Slashdot Mirror

← Back to Stories (view on slashdot.org)

WPA/WPA2 Cracking With CPUs, GPUs, and the Cloud

Posted by CmdrTaco on from the its-different-cuz-its-cloudy dept.

wintertargeter writes "Yeah, it's another article on security, but this time we finally get a complete picture. Tom's Hardware looks at WPA/WPA2 brute-force cracking with CPUs, GPUs, and Amazon's Nvidia Tesla-based EC2 cloud servers. Verdict? WPA/WPA2 is pretty damn secure. Now to wait for a side-channel attack. Sigh...."

22 of 106 comments (clear)

  1. brute farce by constpointertoconst · · Score: 2

    Secure from brute force attacks != secure. Hello, exploits!

    http://www.wi-fiplanet.com/news/article.php/3784251/WPA-Vulnerability-Discovered.htm

    1. Re:brute farce by Hatta · · Score: 3, Insightful

      That's why we use WPA2/AES.

      --
      Give me Classic Slashdot or give me death!
  2. The Only Solution by MightyMartian · · Score: 5, Insightful

    Ultimately the only solution is to have a segregated WiFi network. I've set one up in one of our offices, with the others to follow soon. If one our workers needs to access internal network resources from our WiFi network, he's got to do what he'd do if he was in a coffee shop or an airport, establish a VPN connection to the internal network. There simply isn't any other solution so far as I can tell. You have to treat WiFi as a potentially hostile entry point.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
    1. Re:The Only Solution by omglolbah · · Score: 2

      That requires physical access to the corporate office though.
      Wireless doesnt.

      Most places that is a fairly important difference.

    2. Re:The Only Solution by h4rr4r · · Score: 5, Insightful

      Anyone with a set of overalls a handtruck/cart and a cardboard box can get into pretty much any office.

    3. Re:The Only Solution by localman57 · · Score: 2

      The other thing, is that if somebody hacks you from outside, it's your fault. If they hack you from inside, it's whoever let them in's fault.

    4. Re:The Only Solution by h4rr4r · · Score: 5, Funny

      Nope, just had to chase a verizon man out of my server room a couple weeks ago.

      The receptionist let him in because it said verizon on his jacket and someone kept letting him through doors after that. He was on the wrong floor and would have disconnected live equipment had I not chased him our with a rack rail.

    5. Re:The Only Solution by Surt · · Score: 2

      Whether or not he's been watching too much Burn Notice, Burn Notice is right about that one. You can get into about 90% of offices that way. It's actually happened (twice!) at mine, and the building is poorly designed (as recently as 20 years ago!), so improving security is difficult. Anything older than 15 years (pre-9/11) is probably similarly difficult to physically secure.

      --
      "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
    6. Re:The Only Solution by Surt · · Score: 2

      I'd actually argue that's probably untrue at most work sites. For example, in every one of the last 5 buildings I've worked in, sharing a ride in the right elevator could get you into an area with an rj45 port, whereas getting into the server room required passing a badge access door that was only used by 5 people who all knew each other, with an expectation that anyone else would be escorted.

      --
      "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
    7. Re:The Only Solution by BitZtream · · Score: 5, Insightful

      Who's fault it is isn't relevant. If you're concerned with fault, you must be a manager rather than something useful. The goal is to keep things private and secure, not make sure you get to point the finger somewhere else. If you're pointing the finger, you've already failed even if you're too stupid to realize it.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    8. Re:The Only Solution by localman57 · · Score: 2

      Who's fault it is isn't relevant. If you're concerned with fault, you must be a manager rather than something useful. The goal is to keep things private and secure, not make sure you get to point the finger somewhere else. If you're pointing the finger, you've already failed even if you're too stupid to realize it.

      This kind of thinking is, in my opinion, exactly opposite of good security. Companies who take a "Security is everybody's responsiblity!" attitude are doomed to fail. Something that is everybody's responsibility is no-one's responsibility. Being able to identify whose fault it is is a side effect of knowing whose responsibility it is. My responsibility to secure the network. The receptionist's responsibility to vet the people coming into the building. The facilities/security person's responsibility to make sure there's no way for 3rd parties to get in except past the receptionist. If the network gets hacked, one of the three of us fucked up. Then you figure out how, and take corrective action in that area.

    9. Re:The Only Solution by h4rr4r · · Score: 2

      It is easy to put such a policy in place. It is near impossible to get people to actually follow that policy.

    10. Re:The Only Solution by IceCreamGuy · · Score: 2

      Again, I disagree, and I'll add that I'm basing this off of personal experience. With proper training any reasonable policy should be able to be implemented, the hard part is actually making sure that people are trained and understand the repercussions. "Hard" is the operative word, it's not "impossible," and can even be easy if you do it a lot. If you have important data, like medical records, credit card numbers, socials and people don't follow simple policies like that, then they should be terminated. If you're telling me that in your organization anyone can just walk in and plug a laptop into a jack as long as they're wearing coveralls and a Verizon badge, then I truly hope that you don't have my SSN or credit card info. An inability to enforce such a simple policy in an organization that deals with sensitive data is a terrifying thought.

