Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Elcomsoft Claims WPA/WPA2 Cracking Breakthrough

timothy posted about 6 years ago | from the it-budget-excuse-par-excellence dept.

Graphics 349

secmartin writes "Russian security firm Elcomsoft has released software that uses Nvidia GPUs to speed up the cracking of WPA and WPA2 keys by a factor of 100. Since the software allows them to network thousands of PCs, this anouncement effectively signals the death of wireless networking in business networks; any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether."

cancel ×

349 comments

Sorry! There are no comments related to the filter you selected.

Looks Like I'm Safe (5, Interesting)

linuxmeepster (1383107) | about 6 years ago | (#25346535)

"Brute Force Attack will take up to 128299838271 years" at 500,000 passwords a second. ElcomSoft is claiming a 20x improvement in speed, but that won't make a dent into an exponential-sized problem. See http://lastbit.com/pswcalc.asp [lastbit.com] for calculation.

Re:Looks Like I'm Safe (3, Informative)

Daimanta (1140543) | about 6 years ago | (#25346577)

True, buy most people will use a alphanum pass with 10 characters or less.

(26*2+1)^10 = 839299365868340224

Which is a lot more crackable.

You can get hard passwords (4, Interesting)

Anonymous Coward | about 6 years ago | (#25346665)

Steve Gibson has a site that generates random passwords on the fly (unique for you): https://www.grc.com/passwords.htm [grc.com]

These are especially good for wireless routers since you normally don't need to type them yourself and they don't get changed that often. (Of course, you should still change them once in a while.)

Re:You can get hard passwords (5, Informative)

mlts (1038732) | about 6 years ago | (#25346743)

I personally recommend KeePass for password generation. It can generate 63 char passwords for WPA/WPA2 keys with cryptographically random unpredictability as it uses keyboard/mouse movements as part of seeding. Because its done on the local machine, there is no chance of the password being leaked as compared over the web. With a 63 character password, that is far more entropy than the 128 or 256 bits keys used for AES, so for someone to guess a password of that length, they either have to be able to brute force AES at full strength, or find a weakness in the algorithm's implementation.

I generate a KeePass password, save it to a USB flash drive, then paste it into my router's config. I then take the USB flash drive to the physical machines and do a copy and paste of the 63 char key into their network preferences. This is a lot easier than typing it. Should I lose the key... not hard to fix -- generate another one and rekey the 3-4 machines on my network. Because the WPA/WPA2 key is easily resettable with physical access to the machines, there is no reason to go less than the maximum character length, and it doesn't matter if the password gets forgotten, as long as you remember your router and machine's access passwords. (This for a home network. Businesses should use a RADIUS server where all the machines are not reliant on a single shared encryption key.)

If you have to use fewer characters, I'd say never use fewer than 20 characters, but even that is cutting it thin, factoring in Moor's law, botnets, and usage of GPUs for additional number crunching.

Re:You can get hard passwords (2, Informative)

Deekin_Scalesinger (755062) | about 6 years ago | (#25346857)

I'll second KeePass and its UNIXy-OSXy variant KeepassX (the DB file that it stores passwords in can be read on all three platforms). In addition to its password generating abilities, it makes a handy home for my network/web logins. Sourceforge has both programs in all their gleaming, open source goodness.

Re:You can get hard passwords (4, Funny)

darkonc (47285) | about 6 years ago | (#25347285)

Yeah, that's great.... But it doesn't work too well for the "I'll set up our 200 unit network for wireless in 2 hours" crowd. Those are the ones who are likely using WPA with PSK and easy-to-type-in passwords.

Re:You can get hard passwords (1)

thePowerOfGrayskull (905905) | about 6 years ago | (#25347329)

I'm not sure I understand the need. Here, watch: cc09-x5k}d4asedf*&@!liusdf98054fhpw2lxgb94j2-fh0z345j@#[[]{9dx^aDDsic[of9yeSZDt4$566@@DfdsclocvobS(I9x7@(#&$ Seems redundant to use software to do the same thing? I understand the 'extra' security by using keyboard/mouse movement so that the generated password is not predictable. On the other hand, the one I just created is equally unpredictable; I certainly could not generate it again myself. That password is not going to get cracked if I use it, and all the other steps you described could be followed just the same.

Re:You can get hard passwords (2, Interesting)

Bert64 (520050) | about 6 years ago | (#25346875)

What's amusing, is that devices like mobile phones encourage people to use weaker passwords, as typing a long complicated password into a cellphone is quite a hassle.

Re:You can get hard passwords (2, Informative)

pipatron (966506) | about 6 years ago | (#25347127)

If you run a debian-ish system: aptitude install pwgen

Re:Looks Like I'm Safe (5, Informative)

Anonymous Coward | about 6 years ago | (#25346681)

Uh, where are you getting that number? (26*2+1)^10 works out to 1.7488747 * 10^17 [google.com] . Wouldn't it be more like ((26*2)+10)^10, assuming no spaces?

