Roth has created a programme that runs on Amazon's Elastic Cloud Computing (EC2) system. It uses the massive computing ability of EC2 to run through 400,000 possible passwords per second, a staggering amount, hitherto unheard of exterior supercomputing circles--and real probable made possible because EC2 instantly allows graphics processing units (GPUs) to live used for computational tasks. Among other things, these are specially suited to password slap-up tasks.
In other words, this isn't a clever or elegant hack, as well as it doesn't rely on a flaw inwards wireless networking technology. Roth's software only generates millions of passphrases, encrypts them, as well as sees if they allow access to the network.
However, employing the theoretically infinite resources of cloud computing to beast strength a password is the clever part.
Purchasing the computers to run such a cleft would toll tens of thousands of dollars, but Roth claims that a typical wireless password tin dismiss live guessed past times EC2 as well as his software inwards nearly half dozen minutes. He proved this past times hacking networks inwards the expanse where he lives. The type of EC2 computers used inwards the ready on costs 28 cents per minute, thence $1.68 is all it could own got to lay opened upward a wireless network.
Roth intends to brand his software publicly available, as well as volition before long acquaint his question to the Black Hat conference inwards Washington, D.C.
Using EC2 for such ends would live against Amazon's damage of use, of course, but Reuters quotes Amazon spokesman Drew Herdener as proverb that if Roth's tool is used only for testing purposes, everything's inwards a higher identify board.
Roth's intention is to demo that wireless computing that relies on the pre-shared key (WPA-PSK) organisation for protection is fundamentally insecure. The WPA-PSK system is typically used past times habitation users as well as smaller businesses, which lack the resources to invest inwards the to a greater extent than secure but complicated 802.1X authentication server system.
WPA-PSK relies on administators setting a passphrase of upward to 63 characters (or 64 hexadecimal digits). Anybody amongst the passphrase tin dismiss gain access to the network. The passphrase tin dismiss include most ASCII characters, including spaces.
WPA-PSK is believed to live secure because the computing ability needed to run through all the possibilities of passphrases is huge. Roth's decision is that cloud computing way that form of computing ability exists correct now, at to the lowest degree for weak passwords, as well as is non fifty-fifty prohibitively inexpensive.
In other words, if your network relies on WPA-PSK, its fourth dimension to banking concern represent that passphrase. It's claimed that upward to twenty characters are plenty to create an uncrackable passphrase, but the to a greater extent than characters yous tin dismiss include inwards the passphrase, the stronger it volition be. It should live noted that Roth real in all likelihood cracked opened upward networks amongst brusque passwords.
Include a proficient diverseness of symbols, letters as well as numbers inwards the passphrase, as well as alter it regularly--monthly, if non weekly. Don't job words yous powerfulness detect inwards a dictionary, or whatever words that are constructed cunningly past times replacing letters amongst numbers (that is, passwords similar "n1c3"); hackers are way ahead of yous on such "substitution" tricks.
Passphrases constructed similar this are effectively impossible for computers to justice past times beast force, fifty-fifty past times cloud computing systems running Roth's software, due to the sum of fourth dimension it would take.
Because WPA-PSK is also calculated using the service ready identifier (SSID, or base of operations station name) of the wireless router, it also makes feel to personalize this as well as ensure it isn't using the default setting (usually the manufacturer's name). This volition protect yous against so-called "rainbow" attacks, which rely on a look-up tabular array of mutual SSIDs.
News Source : Google
Share This :
comment 0 Comments
more_vert