Forgot your password?
typodupeerror
Security IT

Amazon EC2 Enables Cheap Brute-Force Attacks 212

Posted by timothy
from the this-gun-for-hire dept.
snydeq writes "German white-hat hacker Thomas Roth claims he can crack WPA-PSK-protected networks in six minutes using Amazon EC2 compute power — an attack that would cost him $1.68. The key? Amazon's new cluster GPU instances. 'GPUs are (depending on the algorithm and the implementation) some hundred times faster compared to standard quad-core CPUs when it comes to brute forcing SHA-1 and MD,' Roth explained. GPU-assisted servers were previously available only in supercomputers and not to the public at large, according to Roth; that's changed with EC2. Among the questions Roth's research raises is, what role should Amazon and other public-cloud service providers play in preventing customers from using their services to commit crimes?"
This discussion has been archived. No new comments can be posted.

Amazon EC2 Enables Cheap Brute-Force Attacks

Comments Filter:
  • That's silly. (Score:5, Insightful)

    by DWMorse (1816016) on Thursday January 13, 2011 @05:52PM (#34868774) Homepage

    "what role should Amazon and other public-cloud service providers play in preventing customers from using their services to commit crimes?"

    The same role that Ford Motor Company is responsible to fill in preventing the use of it's vehicles as Getaway cars from scenes of crimes.

    • by Applekid (993327) on Thursday January 13, 2011 @06:25PM (#34869204)

      "what role should Amazon and other public-cloud service providers play in preventing customers from using their services to commit crimes?"

      The same role that Ford Motor Company is responsible to fill in preventing the use of it's vehicles as Getaway cars from scenes of crimes.

      Eh, more like the same role that a chauffeur is responsible to fill in preventing the use of it's driven vehicles as getaway cars from scenes of crimes.

      After all, once Ford makes a car they're done, right? EC2 is continually crunching numbers until it's cracked.

      • Eh, more like the same role that a chauffeur is responsible to fill in preventing the use of it's driven vehicles as getaway cars from scenes of crimes.

        After all, once Ford makes a car they're done, right? EC2 is continually crunching numbers until it's cracked.

        I say they should be the equivalent of a common-carrier. Let the government get a warrant if they want to snoop on the work someone does or to force amazon to cut them off. Otherwise keep on crunching just like the phone company keeps on connecting phone calls of drug dealers.

  • by mlts (1038732) * on Thursday January 13, 2011 @05:53PM (#34868786)

    I wonder with the ways that WPA2-PSK is being eroded, if one should just go with 30+ character long keys. TrueCrypt always recommends to go with 20+ character passphrases and since there isn't much key strengthening with WPA2-PSK, a longer key is a good thing here. My preference is to use a 63 number of letters and digits, and if it gets forgotten, just generate another string and paste it into the router from a machine on the wired network.

    • by 2.7182 (819680)
      I think you point is a good one. Basically, as key lengths get longer for most cryptosystems, the brute force time required grows exponetially (? - or really fast). So I think that this kind of issue, which comes up a lot in tech news lately, can be squashed by making a key length which is not unreasonably long. RSA for example is just not going to be beaten this way. If you find a parallel resource to factor 150 digits numbers, it probably isn't going to be able to handle 200 digit numbers. (Or maybe even
      • Charecter set ^ password length = permutations.
        You're right with exponential growth.

        Just remember that if your password has password dictionary fragments, including all common substitutions, then the length is the number of fragments, not the number of characters.

    • 20-character (Score:5, Informative)

      by Lord Ender (156273) on Thursday January 13, 2011 @06:06PM (#34868976) Homepage

      It's actually 20 random characters that are recommended for use as cryptographic keys. The reason for this is that 20 random keys from the US keyboard has the same number of possible combinations as 128 random bits. If you use anything less than 20 random characters, even if you use a 128-bit encryption algorithm, you won't have 128-bit encryption. The same is true if you use 20 non-random characters. A brute-force attack would try passwords with words or phrases before going for the really random stuff, so you again don't have 128bit encryption.