Re:Looks Like I'm Safe (1)

Daimanta (1140543) | about 6 years ago | (#25346815)

Yeah, it's a typo. 26*2 for the letters including caps and 10 for the numbers.

Re:Looks Like I'm Safe (1)

risinganger (586395) | about 6 years ago | (#25346687)

true but that's a weakness in people - not the protocol. I was a little worried until I also read it was nothing more than a brute force attack using a faster processing unit.

WEP is broken. It's broken because with a little time I can crack it on my G4 iMac. WPA isn't.

Re:Looks Like I'm Safe (0)

Anonymous Coward | about 6 years ago | (#25346779)

true but that's a weakness in people - not the protocol.

In some cases, it's a weakness in the equipment. The wireless router supplied by mother's ISP limits the key to 10 characters.

Re:Looks Like I'm Safe (2, Interesting)

Ironsides (739422) | about 6 years ago | (#25346843)

That sounds like a reason to go out and get your own router that supports full WPA2 encryption. If nothing else, flash it with DD-WRT and you get that.

Re:Looks Like I'm Safe (5, Funny)

Sasayaki (1096761) | about 6 years ago | (#25346729)

"Brute Force Attack will take up to 128299838271 years"

Look, I understand that's enough security for your mortals, but I plan to live forever. I don't want someone getting my data just after my 128,299,838,295th birthday!

Re:Looks Like I'm Safe (1, Funny)

Anonymous Coward | about 6 years ago | (#25346783)

Look, I understand that's enough security for your mortals, but I plan to live forever. I don't want someone getting my data just after my 128,299,838,295th birthday!

Ray Kurzweil, how ya doin'?

Re:Looks Like I'm Safe (0)

Anonymous Coward | about 6 years ago | (#25346813)

Wow, so you're saying we'll still be using WPA 128299838271 from now? That.. sucks.

Re:Looks Like I'm Safe (1)

Pentium100 (1240090) | about 6 years ago | (#25346973)

Or maybe he does not want his now-current data to fall into wrong hands after 128 gigayears?

Re:Looks Like I'm Safe (5, Funny)

ksd1337 (1029386) | about 6 years ago | (#25346859)

I don't want someone getting my data just after my 128,299,838,295th birthday!

Tell us if they release Duke Nukem Forever by your 128 billionth birthday.

Re:Looks Like I'm Safe (0)

Anonymous Coward | about 6 years ago | (#25347203)

Change the protocol to use IKE and change the key every 4 hours. Problem solved.

Does this surprise anyone? (5, Insightful)

Mad Merlin (837387) | about 6 years ago | (#25346539)

This doesn't surprise me. Anyone who wasn't already assuming that anything you sent via wireless was already in the hands of your enemies (unencrypted) is a bit naive.

Re:Does this surprise anyone? (5, Insightful)

Anonymous Coward | about 6 years ago | (#25346547)

I don't care how you're accessing the net, if it's important encrypt it.

Re:Does this surprise anyone? (0)

Anonymous Coward | about 6 years ago | (#25346675)

Why are you saying that? Is this something specific to the WPA protocol, or are you saying that wireless encryption in general cannot work?

Re:Does this surprise anyone? (1)

Paracelcus (151056) | about 6 years ago | (#25346683)

How about pushing out new keys every XX hours to all wireless devices? I do this manually on my little network.

Re:Does this surprise anyone? (2, Insightful)

Ironsides (739422) | about 6 years ago | (#25346861)

So, all I need to do is record the data, crack the first set of keys and then I can decrypt all subsequently sent packets as you have convieniently provided the new keys in the (now decrypted) data stream.

Re:Does this surprise anyone? (1)

nullchar (446050) | about 6 years ago | (#25347103)

That only works if you can crack the current key (whichever it may be) in the required XX hours.

Re:Does this surprise anyone? (3, Informative)

Ironsides (739422) | about 6 years ago | (#25347157)

He's pushing out the new key over the network using the existing key. I record all data over the network starting with key XX1. Say he gets to key XX3 when I finally crack key XX1. I use key XX1 to decrypt all the data I have recorded from the wireless, I get key XX2 by decrypting it and then I also get key XX3.

Re:Does this surprise anyone? (1)

h4rm0ny (722443) | about 6 years ago | (#25347177)


Not if they're recording all the data. They have as long as they like - once they've cracked the first one, they'll catch up rapidly. Yes - it's an additional constraint, though.

Re:Does this surprise anyone? (4, Interesting)

SanityInAnarchy (655584) | about 6 years ago | (#25347247)

Nope. It only requires that someone is recording that data, just as GP said.

