Elcomsoft Claims WPA/WPA2 Cracking Breakthrough

secmartin writes "Russian security firm Elcomsoft has released software that uses Nvidia GPUs to speed up the cracking of WPA and WPA2 keys by a factor of 100. Since the software allows them to network thousands of PCs, this anouncement effectively signals the death of wireless networking in business networks; any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether."

Does this surprise anyone?

[Mad Merlin]

This doesn't surprise me. Anyone who wasn't already assuming that anything you sent via wireless was already in the hands of your enemies (unencrypted) is a bit naive.

Re:Does this surprise anyone?

[Anonymous Coward]

I don't care how you're accessing the net, if it's important encrypt it.

Rotate your keys

[Legion_SB]

With good keys, even a 100x increase in cracking speed is still not fast

Don't use a little 8-character passphrase. Use long keys, and don't just leave them in place forever. Change them periodically.

Newsflash: Most "Business Networks" Aren't Secure

[Llywelyn]

Most businesses I've seen have had easily guessable passwords, used open relays, or WEP encryption. Many don't change their keys even after firing someone. Saying that this is a "death knell" is serious hyperbole since, for many companies, convenience trumps hardened security.

That said, the biggest risk is still always going to be insiders and former insiders who won't need to crack into the wireless network: they will already know how to get access.

Why does wireless security suck so bad?

[mcrbids]

Seriously. We've had a number of standards with names like "Wired Equivalency Protocol" and "Wifi Protected Access" and yet they seem to be falling, one-by-one, to relatively trivial attacks. I'm not saying that WPA is as bad as WEP, but how come they can't copy/paste something as good as good old-fashioned SSL?

SSL has withstood the tests of time, over, and over, and over, and over again. SSL is the gold standard for encryption. It's used on every HTTPS website, it's used for SSH, it's used as part of kerberos, IMAPS, POPS, TLS, and just about every other good-quality security tool.

So why are wireless chipset manufacturers trying to re-invent the wheel, when it's widely known that these kinds of wheels are FRIGGEN HARD to re-invent well?

Start with normal, unencrypted wireless. Getting that to work was solved long ago. Embed an SSL engine into your wireless device, with a randomly generated private key. Provide a means to access the public key, and copy/paste that key into your high security wireless driver. If you want to be paranoid, your local driver generates a private/public key pair as well, and that can be copy/pasted to your wireless device.

Done! Now you *KNOW* that if you are accessing the Internet through the driver, you are doing so through the correct wireless hotspot. Who cares about wireless MITM attacks at that point? The SSL protocol *ASSUMES* that there are MITM attempts, and foils them quite effectively, over the equally open and unsecured Internet.

Seriously, folks. This is a problem that was solved over a decade ago. Why are we doing this again?

Re:Newsflash: Most "Business Networks" Aren't Secu

[Anonymous Coward]

In terms of quantity of seperate attacks, partner networks and outsiders are the biggest risk. In terms of records stolen per breach (still arguably not the biggest risk, since Verizon didn't report cost/record) insiders were top.

http://www.verizonbusiness.com/resources/security/databreachreport.pdf [pdf]

Wires.

[Anonymous Coward]

Proof that the best solution, by far, is to use wires. Wireless is fine when you don't care what's being sent over them (browsing, etc), but for any serious business or otherwise sensitive information, I want to be plugged into an actual, physical network. Not that it's 100% secure, of course, but at least your information isn't flying around in the air waiting for someone to decrypt it, and given time, *anything* can be decrypted.

I will never own a wireless router in my home for that reason.

Re:Does this surprise anyone?

[Ironsides]

So, all I need to do is record the data, crack the first set of keys and then I can decrypt all subsequently sent packets as you have convieniently provided the new keys in the (now decrypted) data stream.

Bullshit, FUD and the worst summary I've ever read

[Anonymous Coward]

Using GPUs to crack is not "new", it's a well known tachnique. Furthermore, an increase of a factor a 100 is insignificant relative to the number of years it would take to crack a key, hence the crypto is not weakened, dispelling their whole "death of wireless networking" doommonger bullshit. The only thing this actually does is speed up already feasible attacks against bad passphrases, nothing new, and certainly not a "breakthrough".