    11. Re:The Only Solution by SecurityTheatre · · Score: 2

      The problem is, deciding that nobody should care about security opens up a bunch of potential vulnerabilities.

      Most companies have a side door that is accessible to employees with a badge. This is where we target to gain physical access to a building during a penetration test. Almost everyone will hold the door for you if you look busy and are reasonably respectable looking. Most companies can't afford to secure every door, or won't do it due to parking situations, etc.

      The other attack we commonly engage in during penetration testing is spear-phishing attacks. With a properly worded email, I get passwords out of about 30% of people at an average corporation. Those corporations that make sure everyone has security training and adopt the attitude of "security is everyone's responsibility" tend to have lower rates of this. Yes, it doesn't completely fix the problem but it doesn't hurt either.

      As an IT Security manager, if you were to adopt the stance of "nobody else can plug the gaps, so I have to find a way to do it"- this results in pretty draconian security policies. Two factor authentication on everything, host and user certificates for wire-line (and wireless) authentication via a NAC to prevent unauthorized endpoints, WIPS to knock down any rogue wireless that does manage to connect... Binary whitelisting on the endpoints, etc, etc, etc

      You can secure the environment without user cooperation, but they will not like it....

  3. Side channel attack? by liquidweaver · · Score: 4, Funny

    It's not possible remotely. I'd like to know how a side channel attack could be executed against a wireless target? Magic? "Hey, do you mind if I hook up my oscilloscope to you router for a few hours? Why? No reason."

    --
    mov ah, 4ch
    int 21h
    1. Re:Side channel attack? by synthesizerpatel · · Score: 2

      When the kids down the street asked to hook their scope up to my router I didn't even consider this as a potential explanation.

      Thanks!!!!

    2. Re:Side channel attack? by localman57 · · Score: 4, Funny

      In that case, I'd like to ask if we could have your wife come in and do some testing at the mattress store where I work. Any time after closing would be fine.

  4. Re:if it is so damn secure by sakdoctor · · Score: 4, Informative

    "We", pretty much do. The underlying algorithm is AES, used in ssh, https, bitlocker, GPG, and so on.

  5. Informative article by drobety · · Score: 2

    I find this article about security to be informative. Always good to be reminded to look at how secure we think we are.

    However, I didn't appreciate that, without NoScript, the web page on which the article sits would have pulled in scripts from over 25 sources from around the web...

  6. Re:Computer researchers are too much like computer by MPAB · · Score: 2

    I think it's because of two things:

    In the earlier days of the internet, a lot of sites wouldn't accept passwords longer than eight characters or with spaces in them. I think because of the way they were saved. What's worse is that some sites would accept the password at registration, but filter it when signing in; thus locking out the user forever.

    And nowadays there's too many sites that ask such nonsense as "Must be longer than 6, shorter than 10, have 3 numbers, one capital letter". My phone company asks for 4 numbers and then 6 letters. I guess they get lots of reset password calls. I make one each 6 months or so.

  7. see what I did there? by Thud457 · · Score: 2
    OK, here's how you do it:

    1. have you mother feign car trouble and ask to use the restroom
    2. while she's there, she leaves a remote-control smoke bomb in the trash.
    3. find a sysadmin that's out on vacation (?wtf, that can't be right?)
    4. make up a gift basket, hide some elemental sodium (hah! really?! Florida's pretty damn humid...) in it
    5. send gift basket (4) to absent sysdamin (3), where it gets left sitting in the server room until his return
    6. trigger smoke bomb (2)
    7. smoke (6) triggers sprinkers
    8. water from sprinklers (7) ignites elemental sodium (4) starting a two-alarm conflagaration
    9. sneak into gangster's warehouse disguised as fireman
    10. steal wifi

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  8. Re:Computer researchers are too much like computer by hawguy · · Score: 2

    I think you're missing the point of the XKCD comic... There are around 3000 commonly used words in English (xkcd assumed 11 bits per word, or 2048 words). A 6 year old child has a vocabulary of between 2500 and 5000 words.

    If user uses a 5 word password there are 3000^5 = 2.4E17 different combinations

    In your 12 character, mixed case (52) + numeric (10) + symbols (20 common symbols?) password there are 83 possible symbols, so that's 1E25 combinations.

    So technically, your "random" password may be 500,000 times safer, but even 2.4E17 combinations will take thousands of years to brute force at a million guesses/second. Not many people have secrets worth that much effort, and for those that do, they can use a 6 word passphrase so even at a billion guesses/second it would take thousands of years to brute force it.

    Few people can reliably remember a random string, especially when they need a different password for different accounts, and have to change it every 30 - 90 days, so they'll end up writing it down or storing it in some password keeper that's subject to attack.

    However, most people can remember: "seesawseashoresally" or "liontigercougarnotdog" much more easily than a random string, and they'll end up with a very secure password than the usual method of doing s1mpl3 sub5t1tut10ns. And many people (like me) can type a 20 character phrase faster than a 12 character random string.