So, suppose you're pushing a new key every hour. It takes me 12 hours to crack your key.

If you're not thinking too clearly, it looks like you're safe.

But with modern wireless technologies, how much data can you really push in 12 hours? Let's say you're on a -g network -- 54 mbits -- you'll probably send at most 5 megabytes per second. Suppose you're saturating that constantly -- that means roughly 18 gigs an hour.

So, it takes me 12 hours to crack that -- which means I have to record at most 216 gigs worth of (encrypted) data.

At the end of 12 hours, I've cracked the key from hour 1. I can then go back and decrypt all traffic you sent during that time, including the key you set for hour 2. Then I can decrypt all the data from hour 2, and so on. This will probably take less than an hour.

At that point, I'm caught up, and you're kindly pushing updated keys to me.

So, in other words, your rotating key scheme only works against people who either aren't recording your data, or aren't interested in cracking it at all (for instance, it'd be great if you give a houseguest access for an hour, then the next hour, the key changes from under them)...

Re:Does this surprise anyone? (1)

Krabbs (1319121) | about 6 years ago | (#25347105)

Are you seriously claiming that secure wireless communication is impossible?

Re:Does this surprise anyone? (3, Insightful)

hedwards (940851) | about 6 years ago | (#25347313)

That was my reaction, the standard advice going back a long ways was use WEP, but for the love of god also use VPN between the devices. I can't imagine why WPA or WPA2 would make people think that you should be ditching the VPN.

Admittedly I've been guilty of not doing it, but it was more a matter of inferior Windows facilities than anything else.

Rotate your keys (5, Insightful)

Legion_SB (1300215) | about 6 years ago | (#25346551)

With good keys, even a 100x increase in cracking speed is still not fast

Don't use a little 8-character passphrase. Use long keys, and don't just leave them in place forever. Change them periodically.

Re:Rotate your keys (1)

JackassJedi (1263412) | about 6 years ago | (#25346913)

Better even, change them randomly.

..since as we know, ... (5, Funny)

Marcika (1003625) | about 6 years ago | (#25346957)

... Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.

Re:Rotate your keys (0)

Anonymous Coward | about 6 years ago | (#25347041)

There's a very reassuring article along those lines at Coding Horror - Hardware Assisted Brute Force Attacks: Still For Dummies [codinghorror.com] .

Re:Rotate your keys (2, Insightful)

Kjella (173770) | about 6 years ago | (#25347079)

Rotating keys is not a smart way to try to extend the keyspace, if he can brute force one password he can quite probably do it again. Rotating passwords is a good idea if unwanted people may have had access to the password or a device it was on like say in a corporate network, guest network or whatever. For the traditional home network where the overwhelmingly likely scenario is that he's got no inside knowledge, just set one password at maximum length with some special characters so you're using the full keyspace. He'll have a much harder time breaking one 128 bit key than ten 80 bit keys.

Newsflash: Most "Business Networks" Aren't Secure (5, Insightful)

Llywelyn (531070) | about 6 years ago | (#25346555)

Most businesses I've seen have had easily guessable passwords, used open relays, or WEP encryption. Many don't change their keys even after firing someone. Saying that this is a "death knell" is serious hyperbole since, for many companies, convenience trumps hardened security.

That said, the biggest risk is still always going to be insiders and former insiders who won't need to crack into the wireless network: they will already know how to get access.

Re:Newsflash: Most "Business Networks" Aren't Secu (2, Insightful)

Anonymous Coward | about 6 years ago | (#25346615)

In terms of quantity of seperate attacks, partner networks and outsiders are the biggest risk. In terms of records stolen per breach (still arguably not the biggest risk, since Verizon didn't report cost/record) insiders were top.

http://www.verizonbusiness.com/resources/security/databreachreport.pdf [pdf]

Thats not really news... (4, Interesting)

imsabbel (611519) | about 6 years ago | (#25346561)

There is no special flaw or exploit in use. They just throw more transitors at a special problem.

Everybody who really want to crack into some network (think NSA or industrial espionage) could have used FPGAs for even bigger gains.

And for joe sixpack, weeks on a small cluster is still not a viable way for free internet...

Re:Thats not really news... (1)

stinerman (812158) | about 6 years ago | (#25346935)

Exactly.

Apparently you can brute-force easily guessable passwords. Film at 11.

Re:Thats not really news... (1)

Pentium100 (1240090) | about 6 years ago | (#25347019)

While I am not your average user, if there were no internet connection where I lived (but I could "see" a wireless network) or the only available was quite bad, I would get that which was available and then wait years until the wireless network was cracked.

