Security best practices dictate that Wi-Fi networks should be locked down with a password. And that’s enough, right?
Perhaps not, as attendees at the Black Hat security conference could learn in Washington, D.C., next week.
A German security researcher has reportedly devised a way to marshal the power of Amazon’s Elastic Compute Cloud to overwhelm a secured wireless network to crack passwords and gain access in a so-called brute force attack.
Through a combination of clustered nVidia graphics processors available through Amazon’s EC2 services, security consultant Thomas Roth was apparently able to comb through 400,000 possible passwords in a second in a demonstration of the vulnerability of the SHA-1 Secure Hash Algorithm.
“SHA-1 was never made to store passwords. [It] is a hash algorithm … made for verifying data. It was made to be as fast and as collision free as possible, and that’s the problem when using it for storing passwords: It’s too fast,” Roth said. eSecurity Planet has the story.