      Also fun to realize: for every character less than 20, you lose 100x your security. A 19-character password could be cracked in just 1% of the time of a 20-character password. A 10-character password would take .000000000000000001% of the time.

      • Reason is the key you provide isn't used directly on a competent cryptosystem. It takes a hash of the key. So the key is always the requisite number of bits for the system, even if it is actually too long or too short.

        Now you are correct in that shorter keys are faster to crack, however in a system like that you can't just straight out brute force the raw keys. You have to take the passwords, hash them, then test that. That takes longer.

        • Not always. [wikipedia.org]

          Access points use the SSID as the salt, and most APs use common default SSIDs.

          • Not here - most people get their routers from their ISP, and they generate a new SSID for each (ISP name + 4 alphanumeric characters).

        • by Bert64 (520050)

          If you know the source password is less than a certain length (ie less than the keysize), then thats what you attempt to brute force instead of the derived key... Go for whichever (actual key, source password) has the least possible combinations.

        • Wrong. A brute-force attack of crypto cipher created from hashing a password is performed not by going after the hash result, but by going after the password. The computation of the hash from the password is O(1), so it doesn't actually take any longer.

      • by pjt33 (739471)

        There are some fairly notable error margins in your figures. Taking the claim that 20 characters have 128 bits of entropy, we get a character set of size 85, which is plausible (a-zA-Z0-9 plus 23 punctuation marks), but then each character less than 20 loses a factor of 85 rather than 100, and reducing by 10 characters has one fifth of the impact on the key space that you calculate.

        I personally prefer to stick to alphanumerics, avoiding oO0iI1S5Z2. 23 characters gives me more than 128 bits of entropy.

        • You seem to have forgotten that your keyboard has a shift key. There are 96 characters on a US keyboard, not 85. This number is close enough to 100 that my statement is damn accurate.

      • by pclminion (145572)

        What is a "random character?" Is the letter 'c' random? There's no such thing. PROCESSES are random -- values are not. If you took a perfect, uniform random number generator, used it to generate a password, and it spat out "password123456", there would be nothing wrong with that. In fact, if you start imposing rules like "randomly generate a password but then exclude it if it contains an English word" then you are actually HARMING the randomness of your process.

    • by ikkonoishi (674762) on Thursday January 13, 2011 @06:29PM (#34869260) Journal

      I hear that Chuck Norris just uses his name as the key. When anyone tries to crack it their computer catches fire.

      • by jack2000 (1178961)
        It realizes the futility of it's existence and chooses to self terminate before Chuck Norris roundhouse kicks the entire apartment block, house cul-de-sac.
      • I hear that Chuck Norris just uses his name as the key. When anyone tries to crack it their computer catches fire.

        Chuck Norris doesn't need keys. His name is sufficient to tell people to stay away

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      This link has the actual test http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-ec2-gpu-instances/

      Which looks like a single dual fermi EC2 instance gets 250M hashes/sec which is crazy. So assuming you have a 100 instance cluster of them:
      40 bits of random : 43 s (~ 8 chars)
      45 bits of random: 23 mins (~9 chars)
      50 bits of random: 12 hours (~10 chars)
      64 bits of random: 23 years (~13 chars)

      Better start using pwgen 14 for your passwords.. For WPA-PSK I actually use this:

      $ python
      >>> im

      • by AHuxley (892839)
        Thanks for the code, finally a use for terminal in OS X :)
        I wonder if it gets logged? Get the main computer and read the logs for much the crypto used?
      • by X0563511 (793323)

        Just make sure you have a character outside of hexadecimal in your WPA2 key, and it gets hashed up to a full length key anyways.

        • by X0563511 (793323)

          Oops. The article is about WPA, not WPA2.

          Upgrade already, you damn stupid crackheads!