Thankfully, I have a quite good internet connection 2x (4096kbps down 768kbps up)(two connections - one ADSL and the other free wireless from the same provider), and also see a lot of OPEN networks, one has a very good signal strength and it is my "unofficial" backup connection. If that also fails, there are about 20 more available once I connect a 7db antenna to my laptop or access point.

Re:Thats not really news... (1)

ksd1337 (1029386) | about 6 years ago | (#25347057)

And for joe sixpack

Palin? Is that you?

Why does wireless security suck so bad? (5, Insightful)

mcrbids (148650) | about 6 years ago | (#25346565)

Seriously. We've had a number of standards with names like "Wired Equivalency Protocol" and "Wifi Protected Access" and yet they seem to be falling, one-by-one, to relatively trivial attacks. I'm not saying that WPA is as bad as WEP, but how come they can't copy/paste something as good as good old-fashioned SSL?

SSL has withstood the tests of time, over, and over, and over, and over again. SSL is the gold standard for encryption. It's used on every HTTPS website, it's used for SSH, it's used as part of kerberos, IMAPS, POPS, TLS, and just about every other good-quality security tool.

So why are wireless chipset manufacturers trying to re-invent the wheel, when it's widely known that these kinds of wheels are FRIGGEN HARD to re-invent well?

Start with normal, unencrypted wireless. Getting that to work was solved long ago. Embed an SSL engine into your wireless device, with a randomly generated private key. Provide a means to access the public key, and copy/paste that key into your high security wireless driver. If you want to be paranoid, your local driver generates a private/public key pair as well, and that can be copy/pasted to your wireless device.

Done! Now you *KNOW* that if you are accessing the Internet through the driver, you are doing so through the correct wireless hotspot. Who cares about wireless MITM attacks at that point? The SSL protocol *ASSUMES* that there are MITM attempts, and foils them quite effectively, over the equally open and unsecured Internet.

Seriously, folks. This is a problem that was solved over a decade ago. Why are we doing this again?

Re:Why does wireless security suck so bad? (5, Informative)

swillden (191260) | about 6 years ago | (#25346629)

Seriously. We've had a number of standards with names like "Wired Equivalency Protocol" and "Wifi Protected Access" and yet they seem to be falling, one-by-one, to relatively trivial attacks.

"Seem" is the key word in this paragraph.

The claimed attack is nothing more than a brute force search on WPA/WPA2 pre-shared keys, a search that will fail if the keys are well-chosen. It has no effect whatsoever on WPA or WPA2 when used with any of the EAP authentication modes. But PSK requires the network admin to choose a key, and the key is typically chosen by typing in a passphrase. If that passphrase is weak, then given enough computation power an attacker can guess it. Big surprise.

WPA and WPA2 ARE just as solid as SSL. The only difference is that everyone knows that if you're doing SSL you should use a good random number generator to help generate your key pair and to generate the session keys.

Re:Why does wireless security suck so bad? (4, Interesting)

Shados (741919) | about 6 years ago | (#25346651)

So what you're saying is, since I'm using the longest freagin key that my router allows, and I used a cryptosecure generator to create it (its totally random), I'm more or less safe?

Re:Why does wireless security suck so bad? (4, Informative)

Simon (S2) (600188) | about 6 years ago | (#25346863)

Yes.

Re:Why does wireless security suck so bad? (5, Informative)

databeast (19718) | about 6 years ago | (#25346923)

Better yet, use 802.1x (WPA + RADIUS) which completely avoids all the key-exchange weaknesses of WEP and WPA.

Re:Why does wireless security suck so bad? (3, Interesting)

Pentium100 (1240090) | about 6 years ago | (#25347049)

I used this. Not so for the security (I think a 63 character really random password would be enough), but for convenience - it was easier to copy two files (user certificate and CA certificate) to my cell phone than type ten 63 char password (which for some reason was reset after each phone reboot)...

Now I do not use wifi for my local network. For some reason the AP usually failed to authenticate users, so I scrapped the idea and now use the same AP as a client to my ISPs wifi network. It works now...

Re:Why does wireless security suck so bad? (1)

dpilot (134227) | about 6 years ago | (#25347085)

So this means that though I'm using the longest key my router allows, because I only used a decent pseudorandom generator instead of a true random generator, I'm toast. Oh, Noooooooooo!

Incidentally, I've usually powered my wireless router off when I'm not going to be using it. But then at some point I realized that cracking requires snooping on a successful connection. If there's no successful connection, about all they can get is my SSID.

Re:Why does wireless security suck so bad? (5, Funny)

eric2hill (33085) | about 6 years ago | (#25347119)

Almost, but your key may not be as truly random as you might think. Post your key here so we can verify it's really secure.

Re:Why does wireless security suck so bad? (2, Funny)

dgatwood (11270) | about 6 years ago | (#25347355)

Okay. My key is 1...

