

Researcher cracks Wi-Fi passwords with Amazon cloud - KiwiNige
http://www.theregister.co.uk/2011/01/11/amazon_cloud_wifi_cracking/

======
ck2
Not judging but I love how the term "researcher" has been adopted as a way to
guise whitehat activities.

I wish I could use that to get out of speeding tickets

 _"Officer I am just a researcher and trying to determine if the 55mph speed
limit sign is really the law and if it's possible to break it"_

~~~
JoachimSchipper
Meh, as long as you're only picking your own locks, who cares? (And yes, there
are people who pick locks for fun.)

~~~
ck2
Yup, they found the kyrptonite lock bic pen loophole and made a whole bunch of
bikes more safe today. But they also educated a whole bunch of dumb thieves
who didn't know in the first place (the smart thieves knew but they are far
more rare). So it's always a mixed bag.

Still, in the end I'd rather know about security problems even if it means the
"bad guys" get told at the same time, otherwise you just have security
theater.

------
dmfdmf
Is this some kind of artificial test or is it a real issue? What I mean is
that the article mentions running through about 400,000 passwords per second
and the hack took 20 minutes. But wouldn't most servers or routers block the
user out after so many failed logins? How do they get around that?

~~~
forensic
You don't actually send 400,000 passwords to the server. You capture legit
packets traveling between the access point and an authorized user and then run
your brute force algo on their encryption.

------
drivebyacct2
Wasn't this done months ago? (/me looks for the article)

Well, this was more generic: <http://news.ycombinator.com/item?id=1907513>

Oh, it was over a year ago:
[http://it.slashdot.org/story/09/12/07/2322235/WPA-PSK-
Cracki...](http://it.slashdot.org/story/09/12/07/2322235/WPA-PSK-Cracking-As-
a-Service?from=rss)

~~~
ErrantX
In the nicest way possible, this is probably just an ad piece for his service
(<http://www.wpacracker.com/>) It has been possible to brute force WPA-PSK for
ages, you just needed a lot of computing power. It appears he did this with a
dictionary attack, not bruteforce (see:
[http://www.h-online.com/security/news/item/Cracking-WPA-
keys...](http://www.h-online.com/security/news/item/Cracking-WPA-keys-in-the-
cloud-1168636.html)) and, so, it is no wonder it was fast - but that is
limited.

EC2 is an option, sure, but it's going to get expensive for commercial
purposes. (I have issues with their costings... if it took 20 minutes, even
using just one instance that would be.. $5.60, and other sources state he used
many more than one :D EDIT: ah, sorry, he did use one instance and they are
talking about his "6 minute" promise. Still, nothing you couldn't do on a
decently fast "local" machine for cheaper)

We ran some trials with EC2 and the cost starts to mount for anything complex.
A few of racks of meaty servers is, if you have a volume of work, is a cheaper
investment.

Ultimately it looks like he is dealing with dictionary work - which is fine
(and does work well). But will quickly fail with anyone competent (I going to
hazard a rough guess of about 25% of the time based on my experience), which
is where work with pre-computed tables and bruteforcing comes into play.

I'm not sure there is much substance to this story, sadly.

~~~
burgerbrain
wpacracker.com is run by Moxie Marlinspike, not this Thomas Roth. (and no,
Thomas Roth is not his real name). Furthermore I can't find any link between
this (or the others) news article and Moxie's wpacracker.com, and I can't
figure out why he would only be presenting wpacracker at blackhat now.

~~~
ErrantX
Ah sorry. I got the impression there was a link die to how it was presented.

