SHA-1 Exploit By Thomas Roth: Cloud Services And Wireless Security

A hacker claims he's used Amazon's cloud services to bust open SHA-1, a wireless network security standard, and he says he'll be demonstrating his process at an upcoming Black Hat get-together. Malicious hackers could quickly set up brute-force attack systems using the cloud, but critics say real-world password cracks might not come so easily. German hacker Thomas Roth's announcement that he used Amazon.com's (Nasdaq: AMZN) cloud service to crack a wireless network security standard has left some security researchers scratching their heads. Others are merely shaking them in disbelief.

That attack was launched against the SHA-1 hash algorithm.

Roth's conclusions are that the SHA-1 algorithm is not fit for password hashing, and the compute power offered by cloud services makes it cheap and easy to launch brute-force attacks on passwords.

However, it's been known since 2005 that the SHA-1 algorithm has flaws, and the National Institute of Standards and Technology is seeking to replace it.

The link for this article located at Tech News World is no longer available.