2...

3...

4...

...

...

5.

Security vs Usability (1)

xswl0931 (562013) | about 6 years ago | (#25346659)

The reality is that most businesses and home users don't want to deploy a Certificate Authority to make use of SSL. WEP, WPA, and WPA2 are "cheap" encryption solutions. If you are really worried about it, there are existing cert based solutions available that are independent of the wifi router/access point.

Re:Security vs Usability (1)

mcrbids (148650) | about 6 years ago | (#25346811)

You don't need a certificate authority to use SSL. SSH works fine without a Certificate Authority. The only value that a Certificate Authority provides is in positively identifying/validating a participant that you didn't previously validate.

The protocol I mentioned requires no certificate, since the public key is being copy/pasted with a mechanism that is otherwise trusted.

Re:Security vs Usability (1)

Rekolitus (899752) | about 6 years ago | (#25347161)

The TLS standard (effectively SSL 4) mandates that the server present a certificate for perusal by the client. Sure, you can use a self-signed certificate, but then you're not using TLS in a secure fashion.

SSH and Kerberos are not based on SSL/TLS. SSH probably uses similar techniques to SSL, but Kerberos is out there doing it's own wacky thing. See here [mit.edu] for an explanation of Kerberos's operation.

Re:Why does wireless security suck so bad? (1)

Dahan (130247) | about 6 years ago | (#25346703)

40-bit SSL was broken over a decade ago. "But everyone uses 128-bit keys! It's not SSL's fault if someone chooses to use such a short key!," I hear you exclaim. Well the same thing applies to WPA. Choose a strong key and you'll make brute force attacks impractical. And as for MITM attacks, do you really want to pay some CA a yearly fee so you can use your wireless network? I guess if you know what you're doing, you can set up a self-signed certificate and tell your access point to only trust that cert, but that's beyond the ability of the average user who just wants to watch Youtube on their laptop. And if you do know what you're doing, a pre-shared passphrase isn't the only way to authenticate--you can use certificates if you're willing and able to set up the infrastructure for it. In fact, EAP-TLS is basically the same protocol as SSL.

Re:Why does wireless security suck so bad? (3, Interesting)

GrenDel Fuego (2558) | about 6 years ago | (#25346761)

What you're describing is EAP-TLS [wikipedia.org] , and its definitely the way to go if you're running wireless for a larger business.

Re:Why does wireless security suck so bad? (1)

donkeyoverlord (688535) | about 6 years ago | (#25347017)

How secure is data when using EAP-TLS? I understand that the device is authenticated by a certificate and the users credentials are also validated. But what protects the data? WEP? WPA2? TLS?

Re:Why does wireless security suck so bad? (2, Informative)

GrenDel Fuego (2558) | about 6 years ago | (#25347139)

EAP-TLS is used for the key exchange process. The encryption used for the connection can either be TKIP, which uses rotating RC4 keys or CCMP which uses more secure AES encryption keys.

CCMP is the more secure choice, but is incompatible with older wireless cards. If you care about the security of your network, you are better off choosing hardware that supports CCMP.

SSL keys aren't entered by hand (2, Interesting)

Joce640k (829181) | about 6 years ago | (#25346903)

....that's the difference.

So long as people use convenient passphrases for their security then no amount of fancy algorithms will save them.

This realization is why the US Government eventually dropped all the regulations they used to have on exports of strong encryption.

Re:Why does wireless security suck so bad? (1)

buchner.johannes (1139593) | about 6 years ago | (#25346955)

If you are wise, you will use encryption on higher OSI layers for your important services anyway. Also, a WPA/WPA2-password doesn't protect you from other legimate users in the network sniffing on you ...

Re:Why does wireless security suck so bad? (1)

jd (1658) | about 6 years ago | (#25347275)

Well, SSL is one option, sure. Sun's SK/IP system would be another, since it was designed with unreliable connections in mind. Requiring client-side certs and using any of the public-key systems (ECC, for example) would be vastly superior to a shared key system. If privacy is not as big of a concern as just authenticating who sent the packets, 802.1x offers some interesting possibilities. Of these, how many are implemented in low-cost COTS wireless devices? 802.1x appears in a few, but not many. The others - well, "none at all" might be an overestimate. Sure, you can roll your own image for some wireless routers, so you can install something like ENSKIP (the Linux version of Sun SK/IP), but that ceases to be a true COTS solution, and businesses are fanatical about COTS-only as it means they can blame someone else when things screw up.

(The ability to blame someone else is vitally important in any country where lawsuits are commonplace but accountability is optional. Why do you think the British government outsources security? They don't trust GCHQ's experts? Or because it becomes Somebody Else's Problem - SEP fields are wonderful things - and they get to fingerpoint?)