Re:Rotate your keys

[Kjella]

Rotating keys is not a smart way to try to extend the keyspace, if he can brute force one password he can quite probably do it again. Rotating passwords is a good idea if unwanted people may have had access to the password or a device it was on like say in a corporate network, guest network or whatever. For the traditional home network where the overwhelmingly likely scenario is that he's got no inside knowledge, just set one password at maximum length with some special characters so you're using the full keyspace. He'll have a much harder time breaking one 128 bit key than ten 80 bit keys.

Where I work, we call this FUD

[Roskolnikov]

The WIFI at my workplace is available, there is little if any security and the traffic isn't encrypted; why? well it has always been associated with being insecure, so when WIFI was rolled out it was placed on the Big I instead of the little i and to get anywhere internal you must bring up a VPN tunnel to work, add some poisoned routing information on both sides to account for the networks being used (internal versus internal) and you have some hope of preventing someone from bridging i to I.

You shouldn't use WIFI for anything that you wouldn't want to share openly and even if you believe that what you are doing is secure you should know that someone could still be capturing your session and working on it offline; the vendors haven't helped either, most wireless routers will 'work' right out of the box, purchase at worst-buy, plug it into your cable modem and in 60 seconds your on, I can't tell you how many networks I've found this way, most still have the default admin account set (just google the model number being advertised by the network)
and your in....

Re:Does this surprise anyone?

[hedwards]

That was my reaction, the standard advice going back a long ways was use WEP, but for the love of god also use VPN between the devices. I can't imagine why WPA or WPA2 would make people think that you should be ditching the VPN.

Admittedly I've been guilty of not doing it, but it was more a matter of inferior Windows facilities than anything else.

Re:Wires.

[rtfa-troll]

• Being there or not being there. When you leave your wife/girlfriend/etc. alone at home for a long time should be nobody's business but your own.
• Sex.
• Bathing children. Note; your own opinion of this is irrelevant. The question is, for example, whether photos could be illegal and used against you.
• Not wanting to be interrupted whilst dying of a "prolonged illness".
• memorising my new PIN number
• Nobody's business but my own.

Privacy is a security issue.

Re:Rotate your keys

[robosmurf]

Rotating the keys doesn't help that much to close the window for attacks.

Cracking a key is a matter of chance. At a certain rate of checking trial keys, you'll have a certain chance in an hour of cracking it (except that admittedly the chance does go up with time with a fixed key as you exhaust possibilities).

As long as the attacker is constantly attacking the currently active key, then it's not much harder to break a changing key than a fixed one. Though with a fixed one, there is an upper bound (once the entire keyspace has been checked) on how long it can take.

It is helpful though for is shutting out an attacker once they have got in. But that assumes that you are not pushing out new keys over the network.

Re:F@H

[plasmacutter]

I hope you applied a logarithmic curve to that to account for moore's law.

Re:Rotate your keys

[Kjella]

Which is a meaningless statement, because it's not a choice between one strong key versus ten lesser keys.

There's nothing stopping anyone from using ten strong keys.

In theory that's true, in practise try keeping a family network with say 3-4 laptops going with rotating keys like "aDgWTgGS&)=DG&%T4/3fDH5d532NF3" and see how long it lasts before you're cursed at and asked to turn that damn thing OFF! Because you are talking about typing in that manually each time it changes, not broadcasting a new key on the wireless which the WPA standard already does, right?

Re:You can get hard passwords

[brusk]

That's a good reason not to used closed source software or a web page. It's not a good reason not to use Keepass, the program suggested above, which is open source, offline, and has high-entropy random number generation. Saying some software is bad so I won't use any is like saying some clothes are bad so I won't wear any.

Re:You can get hard passwords

[ultranova]

Steve Gibson has a site that generates random passwords on the fly (unique for you): https://www.grc.com/passwords.htm [grc.com]

So let me get this straight: you're recommending I set my password to what some dude on the Internet is telling me to, and who can trivially connect it to me since he knows the IP address it was sent to ? And the dude, who's presumably advocating this practice since he's going out of his way to enable it, is supposedly a security expert ?

Suddenly, in a flash of pure black light, it dawned on me: all hope is lost. We are doomed.

...Unbelievable. Just plain unbelievable.