Jan 16, 2011 7:02 PM

Cloud shatters passwords.

*Gee. How handy.

Date: Wed, 12 Jan 2011 1:58:26 PST
From: "Peter G. Neumann"
Subject: Caveman: Using the cloud to break passwords

[Thanks to Jeremy Epstein and Matthew Kruk.]

Dan Goodin in San Francisco, Researcher cracks Wi-Fi passwords
with Amazon cloud: Return of the Caveman attack, *The Register*, 11 Jan 2011
http://www.theregister.co.uk/2011/01/11/amazon_cloud_wifi_cracking/

A security researcher has tapped Amazon's cloud computing service to crack
Wi-Fi passwords in a fraction of the time and for a fraction of the cost of
using his own gear. Thomas Roth of Cologne, Germany told Reuters [1] he
used custom software running on Amazon's Elastic Compute Cloud service to
break into a WPA-PSK protected network in about 20 minutes. With refinements
to his program, he said he could shave the time to about six minutes. With
EC2 computers available for 28 cents per minute, the cost of the crack came
to just $1.68. "People tell me there is no possible way to break WPA, or,
if it were possible, it would cost you a ton of money to do so," Roth told
the news service. "But it is easy to brute force them."

Roth is the same researcher who in November used Amazon's cloud to brute
force SHA-1 hashes [2]. Roth said he cracked 14 hashes from a 160-bit SHA-1
hash with a password of between one and six characters in about 49
minutes. He told The Register at the time he'd be able to significantly
reduce that time with minor tweaks to his software, which made use of
"Cluster GPU Instances" of the EC2 service [3].

As the term suggests, brute force cracks are among the least sophisticated
means of gaining unauthorized access to a network. Rather than exploit
weaknesses, they try huge numbers of possible passwords until the right
phrase is entered. Roth has combined this caveman approach with a highly
innovative technique that applies it to extremely powerful servers that
anyone can rent at highly affordable rates.

Roth's latest program uses EC2 to run through 400,000 possible passwords per
second, a massive amount that only a few years ago would have required the
resources of a supercomputer. He is scheduled to present his findings [4] at
next week's Black Hat security conference in Washington, DC.

http://uk.reuters.com/article/idUKTRE70641M20110107
http://www.theregister.co.uk/2010/11/18/amazon_cloud_sha_password_hack/
https://aws.amazon.com/ec2/
http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Roth

Your Vape Wants to Know How Old You Are

Companies hope that biometric age-verification tech in cartridges could put flavored vapes back in business. But it's unlikely to solve the real problems.

Boone Ashworth

Exclusive LegalZoom Promo Code for 10% Off Services for April

Save on top services at LegalZoom, like LLC registration, incorporation, estate plans, and more with coupons and deals from WIRED.

Parker Hall

FCC Enforcement Chief Offered to Help Brendan Carr Target Disney, Records Show

Last year, as FCC chair Brendan Carr threatened ABC over a Jimmy Kimmel monolog, a civil servant overseeing West Coast stations privately pledged support, according to emails obtained by WIRED.

Dell Cameron

Livestream Replay: The War Machine

A panel of WIRED experts dissected the defense tech industry’s impact on modern warfare.

Tim Marchman

US Takes Down Botnets Used in Record-Breaking Cyberattacks

The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.

Andy Greenberg

Nobody Knows How to File Taxes on Prediction Market Wins

Americans flocked to prediction markets last year. Now, it’s time to pay taxes on winnings. How do you do that? Great question.

Kate Knibbs

The Trajectory of the Artemis II Moon Mission Is a Feat of Engineering

The astronauts will arrive about 10,300 kilometers beyond our satellite, breaking all previous records for distance from Earth. But how was their route chosen?

Luca Nardi

Anduril Wants to Own the Future of War Tech. Mishaps, Delays, and Challenges Abound

From drones to missiles to submarines, the $30.5 billion defense startup wants to transform how the tools of war are made. It’s not all going as planned.

Paresh Dave

Uncanny Valley: OpenAI and Musk Fight Again; DOJ Mishandles Voter Data; Artemis II Comes Home

In this episode, the hosts discuss the fight between OpenAI and Elon Musk, the misuse of voter data, and Artemis II’s moonshot.

Brian Barrett

Arm’s CEO Insists the Market Needs His New CPU. It Could Piss Everyone Off

Arm just confirmed the rumors: It’s producing its own chip for the first time. CEO Rene Haas explains why this won’t alienate the many chipmakers who license the company’s designs.

Lauren Goode

Even Artemis II Astronauts Have Microsoft Outlook Problems

The mission commander’s email inbox failed during the journey to the moon. Have they tried turning the computer off and back on again?

Jeremy White

A Billionaire-Backed Startup Wants to Grow 'Organ Sacks' to Replace Animal Testing

R3 Bio has a bold idea for replacing lab animals: genetically-engineered whole organ systems that lack a brain. The long-term goal, says a cofounder, is to make human versions.

Emily Mullin