Amazon EC2 Enables Cheap Brute-Force Attacks 212
snydeq writes "German white-hat hacker Thomas Roth claims he can crack WPA-PSK-protected networks in six minutes using Amazon EC2 compute power — an attack that would cost him $1.68. The key? Amazon's new cluster GPU instances. 'GPUs are (depending on the algorithm and the implementation) some hundred times faster compared to standard quad-core CPUs when it comes to brute forcing SHA-1 and MD,' Roth explained. GPU-assisted servers were previously available only in supercomputers and not to the public at large, according to Roth; that's changed with EC2. Among the questions Roth's research raises is, what role should Amazon and other public-cloud service providers play in preventing customers from using their services to commit crimes?"
Re:Wonder how safe longer keys are... (Score:2, Interesting)
This link has the actual test http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-ec2-gpu-instances/
Which looks like a single dual fermi EC2 instance gets 250M hashes/sec which is crazy. So assuming you have a 100 instance cluster of them:
40 bits of random : 43 s (~ 8 chars)
45 bits of random: 23 mins (~9 chars)
50 bits of random: 12 hours (~10 chars)
64 bits of random: 23 years (~13 chars)
Better start using pwgen 14 for your passwords.. For WPA-PSK I actually use this:
$ python
>>> import base64
>>> base64.encodestring(file("/dev/urandom").read(128/8));
'HZE6Ka6GeO3OT23ay2G0Ww==\n'
Which isn't going to be reversed without breaking sha1.
Re:That's silly. (Score:2, Interesting)
This would be like Ford giving road-side assistance during a heist.
No, it's like Jared Loughner taking a taxi to the site of his shooting spree:
http://www.nytimes.com/2011/01/11/us/11taxi.html?partner=rss&emc=rss [nytimes.com]
The taxi driver is just providing his usual service at his usual price and has no indication that a crime is going to be committed.
Similarly, Amazon knows you're doing a lot of heavy computation, but that is one of the reasons someone would use Amazon EC2.
This is wildly overstated as a risk (Score:5, Interesting)
Re:Why use EC2? (Score:5, Interesting)