracking facility for everybody,” Roth said.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.