14 DAY TRIAL // A German security researcher plans to release a tool that can crack WPA wireless network keys by leveraging Amazon's Elastic Compute Cloud (EC2) service at the upcoming Black Hat DC 2011 security conference.
Thomas Roth, who works as a computer security consultant in Cologne, Germany, says that his custom software is capable of executing brute force attacks at a speed of 400,000 attempts/second.
He hopes that until the security conference next week, when he also plans to do a demonstration, he'll manage to ramp up the software's speed to 1,000,000 password tries per second.
It's a known fact that any type of password is theoretically vulnerable to brute forcing, but the success of such attacks is highly dependent on available computing power.
If the password is strong enough it can take too much time to recover or it can cost too much to acquire the equipment that can do it in a reasonable time frame.
But cloud computing services like Amazon's EC2 solve that problem. They allow people to lease time on very powerful computers for relatively little costs.
This is not the first time when someone uses cloud computing to improve password cracking, but Roth plans to leverage Amazon's recently added high performance GPU cluster instances.
GPUs are much more suitable than CPUs for brute force-like operations. In November, the researcher tested the new Amazon EC2 Cluster GPU Instances by breaking SHA1 hashes.
In his current tests, the software manages to crack a WPA-PSK handshakes in around 20 minutes, which at 28 cents per minute, brings the total cost to $5.6. If he manages to improve the speed WPA password cracking on Amazon EC2 could cost as low as $1.7.
"The results of my work and the tool that I developed to do this will be released as part of the talk, so that everyone will be able to start his own cluster in the cloud and get some impression on what can be done using the latest high performance computing possibilities," Roth writes on his blog.