Re:Why does wireless security suck so bad? (2, Interesting)

Tuoqui (1091447) | about 6 years ago | (#25347343)

Problems...

1) SSL as it stands for HTTPS and what not typically uses key lengths anywhere from 128-bit all the way up to 4096-bit.
2) WEP/WPA requires the router to decrypt all packets over the wireless network so it can route them.
3) Longer keys = More Processing power required.
4) Encrypting and Decrypting everything may involve a performance hit without more processing power.

End Result: You want it more secure, the router is gonna need more RAM and CPU power to pull it off which means instead of picking up a wireless router for $40-60 for consumer grade stuff it'll probably end up more like $80-120.

Two steps behind... (0, Offtopic)

Anonymous Coward | about 6 years ago | (#25346569)

I'm still stuck using WEP thanks to crappy wireless drivers for Linux.

Re:Two steps behind... (1)

HAKdragon (193605) | about 6 years ago | (#25346951)

I'm in the same boat, but because Nintendo has decided not support any form of WPA on the DS for some reason.

Dear script kiddie (0)

Anonymous Coward | about 6 years ago | (#25346991)

I'm still stuck using WEP thanks to crappy wireless drivers for Linux.

WPA2 works fine in linux; it's your own ineptitude that has use "stuck using WEP". Stop making excuses for your inability to learn.

Re:Dear script kiddie (0)

Anonymous Coward | about 6 years ago | (#25347307)

If the driver doesn't support it, the driver doesn't support it. And if the manufacturer doesn't make full specs available, there's not a fuck of a lot that you or anyone else can do about it, Boy Wonder.

Re:Two steps behind... (0)

Anonymous Coward | about 6 years ago | (#25347391)

Then do what I do and use SSL tunnels within your network as well. My DS won't handle WPA, and info sent thru my DS is as important as yesterday's fart my neighbor had when he was working 20 miles away from here (notice I don't even know who my neighbor is). People call me paranoid for using sftp within my network to transfer music files from PC to PC, in ogg format.

To avoid people hooking and sucking from my pipe, I use a MAC address filter, bloody convenient it is.

Oh, and I use Linux and WPA works fine.

I'm anonymous coward, and I approve this message.

Not The End (0)

Anonymous Coward | about 6 years ago | (#25346575)

Only the desperate ones and the computer geeks (a small amount of our population) will be ever so willing to give stuff like this a try as most people will just think "Oh, its passworded" and move on. Unless there's someone deliberately trying to hack your network for something (e.g. big business documents, identity theft), WEP suffices in most situations.

Plus, my DS can't connect. ;c

F@H (5, Interesting)

Kooty-Sentinel (1291050) | about 6 years ago | (#25346599)

I wonder how long it would take for the entire Folding@Home grid would take to crack a single WAP/WAP2 key. Can anyone do the math?

Re:F@H (0)

Anonymous Coward | about 6 years ago | (#25346733)

I'd need the nvidia gpu just to work that out.

Please send me your password, so I can verify ... (2, Funny)

PolygamousRanchKid (1290638) | about 6 years ago | (#25346979)

My Dearest Friend,

I am the Minister of the Nigerian Ministry of Butt-loads Of Networked Nvidia PCs (NMBNNP). We would like to test this software, but in order to determine if the software has successfully cracked the password, we need your login password, so that we can verify.

Afterward, you will be granted unlimited access to the NMBNNP grid.

Oh, and please send your bank information, as well.

Re:F@H (4, Funny)

93 Escort Wagon (326346) | about 6 years ago | (#25346801)

I wonder how long it would take for the entire Folding@Home grid would take to crack a single WAP/WAP2 key. Can anyone do the math?

So that would be Cracking@home?

Re:F@H (2, Informative)

Anonymous Coward | about 6 years ago | (#25346883)

For a ballpark:

total time / number of active cpu's

From another comment:

Brute Force Attack will take up to 128299838271 years at 500,000 passwords a second.

And F@H has well over a million users (but less than 2, and many inactive), so I'll highball guesstimate at 2million.

The result: 64,150 years, optimistically.

Re:F@H (1)

Krabbs (1319121) | about 6 years ago | (#25347201)

Even combining all the computing power in the world the sun will have become a red giant and burned all life from this planet before you have broken a 256 bit AES key by brute force.

zombies (0)

Anonymous Coward | about 6 years ago | (#25346617)

new use for them..

Wires. (2, Insightful)

Anonymous Coward | about 6 years ago | (#25346631)

Proof that the best solution, by far, is to use wires. Wireless is fine when you don't care what's being sent over them (browsing, etc), but for any serious business or otherwise sensitive information, I want to be plugged into an actual, physical network. Not that it's 100% secure, of course, but at least your information isn't flying around in the air waiting for someone to decrypt it, and given time, *anything* can be decrypted.