          (random shit for /. filter: lksjdgkhjgjh)

  • Wikileaks (Score:5, Insightful)

    by Sub Zero 992 (947972) on Thursday January 13, 2011 @05:54PM (#34868794) Homepage

    Amazon provide infrastructure services. They need not, should not, must not know or seek to know how these services are used.
    Oh wait, Wikileaks...

    • by TheCarp (96830)

      You forgot one.... cannot.

      Firstly, they can't, reasonably audit all code going into the system by hand. This leaves some sort of automated code check, or monitoring the workloads in some way. Simple size of the workload doesn't help, that could be anything.

      You could watch for library calls to hash functions but, they are easy enough to implement and get around that.

      Even if you could detect the fact that I am hashing strings over and over again, you still wouldn't know why I was doing it. Am I researching ha

  • None? (Score:5, Insightful)

    by kju (327) * on Thursday January 13, 2011 @05:55PM (#34868810)

    They should not take any steps in this direction. We should have learned that. it. just. don't. work. Brute-forcing a hash is not illegal anyway. If the customer of amazon decides to misuse the result, than this is not the responsibility of Amazon. Many services and tools can be abused for crime.

  • Easy answer (Score:5, Insightful)

    by betterunixthanunix (980855) on Thursday January 13, 2011 @05:55PM (#34868812)

    what role should Amazon and other public-cloud service providers play in preventing customers from using their services to commit crimes?"

    No role whatsoever; let law enforcement agencies handle criminal investigations.

  • by BJ_Covert_Action (1499847) on Thursday January 13, 2011 @05:56PM (#34868816) Homepage Journal

    Among the questions Roth's research raises is, what role should Amazon and other public-cloud service providers play in preventing customers from using their services to commit crimes?"

    None whatsoever. Amazon and other service providers are retailers. They are not a police force. If a crime is being committed, let the designated authorities (i.e. cops) investigate it, police it, and arrest the criminal. No business should ever be involved in policing anything. That's a role specially held for the executive branch of governments.

    • Among the questions Roth's research raises is, what role should Amazon and other public-cloud service providers play in preventing customers from using their services to commit crimes?"

      None whatsoever. Amazon and other service providers are retailers. They are not a police force. If a crime is being committed, let the designated authorities (i.e. cops) investigate it, police it, and arrest the criminal. No business should ever be involved in policing anything. That's a role specially held for the executive branch of governments.

      Although I agree with you, the store owner that sold John Wayne Gacy facepaint probably received some unwanted scrutiny after JWG was outed. The person who sold ammo to the guy who gunned down the congresswoman is probably sick of being pursued by TV cameras. Amazon, however only has to face the occasional lawsuit or lawmaking. There are consequences, but no inherent moral or legal obligation.

  • None (Score:2, Redundant)

    by Microlith (54737)

    They cannot arguably be capable of defining what actions being taken with an EC2 instance are and are not crimes, therefore they should not even attempt to do so. It is not, after all, their duty to do so.

    They can refuse service to those who they feel are suspicious, or cut people off if they violate some generic ToS, but surreptitiously cutting in because they think someone is committing a crime (and cracking WPA is not a crime), only runs them the risk of false positives.

    More importantly, if they really f

  • You can buy computer time to compute things! What will they think of next!

  • None. (Score:2, Redundant)

    by harl (84412)

    Breaking news! Tools can be used for anything!
    Do you require pre-approval to use a hammer since it can be used to kill someone? What about the knives in your house?

    Just like the phone company they should pay no attention to what their systems are being used for.

    Trying to police it is a waste of resources. They start looking then people will start obfuscating the data. If I send you a big pile of data in no noticeable format (since I've grabbed only the stuff I need and catted it together) and a bunch of

    • Breaking news! Tools can be used for anything! Do you require pre-approval to use a hammer since it can be used to kill someone? What about the knives in your house?

      Guns, cars, and just about anything else that provides an "obvious" means of inflicting harm on others fall into the same category, but undoubtedly-well-meaning folks always manage to get them regulated.

