A German IT expert has cracked the password of its wireless neighbors within 20 minutes. When computationally intensive attack him a service by Amazon helped, for two dollars an hour, the Group leased supercomputer at all. How much computing power you would you like? The wonder companies like Amazon, Google and Microsoft when they promote the so-called cloud computing.
The arithmetic works in the cloud follows: A user rents dozens, hundreds or thousands of computers that are in a huge data center. He can install their own software on these computers and simulate, for example, how a new components are designed for a car engine before it can withstand the mechanical loads.
Cloud computing can be very lucrative for companies: instead of a data center to run itself, whose capacity is already used rarely rent, they are fast PC for the price of one to two dollars per hour. You only pay the actual computing time. But with the enormous computing power from the grid, you can still do very different things - for example, cracking passwords.
In the Cologne-based IT security expert Thomas Roth reported in the next week at the Black Hat hacker conference in 2011 in Washington DC. Roth, who is interested in his own words for everything to hack what you have tried to establish whether and how quickly see with Cloud Computing WiFi passwords.
Anyone who knows the password of another W-Lans, then auspionieren not only its users but also start undetected attacks on foreign servers or illegal downloads. For wireless networks are different encryption: WEP has long been outdated, because it is unsafe. WPA and the newer WPA2 are much safer.
Experts recommend using WPA2 if possible. Because the support but not all the devices, often remains only WPA. Two dollars a password can be cracked with enough computing power, in principle, any encryption. Since a brute-force attack systematically the hundreds of thousands of passwords, but they are tried sometimes would take years, EPA previously considered relatively secure.
But with the availability of cloud computing, the situation has changed. A service called WPACracker makes 400 computers at the same time expect Amazon to hack the encryption. Such a computer Armada Roth needed for his experiment, not to the wireless password crack of his neighbor (with his approval).
The Cologne rented a single so-called cluster GPU Instance, which consists of two Intel Xeon processors and two of fast graphics processors from Nvidia (Tesla GPU-M2050). Such a system can crack the password hundreds of times faster than a conventional quad-core processor. After Roth's information, it took 20 minutes to find the WPA password of his neighbors.
Amazon charges for the use of the extremely fast GPU instances 28 U.S. cents per minute. By improving the software thinks Roth to create the calculation in just six minutes. This represents a price of less than two dollars a password. After his presentation at the Black Hat conference in Cologne would publish its software in the network.
The IT expert will with his work do not encourage such criminal action, but awareness rather administrators: "People tell me it was not possible to crack WPA," the news agency Reuters, "And if they do, then it would cost a fortune . But it is now relatively easy to launch a brute-force attack.
Amazon reacted relatively calmly to the use of its cloud services to the password-cracking. Researchers would often use the computers to show how to improve the security of systems. It would be a violation of terms of use, if you were without authority to compromise the security of a network, said a company spokesman.
The software has been tried in cracking other 70 million words from a dictionary. Roth's method is not without limits: not looking I may be too long. EPA permits key lengths up to 63 characters. Anyone who chooses such as a password of 20 characters that appear in the no terms from dictionaries, but upper and lower case letters and special characters, must make no immediate worries.
The arithmetic works in the cloud follows: A user rents dozens, hundreds or thousands of computers that are in a huge data center. He can install their own software on these computers and simulate, for example, how a new components are designed for a car engine before it can withstand the mechanical loads.
Cloud computing can be very lucrative for companies: instead of a data center to run itself, whose capacity is already used rarely rent, they are fast PC for the price of one to two dollars per hour. You only pay the actual computing time. But with the enormous computing power from the grid, you can still do very different things - for example, cracking passwords.
In the Cologne-based IT security expert Thomas Roth reported in the next week at the Black Hat hacker conference in 2011 in Washington DC. Roth, who is interested in his own words for everything to hack what you have tried to establish whether and how quickly see with Cloud Computing WiFi passwords.
Anyone who knows the password of another W-Lans, then auspionieren not only its users but also start undetected attacks on foreign servers or illegal downloads. For wireless networks are different encryption: WEP has long been outdated, because it is unsafe. WPA and the newer WPA2 are much safer.
Experts recommend using WPA2 if possible. Because the support but not all the devices, often remains only WPA. Two dollars a password can be cracked with enough computing power, in principle, any encryption. Since a brute-force attack systematically the hundreds of thousands of passwords, but they are tried sometimes would take years, EPA previously considered relatively secure.
But with the availability of cloud computing, the situation has changed. A service called WPACracker makes 400 computers at the same time expect Amazon to hack the encryption. Such a computer Armada Roth needed for his experiment, not to the wireless password crack of his neighbor (with his approval).
The Cologne rented a single so-called cluster GPU Instance, which consists of two Intel Xeon processors and two of fast graphics processors from Nvidia (Tesla GPU-M2050). Such a system can crack the password hundreds of times faster than a conventional quad-core processor. After Roth's information, it took 20 minutes to find the WPA password of his neighbors.
Amazon charges for the use of the extremely fast GPU instances 28 U.S. cents per minute. By improving the software thinks Roth to create the calculation in just six minutes. This represents a price of less than two dollars a password. After his presentation at the Black Hat conference in Cologne would publish its software in the network.
The IT expert will with his work do not encourage such criminal action, but awareness rather administrators: "People tell me it was not possible to crack WPA," the news agency Reuters, "And if they do, then it would cost a fortune . But it is now relatively easy to launch a brute-force attack.
Amazon reacted relatively calmly to the use of its cloud services to the password-cracking. Researchers would often use the computers to show how to improve the security of systems. It would be a violation of terms of use, if you were without authority to compromise the security of a network, said a company spokesman.
The software has been tried in cracking other 70 million words from a dictionary. Roth's method is not without limits: not looking I may be too long. EPA permits key lengths up to 63 characters. Anyone who chooses such as a password of 20 characters that appear in the no terms from dictionaries, but upper and lower case letters and special characters, must make no immediate worries.
- Interview about cognitive cities (Convention Camp) (18/11/2010)
- Facebook Backer Digital Sky Lures Wall Street to Silicon Valley (04/01/2011)
- What country is the Amazon located in? (12/01/2011)
- Amazon Stops Selling Book On How To Game Amazon (11/01/2011)
- Amazon Firefox Toolbar - Alert Yourself On Products To Promote (14/01/2011)
No comments:
Post a Comment