Forgot your password?
typodupeerror
Security Wireless Networking

WPA/WPA2 Cracking With CPUs, GPUs, and the Cloud 106

Posted by CmdrTaco
from the its-different-cuz-its-cloudy dept.
wintertargeter writes "Yeah, it's another article on security, but this time we finally get a complete picture. Tom's Hardware looks at WPA/WPA2 brute-force cracking with CPUs, GPUs, and Amazon's Nvidia Tesla-based EC2 cloud servers. Verdict? WPA/WPA2 is pretty damn secure. Now to wait for a side-channel attack. Sigh...."
This discussion has been archived. No new comments can be posted.

WPA/WPA2 Cracking With CPUs, GPUs, and the Cloud

Comments Filter:
  • Secure from brute force attacks != secure. Hello, exploits!

    http://www.wi-fiplanet.com/news/article.php/3784251/WPA-Vulnerability-Discovered.htm [wi-fiplanet.com]

    • Re:brute farce (Score:4, Insightful)

      by Hatta (162192) on Monday August 15, 2011 @12:48PM (#37096030) Journal

      That's why we use WPA2/AES.

      • I'm considering setting up WiFi in my small apartment so I don't have cables going all over the place. To PS3, printer, desktop and laptop. If I setup my computers for WPA2/AES and change the key on a regular basis, is this considered secure enough? The printer and PS3 won't be on 24/7 so no one can run through 500 pgs and a couple of toners on me.

        Its difficult to figure out all the ongoing wireless standards and security when you don't work in the industry.

        • by elsJake (1129889)
          Just use keys longer than 23 chars , alphanumeric + special chars , and use a nonstandard SSID for the network (treat as a password, it's used to salt the key derived from your PSK). All this on WPA2/AES and you should be considered secure.
        • by Joce640k (829181)

          If I setup my computers for WPA2/AES and change the key on a regular basis, is this considered secure enough?

          Yes.

          Only WEP is truly broken. WPA and WPA2 are only vulnerable to weak passwords.

    • by bogie (31020)

      Like the quote in the article said its "more of a pinhole than a crack". It needs very specific circumstances and also need you to use TKIP vs AES. I'm not sure about as of today but in regarding to that article WPA with AES=secure.

      The real problem isn't anything to do with WPA, its with companies like Verizon who in modern times have the stupidity to use WEP. If its not WPA2 compatible throw it in the garbage.

      • by yuhong (1378501)

        Yep, the main lesson I think is that it shows how bad CRC32 is as an integrity check.

    • by yuhong (1378501)

      FYI, there is a new attack on TKIP that can recover the temporal key after capturing 2^38 packets (for comparison, WEP's IV is 24-bit):
      http://infoscience.epfl.ch/record/165984 [infoscience.epfl.ch]

  • The Only Solution (Score:5, Insightful)

    by MightyMartian (840721) on Monday August 15, 2011 @12:38PM (#37095892) Journal

    Ultimately the only solution is to have a segregated WiFi network. I've set one up in one of our offices, with the others to follow soon. If one our workers needs to access internal network resources from our WiFi network, he's got to do what he'd do if he was in a coffee shop or an airport, establish a VPN connection to the internal network. There simply isn't any other solution so far as I can tell. You have to treat WiFi as a potentially hostile entry point.

    • by h4rr4r (612664)

      I hope you are doing the same or something similar with wired then. No locking switch ports by MAC address is not good enough. Dead easy to spoof the MAC address of the machine I unplugged to get my evil device in.

      • by omglolbah (731566)

        That requires physical access to the corporate office though.
        Wireless doesnt.

        Most places that is a fairly important difference.

        • by h4rr4r (612664) on Monday August 15, 2011 @12:47PM (#37096022)

          Anyone with a set of overalls a handtruck/cart and a cardboard box can get into pretty much any office.

          • You've been watching too much Burn Notice.
            • From my experience, that much is true if you've seen a single episode.

            • by h4rr4r (612664) on Monday August 15, 2011 @01:14PM (#37096344)

              Nope, just had to chase a verizon man out of my server room a couple weeks ago.

              The receptionist let him in because it said verizon on his jacket and someone kept letting him through doors after that. He was on the wrong floor and would have disconnected live equipment had I not chased him our with a rack rail.

              • and the other 10 times he would have all the time he needed.

              • by Bengie (1121981)

                Can't enter our server rooms with out special electronic keys. Not getting past our receptionists without a guest pass and someone to vouch for you to sign off on the guest pass.

            • by Surt (22457)

              Whether or not he's been watching too much Burn Notice, Burn Notice is right about that one. You can get into about 90% of offices that way. It's actually happened (twice!) at mine, and the building is poorly designed (as recently as 20 years ago!), so improving security is difficult. Anything older than 15 years (pre-9/11) is probably similarly difficult to physically secure.