  • I'm not certain how Amazon would be able to prevent such activity before it happened, aside from code snooping, which is probably in violation of the terms of their services agreement. Perhaps profiling would be in order before accepting someone as a customer, but how would you protect yourself against shell companies acting on behalf of a known abuser? Rather, I think the question should be "how quickly can Amazon react when this occurs".

    ISP's and hosting providers have had to face similar situations for

  • Someone took a password-guessing program and ran it on EC2. Big freaking deal.

    EC2 now offers GPUs. Someone took a GPU-based password-guessing program and ran it on EC2. Big freaking deal.

    True, raw SHA-1 used all by itself is not the thing to generate password hashes with, but this is not a weakness in SHA-1. As the researcher says, it shows merely that SHA-1 is efficient.

    SHA-1 is not weakened, broken, or exploited in this research (it is significantly broken in other ways though).

    Teams were guessing

  • Oh, about 6 seconds for that security travesty, I reckon. 4 seconds, if setup by faulty Windows Admins.

    HA! Mr. T is still laughing at you, only harder this time.

  • Either the guy is lying or the pricing is wrong, from the TFA is says they charge 28 cents a min, but from the amazon ec2 pricing page it says [quote]Pricing is per instance-hour consumed for each instance, from the time an instance is launched until it is terminated. Each partial instance-hour consumed will be billed as a full hour.[/quote]

    also to get 28 cents/min you would need to run 8 instances at $2.10/hour so really he paid $16.80 not $1.68

    • by AHuxley (892839)
      He might have done more math over that hour and the price was for a useful subset of the results?
  • by Opportunist (166417) on Thursday January 13, 2011 @06:24PM (#34869182)

    I would expect Amazon to cooperate with the law enforcement should they discover that their service was abused to commit a crime. But why should they required to "avoid" it? And most of all, how? The only way to really keep people from using that service for criminal means would be to explicitly disallow certain uses and then monitor whether it is used this way. And that in turn raises a question: How? Because one of the core reasons this service is interesting is that it offers cheap calculation power. If you attach a metric ton of red tape and surveillance, it's most likely cheaper and faster to let your old Pentium do it.

  • by b4upoo (166390) on Thursday January 13, 2011 @06:25PM (#34869200)

    Cloud services need to avoid any type of actions that create the illusion that they may be responsible for what users do. As long as they never have any editing of any uses of their product they will probably not be held liable by the courts. In a way it is like the truck driver that opens the trailer door and sees what he is delivering. As long as he does not know what is in the trailer the law will not charge him with transporting illegal or stolen items. Intent and knowledge are locked together. Don't look, don't see and don't know.

  • ... is not a crime!

    • Are you offering to bankroll an upgrade to all deployed products whose WLAN hardware lacks WPA2 support? I didn't think so.
      • by MobyDisk (75490)

        I've actually never seen a WPA network before. I've only ever encountered WEP and WPA2. Is there anywhere that has a large WPA network deployed? WPA was an interum solution intended to work on old WEP hardware.

        That said, another person is claiming this attack works on WPA2 as well, so no win anyway :)

    • by rduke15 (721841)

      If using TKIP/PSK (like most home users, and all my neighbours), there is no difference [wpacracker.com]:

      "But I use WPA2 so it's cool right?

      Actually, while WPA2 introduced CCMP mode as a replacement for the problematic TKIP, when run with authentication based on Pre-Shared Keys (PSK), it is still vulnerable to dictionary attacks. Our service works against both WPA and WPA2 when PSK is being used. "