I will never own a wireless router in my home for that reason.

Re:Wires. (1)

jjohnson (62583) | about 6 years ago | (#25346837)

What are you doing in your home that shouldn't be seen by anyone else? How's that basement fusion reactor going?

Behind the NAT (0)

Anonymous Coward | about 6 years ago | (#25347047)

It's about being able to connect to the machines behind the NAT, and hack them.

Re:Wires. (1)

Ash-Fox (726320) | about 6 years ago | (#25347143)

What are you doing in your home that shouldn't be seen by anyone else?

Using credit cards, online banking, personal e-mail, personal instant messages, personal voice calls...

Oh, pull the other leg... (5, Interesting)

subreality (157447) | about 6 years ago | (#25346637)

This is seriously overhyped. #1:

This anouncement effectively signals the death of wireless networking in business networks;

Bullshit. The underlying encryption is based on AES*. AES is not a toy algorithm, and is designed to defend against specialized cracking hardware, and all other known attacks. It is *plenty* strong enough to hold up to a 100X increase in cracking speed, as long as you use good keys, which hopefully you are in a business environment.

I'm willing to believe that a key handling vulnerability might exist in WPA, or a flaw in AES, but the notion that brute force has brought about the death of WPA in business networks is just absurd. At best, this is a reminder to use good keys.

any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether.

Do you think your VPN software has a better underlying algorithm than AES?

* Unless you're using TKIP, which is a toy algorithm, which exists for backwards hardware compatibility, and in my experience isn't used by anyone who cares about security... But even there, the potential attack vectors are through algorithm weaknesses, not brute forcing the keys.

Re:Oh, pull the other leg... (2, Informative)

secmartin (1336705) | about 6 years ago | (#25346867)

When used with any authentication scheme that is *not* PSK-based, WPA is still pretty secure. VPN connections are perfectly fine as well, as long as you don't choose a simple guessable pre-shared key...

Re:Oh, pull the other leg... (1)

Kizeh (71312) | about 6 years ago | (#25347069)

Also, any real business (even my university) is using WPA2-Enterprise, which is AES / 802.1X based. There are not pre-shared passwords that suffer from possibly being too short, and each client negotiates the actual encryption per connection, and there's re-keying so even if you could crack the encryption for one client at one time, you still would have to repeat the task for every other client and other sessions.

3DES (4, Interesting)

Detritus (11846) | about 6 years ago | (#25346647)

The article says that 3DES has been broken. I think they are mistaken. DES was cracked by a brute force attack but 3DES is still considered secure.

How is their distributed processor system going to crack a 128-bit key that has 128 bits of entropy? Maybe the solution is to update the wi-fi software to make it easier to generate, transport, and install, truly random keys.

Re:3DES (4, Interesting)

secmartin (1336705) | about 6 years ago | (#25346847)

Mea culpa, I just updated the article. I meant DES of course, 3DES is about 2^52 times more secure.

I'd trust 3DES more than AES (1)

Joce640k (829181) | about 6 years ago | (#25346981)

DES is one of the most analyzed algorithms in history and no weaknesses have been found. The key for 3DES is plenty big enough to prevent brute-forcing.

AES has some advantages (eg. speed) but 3DES is as secure as it gets.

Summary is quite silly! (5, Informative)

Qwavel (733416) | about 6 years ago | (#25346673)

Businesses that are serious about their security use one of the many types of WPA-Enterprise. The method described in this article only applies to WPA-Personal which is targeted at home users.

Those businesses that do use WPA-Personal can simply institute a policy that requires better passwords to secure them against this exploit.

Some businesses will continue to use WPA-Personal with poor passwords, and that's fine, but those businesses are probably not too worried about security and have many other bigger vulnerabilities.

So, the claim that "this anouncement effectively signals the death of wireless networking in business networks" is ridiculous.

Hype-Sicle (2, Interesting)

sarkeizen (106737) | about 6 years ago | (#25346721)

Weird that this article seems to call down doom for WPA in general and particularly in the enterprise.

a) 100x increase, even using 10,000 machines seems insignificant if you are using the maximum WPA key length employing uppercase, lowercase and punctuation? Even a 30 char password seems to last far longer than most of us will be alive. So at worst all this changes is the minimum key length that can usefully be employed on WPA.

b) In the enterprise in my experience you either use no encrypting and rely on protection at other layers (VPN, SSL, etc) or you use a RADIUS based system that hands out a new key for each session. This seems even less likely to be affected by this. Unless...and I admit I've never checked this...they keys being used have some weakness (short, not very complex, etc...) which, again at worst seems to be a wake-up call for hardware vendors if nothing else.

So wrt wireless this is interesting but hardly industry changing.