              • The building I work in was designed/built in 1971, and it's easy to physically secure... there's no actual office space on the ground floor (that's retail space that we rent out), and you need two keycards to actually get anywhere in the building: the building pass which you need to get past security after hours and use the elevators (retail space and elevators shut down from 6pm - 7am and on Sundays), and the office pass, which opens the doorway into your office area. More secure floors have a 2nd security

              • by mcrbids (148650)

                Ttight security is *expensive*. Special electronic keys (and the associated administration) costs thousands of dollars. Few organizations actually have sufficiently valuable data to justify this expense. Smaller organizations rarely do.

                So far, so good. The tough part is that as an organization grows, it reaches a point where it will start to make sense to incorporate these additional expenses. But what triggers this decision? There's no automatic formula involved, and a growing organization has to carefully

            • by kiwimate (458274)

              No, actually, I'd say it's more that you have made the error of thinking that because it's dramatized it bears no resemblance to [csoonline.com] reality [csoonline.com]. Social engineering is a big [social-engineer.org] deal [cio.com], to the extent that in places where security is paramount it's a major component in vulnerability assessment and penetration testing.

          • The fact is that gaining physical access to active Ethernet RJ45 port is significantly more difficult than sitting outside an office and hacking into a WiFi network. Yes, you're right, physical security can be an issue, but it is a much more difficult target, and thus simply does not worry me as much. If your scenario were that common, then you'd best be considering the physical security of your servers. After all if a guy in coveralls can plug in a CAT5 cable, then surely he can make it into the server

            • The other thing, is that if somebody hacks you from outside, it's your fault. If they hack you from inside, it's whoever let them in's fault.
              • by BitZtream (692029) on Monday August 15, 2011 @01:36PM (#37096564)

                Who's fault it is isn't relevant. If you're concerned with fault, you must be a manager rather than something useful. The goal is to keep things private and secure, not make sure you get to point the finger somewhere else. If you're pointing the finger, you've already failed even if you're too stupid to realize it.

                • Not at all. You assume this is an after-the-fact discussion. From an architectural point of view this perspective makes perfect sense. (You're probably too stupid to have thought of that... :-)
                • Who's fault it is isn't relevant. If you're concerned with fault, you must be a manager rather than something useful. The goal is to keep things private and secure, not make sure you get to point the finger somewhere else. If you're pointing the finger, you've already failed even if you're too stupid to realize it.

                  This kind of thinking is, in my opinion, exactly opposite of good security. Companies who take a "Security is everybody's responsiblity!" attitude are doomed to fail. Something that is everybody's responsibility is no-one's responsibility. Being able to identify whose fault it is is a side effect of knowing whose responsibility it is. My responsibility to secure the network. The receptionist's responsibility to vet the people coming into the building. The facilities/security person's responsibility t

                  • The problem is, deciding that nobody should care about security opens up a bunch of potential vulnerabilities.

                    Most companies have a side door that is accessible to employees with a badge. This is where we target to gain physical access to a building during a penetration test. Almost everyone will hold the door for you if you look busy and are reasonably respectable looking. Most companies can't afford to secure every door, or won't do it due to parking situations, etc.

                    The other attack we commonly engage

            • I'd expect the server rooms to be considerably harder to access than general offices. After all, I've one been at a job interview where I was asked to solve some problem for a test. While I did so, the interviewers left the room. I think it wouldn't have been too hard to plug something into an Ethernet port during that time. OTOH, getting into the server room would not have been possible, especially not alone.

              • in some office buildings the building maintenance can get in to any room and some they are guy that must change the light blubs / fluorescent light bulbs.

                Any ways it's easy to say that I need to check out a leak or any other issues to have cover story to get in they can say the office under you has the issue.

                • by BitZtream (692029)

                  In any secure setup, that guy can't get into server rooms without one of the operations guys watching him.

                  At least, thats the way its been everywhere I've managed.

                  Don't care whats going on in the server room, you don't go in without an authorized employee. If this is not policy, you're doing it wrong, period.

              • by arth1 (260657)

                It's fairly common to have interviewers leave a room during a test. That doesn't mean you're not observed. There is a high chance that there is an inconspicuous camera pointed at you, to observe how you behave when you think you're alone. Anything from snooping to nasty personal habits can weigh in on whether you get a job offer, or what the job offer will be.

            • by Surt (22457)

              I'd actually argue that's probably untrue at most work sites. For example, in every one of the last 5 buildings I've worked in, sharing a ride in the right elevator could get you into an area with an rj45 port, whereas getting into the server room required passing a badge access door that was only used by 5 people who all knew each other, with an expectation that anyone else would be escorted.

            • by swillden (191260)

              The fact is that gaining physical access to active Ethernet RJ45 port is significantly more difficult than sitting outside an office and hacking into a WiFi network.

              Easier than breaking WPA2? Nonsense.

              Barring some newly-discovered weakness in the protocol (very unlikely at this point), breaking WPA2 essentially requires breaking AES or the public-key algorithm you're using for your 802.1x EAP-TLS certificates (no business would use PSK, right?). The only practical way to get in is to get hold of a client certificate by compromising a machine with access (e.g. a laptop). Unless of course your target keeps their client keys on password-protected smart cards. Then y

              • Then you're going to have to nab an employee, take their card and "motivate" them to give you the password.