      • by arose (644256)
        Everything that uses passwords is "vulnerable" to dictionary attacks. That doesn't really say anything.
  • by igb (28052) on Thursday January 13, 2011 @06:45PM (#34869480)
    The basic story is slightly hysterical. Firstly, WPA2 does use a multiple-iteration key derivation function. Secondly, even with the claimed performance, he can only "brute force" five or six characters, depending on the character set in use. It's enough performance to deal with dictionary words, because, indeed, it's a dictionary attack. But even at 400K password derivations per second (ie 400M SHA-1 hashes per second), eight random characters drawn from the 96 character printable ASCII repertoire are going to take 571 years to perform a brute force attack on, or an average time to success of 285 years. Don't like the odds? My home network uses 12 characters drawn from a 64 character set (ie base 64 encoding), which needs 374 million years (average 167 million) at that performance. Do I give a shit if that number gets reduced by a few orders of magnitude? Not really: I can always move to 15 characters...
    • by Mysteray (713473)

      The great majority of passwords don't have anywhere close to the entropy of "eight random characters drawn from the 96 character printable ASCII repertoire". Probably a great many passwords can be successfully guessed in a reasonable amount of time at 400K trials per second.

      here [korelogic.com] are the results from the last Defcon 18 contest.

      • by Haeleth (414428)

        Passwords, yes. But there is a good reason to keep passwords short: one has to type them in regularly. Wifi passphrases are things one generally only ever types in once,* so there is no reason not to make them as long as the OS will allow. Mine is over 40 characters long; it has some structure in order to be memorable, but I don't think anyone will brute force it in the near future.

        * Or twice, if you are using an obsolete and poorly designed operating system.

  • by carrier lost (222597) on Thursday January 13, 2011 @06:49PM (#34869556) Homepage

    ...should Amazon and other public-cloud service providers [be liable for] customers [...] using their services to commit crimes?

    • MPAA/RIAA - If it aids in file-sharing, then Amazon should be charged $6M for each infringement
    • Washington - If it aids in leaking US data, then Amazon should be "extraordinarily rendered"
    • Wall Street - If aids the banks in looting the world's economies, then Amazon should get a $300M bonus.

    Hope this helps...

  • by gweihir (88907) on Thursday January 13, 2011 @07:02PM (#34869762)

    The problem, as one of the referenced articles points out ans as has been known in the crypto-community for a long time, is fast key-derivation functions. Even the original UNIX password encryption function already took that into account and iterated the key derivation function to make attacks take longer. Typical methods used today for example iterate a second or so on the target CPU. This is a compromise between needing one second per unlock and requiring one second per brute-force attempt on an equivalent CPU. GPUs still make that attempt problemantic, but one application of SHA1 takes something like 0.1 microsecond on a modern CPU, so it should at least be iterated 10'000'000 times or so. Even with that, SHA1 is a bad choice, as it is too simple. Use something that requires a full-blown CPU to work and that a GPU cannot easily do. Of course, high-entropy passwords also help a lot by enlarging the search space.

    But in essence, EC2 GPU instances can only break Crypto for cheap that was badly implemented anyways. That is not really a surprise. There are far too many people out there that do crypto without even understanding the attack possibility, let alone being cryptographers.

  • Make it illegal, and people will stop doing it.

    That notion has universal appeal. It is simple enough that practically all voters understand it. It is compatible with most people's moral code, at least in principle. It lends itself very easily to law-and-order populism and electioneering, and of course anything that increases the use of police forces and prisons is popular with several major lobbying organizations. One problem, though: it only occasionally works. This is aside from any legal and civil rig
  • According to the back of this envelope, an eight digit upper case alphabetic key would take a worst case of $2436.32 for his algorithm to crack. What sort of shitty pre-shared key is he attacking? Or is my envelope wrong and I suck?

  • People need to stop using non-random passwords for WPA2-PSK. This attack sounds like a dictionary attack, because there is no way at only 400k passwords per second that he could map more than a minuscule fraction of the 2^256 key keyspace. We are talking 1e77 potential passwords. At 400k/sec that only amounts to 1e13 passwords per year. It will still take 1e64 years to break. Since the universe is only ~1.5e10 years old, I think we are safe enough from a true brute force attack.

    Of course that assumes peo

With all the fancy scientists in the world, why can't they just once build a nuclear balm?

Working...