We're okay (5, Funny)

Anonymous Coward | about 6 years ago | (#25346817)

Hah! My company is okay- we're only using MAC filtering for our security, none of this insecure WEP/WPA crap.

The important thing is, (1)

Vadim Makarov (529622) | about 6 years ago | (#25346851)

can I get this software on The Pirate Bay? It's not like breaking into neighbour's network to use it for free is going to be worth an EUR 600 investment.

Already GPL'ed ... (4, Informative)

Anonymous Coward | about 6 years ago | (#25346873)

All of this is already available as a GPL'ed tool that has been out for about a month. See http://pyrit.googlecode.com

Wireless isn't secure???? (1)

ConfrontationalGrayh (1199233) | about 6 years ago | (#25346945)

One word. RADIUS Try googling "cracking RADIUS" sometime and see how much information you can find.

Re:Wireless isn't secure???? (1)

Krabbs (1319121) | about 6 years ago | (#25347145)

"cracking RADIUS" is two words.

Bullshit, FUD and the worst summary I've ever read (5, Insightful)

Anonymous Coward | about 6 years ago | (#25346969)

Using GPUs to crack is not "new", it's a well known tachnique. Furthermore, an increase of a factor a 100 is insignificant relative to the number of years it would take to crack a key, hence the crypto is not weakened, dispelling their whole "death of wireless networking" doommonger bullshit. The only thing this actually does is speed up already feasible attacks against bad passphrases, nothing new, and certainly not a "breakthrough".

yeah right (4, Interesting)

Lord Byron II (671689) | about 6 years ago | (#25347063)

wpa2 with a shared key is only crackable with a brute force attack. Assuming that an alphanumeric character is used for each character of the attack, then for a key of length 8 (the minimum) the attack takes 26+26+10+10=72^8 (lowercase+uppercase+numbers+shifted num keys) time which is 7x10^14. A factor of 100 isn't a big deal - it reduces it to 7x10^12.

Even worse, if the key is longer than the minimum, say 14 digits, then the number of brute force keys are 1x10^26 and improving that to 1x10^24 isn't going to make much of a difference at all.

"This will end business use! A workaround is..." (0)

Anonymous Coward | about 6 years ago | (#25347089)

It's interesting that the summary says that this is the absolute end, then goes on to describe a workaround. My company uses IPsec in their wifi. I guess I can see why now.

But for the summary to say that this is the absolute end of the world, when some networks in use today are already immune, that seems a bit arrogant.

Where I work, we call this FUD (3, Insightful)

Roskolnikov (68772) | about 6 years ago | (#25347231)

The WIFI at my workplace is available, there is little if any security and the traffic isn't encrypted; why? well it has always been associated with being insecure, so when WIFI was rolled out it was placed on the Big I instead of the little i and to get anywhere internal you must bring up a VPN tunnel to work, add some poisoned routing information on both sides to account for the networks being used (internal versus internal) and you have some hope of preventing someone from bridging i to I.

You shouldn't use WIFI for anything that you wouldn't want to share openly and even if you believe that what you are doing is secure you should know that someone could still be capturing your session and working on it offline; the vendors haven't helped either, most wireless routers will 'work' right out of the box, purchase at worst-buy, plug it into your cable modem and in 60 seconds your on, I can't tell you how many networks I've found this way, most still have the default admin account set (just google the model number being advertised by the network)
and your in....

Munitions (1)

nurb432 (527695) | about 6 years ago | (#25347233)

Just declare GPU's a munition ( like supercomputers are ) and restrict access/require registration.

Then incorporate chip level DRM/TPM so only 'approved' applications can run.

Hey, its for the children, right?

Re:Munitions (1)

Bryan_W (649785) | about 6 years ago | (#25347337)

Just declare GPU's a munition ( like supercomputers are ) and restrict access/require registration.

Then incorporate chip level DRM/TPM so only 'approved' applications can run.

It's comments like these that require a +1, Scary moderation

Nothing special (1)

PingXao (153057) | about 6 years ago | (#25347253)

Their approach seems to be doing nothing but speeding up brute-force searching for the key. If it's a "bad" key, like a simple word, this will speed up the search greatly. If it's a "good" key then speeding up the search 100 times is, for all practical purposes, meaningless. Get back to me when you've achieved a 100 * 100 * 100 * 100 * 100 * 100 *100 * 100 faster search.

Um.. (0)

Anonymous Coward | about 6 years ago | (#25347297)

If you're using one of the 1000 most popular SSIDs and one of the 172000 most popular passwords, you're already in trouble. There's a 33 GB file out there that has your WPA hash, and it's just /seconds/ to get owned.

Change your SSID. Change it now. Randomly generate a password and save it in a file; if you can remember it, someone, somehow, can guess it.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?