                Find lowest-paid employee and pay them double their yearly salary for the password. If you don't have the budget for that, you're not really involved in industrial espionage.

                • by swillden (191260)

                  Then you're going to have to nab an employee, take their card and "motivate" them to give you the password.

                  Find lowest-paid employee and pay them double their yearly salary for the password. If you don't have the budget for that, you're not really involved in industrial espionage.

                  Yep, that should do the trick very neatly.

                  I don't think that qualifies as "easier than gaining access to an RJ-45 port", though.

          • I respectfully disagree, it's very easy to put a policy in place which states that any visitor to the office needs to have a representative from within the company vouch for them and act as an escort on premises. If everyone knows the policy it's not very difficult to enforce, all it takes is proper training. It's a pretty small price to pay if your data is important enough to worry about it in the first place.
            • by h4rr4r (612664)

              It is easy to put such a policy in place. It is near impossible to get people to actually follow that policy.

              • Again, I disagree, and I'll add that I'm basing this off of personal experience. With proper training any reasonable policy should be able to be implemented, the hard part is actually making sure that people are trained and understand the repercussions. "Hard" is the operative word, it's not "impossible," and can even be easy if you do it a lot. If you have important data, like medical records, credit card numbers, socials and people don't follow simple policies like that, then they should be terminated. If
                • by h4rr4r (612664)

                  I said near impossible not impossible.

                  I am sure anyone could do the same in 99% of businesses. Get a maintenance uniform and go into an unused conference room, that would work almost everywhere.

                • Medical records?

                  Hah!!

                  Hospitals, by and large, have the worst security of any companies or institutions that I have done security testing for. by far.

                  Finding servers in accounting with blank passwords and then realizing later that they share a subnet with heart monitors makes one wonder WTF they are doing.

                  But it wasn't just one hospital, I've been to five and all were similar. Yuk.

                  At least they're improving.

          • by kmoser (1469707)
            Usually they can only get as far as the receptionist, unless they're able to social-engineer their way even farther. Although I have seen plenty of offices in which the reception area is open to the rest of the office and there is often no receptionist.
      • IPSec ought to do the trick. Mind you, I'm less worried about physical security in general.

        • by afidel (530433)
          802.1x is easier to deal with than IPSEC because you can make exceptions for equipment that does not support the protocol.
      • by gnick (1211984)

        Dead easy to spoof the MAC address of the machine I unplugged to get my evil device in.

        True. But that implies that you already have a security breach (even if that breach is a disgruntled employee or a bunch of employees wondering why the exterminator is hooking his laptop up to the network.) It's a lot easier to sit in the parking lot sniffing wireless traffic then it is to lob the weighted end of a long piece of CAT5 through an open 2nd story window and land it in an open port belonging to a machine that you've divined the MAC address for and spoofed.

      • Ofcourse, the difference iz that you need physical access to plug something in. With wireless, I don't even have to be on the same floor of the building.
      • by BitZtream (692029)

        If you're that concerned about your wired connections, you're using IPSEC in which case, you're done.

  • ... so ... yeah...

    Too long, didn't read. I didn't get the complete picture. What I do know is that the weak link continues to be people and, more specifically, decision-making people.

    "Someone give me 'Easy Security' damnit!!"

  • by liquidweaver (1988660) on Monday August 15, 2011 @12:43PM (#37095952)
    It's not possible remotely. I'd like to know how a side channel attack could be executed against a wireless target? Magic? "Hey, do you mind if I hook up my oscilloscope to you router for a few hours? Why? No reason."
  • I find this article about security to be informative. Always good to be reminded to look at how secure we think we are.

    However, I didn't appreciate that, without NoScript, the web page on which the article sits would have pulled in scripts from over 25 sources from around the web...

    • ANd I received every one of those scripts AND NOTHING BAD HAPPENED. And even if it did im fully backed up. If you have to run NoScript then you are doing things on a machine you shouldnt be browsing on , arent properly backed up, and are paranoid. NoScript IS NOT worth the hassle when i have to backup my data anyways.
  • This was really informative and good. If I were protecting valuable data, I'd use WPA and a 10-character pass and I'd be protected against hackers with today's leetest gear for the rest of the existence of the universe. That's actually a pretty amazing statistic given just how hackable everything else is these days. Well done, designers of WPA!
    • by skids (119237)

      Well done, designers of WPA

      I'd say "adequately done, designers of WPA." They did after all neglect to make the 4 way handshake a DH exchange. Fortunately there's always WPA-enterprise.

    • by MtViewGuy (197597)

      That's why my Wi-Fi router is protected with a 12-character (alphanumeric) password under WPA2 that is really hard to figure out. The chances are not good that a hacker could crack that 12-character password in a couple of hundred years using today's laptop hardware.

  • Are you guys this late in the game or what? WPA2 is crap and was blown open fairly easily.

What the scientists have in their briefcases is terrifying. -- Nikita Khruschev

Working...