Hacker to Expose Wi-Fi Flaw Using Amazon EC2

At next week's Black Hat conference, security expert reportedly plans to divulge method for breaking wireless networking passwords through brute force attack.

Security best practices dictate that Wi-Fi networks should be locked down with a password. And that's enough, right?

Perhaps not, as attendees at the Black Hat security conference could learn in Washington, D.C., next week.

A German security researcher has reportedly devised a way to marshal the power of Amazon's Elastic Compute Cloud to overwhelm a secured wireless network to crack passwords and gain access in a so-called brute force attack.

Through a combination of clustered nVidia graphics processors available through Amazon's EC2 services, security consultant Thomas Roth was apparently able to comb through 400,000 possible passwords in a second in a demonstration of the vulnerability of the SHA-1 Secure Hash Algorithm.

"SHA-1 was never made to store passwords. [It] is a hash algorithm ... made for verifying data. It was made to be as fast and as collision free as possible, and that's the problem when using it for storing passwords: It's too fast," Roth said. eSecurity Planet has the story.