Wi-Fi Security: Cracking WPA With CPUs, GPUs, And The Cloud

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.
G

Guest

Guest
Thanks for the careful analysis of WPA security, but you ignored the Botnet threat. Cyber-criminals these days have thousands of CPUs and GPUs at their disposal and password cracking is easy to distribute among many processors. So figure on 10 billion WPA guesses per second if you are a valuable enough target. Also your suggestion to pick at least one number, one special character, one cap, etc. is dubious advice. Most users are very predictable in what numbers and special characters they pick and where they place them. For short passwords, such as the 8 characters you recommend, this can lower overall strength. And while you wisely suggest fully random passwords, you don't tell readers how to generate them. Please take a look at Diceware (diceware.com) which produces easy to remember and easy to type random passphrases. At 10 billion guesses/second, a 5 word diceware passphrase (for example "range eliot md kafka third") would take 45 years to crack. You don't have to enter WPA passwords all that often. Why mess around with short, weak passwords?
 
G

Guest

Guest
Two quick interesting clarifications. Neither are really practical matters, but just fun technical aspects of working in IT security.

First, AES 192/256 are largely being considered weaker than AES-128. Basically, 192/256 use a different key schedule which has been shown to have weaknesses. While 128 remains at 2^128 strength using our best attack, 192/256 have been reduced to 119/176 respectively. Again; not of a practical concern, but remember: attacks only get better/faster, so I recommend 128. Plus, it's 30% faster than 256 in most uses and more than enough security.

Second, doing a little math shows a strong password of 22 characters equates to ~128 bits of entropy. Past that is overkill, assuming you're using a 128 cipher, since the cipher becomes the weak point, not your password. So, personally, I use LastPass and 22 character passwords everywhere. Works well, easy to use, and pretty damn strong.
 

MrBig55

Distinguished
Jun 27, 2011
350
0
18,810
20
AES 256 is weaker than AES 128?? Oh well I can change that in my WPA2 settings, but AES being the same algorythm for WPA or TrueCrypt, the latter only offers the 256bit flavor... :-((
 

aaron88_7

Distinguished
Oct 4, 2010
609
0
19,010
9
[citation][nom]bounty[/nom]All is takes is 1 non-common letter substitution to make a simpler (but not short) password avoid a word list. Then it's back to searching the whole key space. I only mention this because making your password so complex, you end up writing it down or re-using it is worse than making it slightly less than fully random. I prefer medium phrases with 2-3 randomly swapped in/inserted symbols and numbers. Maybe with some word part capitalized.[/citation]
Nobody needs to remember their WiFi password. Once it's saved on your PC you don't need to re-enter it again. For that reason WiFi passwords should be completely random and as long as your router will accept. If a guest comes over and wants to get on your network just give them the key for your neighbor's Wifi ;)

Also, remember that the key is different from the router's login password which should be equally difficult to guess/crack. No good having a 20 character long password if the login is still set to "admin, password" haha
 

pyrrocc

Distinguished
Feb 2, 2011
9
0
18,510
0
It infinitesimally increases the complexity of a brute-force attack.
I do not think it means what you think it means.

infinitesimal - indefinitely or exceedingly small; minute

@thehailo - since when is 176 bits considered weaker than 128 bits?
 
G

Guest

Guest
Every discussion I've read regarding dictionary attacks presume english to be the dictionary language. How about using words/phrases in something other than english?
 

palladin9479

Distinguished
Moderator
Jul 26, 2008
3,240
0
20,860
45


Somewhat misconception, certain things need to be present in order for this to be true.

http://www.schneier.com/blog/archives/2009/07/another_new_aes.html

There are three reasons not to panic:

The attack exploits the fact that the key schedule for 256-bit version is pretty lousy -- something we pointed out in our 2000 paper -- but doesn't extend to AES with a 128-bit key.
It's a related-key attack, which requires the cryptanalyst to have access to plaintexts encrypted with multiple keys that are related in a specific way.
The attack only breaks 11 rounds of AES-256. Full AES-256 has 14 rounds.
This is a keyattack, it's attacking the implementation methods used and required the attacker have a good chunk of plaintext data along with it's encrypted result with multiple key pairs and a certain relationship.

Basically if the implementation is lazy then there is a weakness that might allow an attack to breach it in the next few centuries vs the next ice age. Its for the uber paranoid.

To the above posters about passwords and keys, they are not the same. Keys are just a number, typically represented in binary that is fed into a encryption algorithm to produce unreadable output of data, then the process is reversed to make the unreadable output into readable output. Passwords are the human input values used as a seed value to produce an encryption key. Key's don't have characters, their just binary. You can roughly represent them using 8-bit ASCII to get an idea. A 128-bit key would be 16 ASCII characters (255 possible values per character), a 256-bit key would be 32 characters. But this is only talking symmetric keying. I prefer using a 2048 bit rotating key with 256bit encryption.
 

djl47

Distinguished
Aug 16, 2011
1
0
18,510
0
A nitpick about the statement regarding "passwordpassword" as it relates to dictionary based attacks. There is no way for the dictionary attack to know it has a partial solution so every permutation of two words in the domain of possible passwords would have to be tested. The combination would consist of 300,000 ways to choose the first word and 300,000 ways to choose the second word for a total of ninety billion possible passwords using two words. This doesn't count possible substitutions such as pa55w0rd. Such substitutions create a new entry in the dictionary and a corresponding increase in the number of permutations of possible passwords.
 

bounty

Distinguished
Mar 23, 2006
389
0
18,780
0
[citation][nom]aaron88_7[/nom]Nobody needs to remember their WiFi password. Once it's saved on your PC you don't need to re-enter it again. For that reason WiFi passwords should be completely random and as long as your router will accept. If a guest comes over and wants to get on your network just give them the key for your neighbor's Wifi [/citation]

And when you want to connect your phone? Tablet? Wife's Tablet? Wife's phone? Kids phone? Your next laptop? I suppose you reload your router from scratch each time and type in the 22 character random ASCII password into your phone. You're that hardcore. :>
 
G

Guest

Guest
Those password tips exclude just about every possible way of writing any sort of password that is even humanly memorizable! What the hell are we supposed to use then?

XKCD got it right:
http://xkcd.com/936/

Your own article says that having a long password is far more important than having a needlessly complex one.
 
G

Guest

Guest
An excellent article, very informative. I used a backtrack distro to crack my own WPA PSK a couple of years ago--no fancy GPU, just an old Centrino laptop cracked it in a few hours. I then changed it to be 20+ characters long & completely random. Now I learn that's probably overkill, but I can rest a little easier.

Scary how many people still use WEP. I can pick up 4 APs by my house, excluding my own, and two of them use WEP.
 
G

Guest

Guest
26 alpha numeric key for my WPA password. Just happen to inherit this key from WEP days.I guess i can forget about someone breaking into my network.
 

slicedtoad

Distinguished
Mar 29, 2011
1,034
0
19,360
44
@acku
"thematrix" is only the same as "12" if you have 9 words in your dictionary. Since you say there are 300k words, not including common changes, that's 2^300000.

I suppose you may have meant "thematrix" is the same as any two printable ascii characters. You're still wrong as there are only 94, not 300k.

I would also suppose the above "isn't the point". Your trying to explain that a dictionary word password isn't as secure as a random one of the same length. You're right of course.

While i wouldn't normally take issue with something like that, that statement threw me off because I automatically believed you and tried to apply it to my thought process while reading the rest of the article.

The rest of the article was excellent though.
 

acku

Distinguished
Sep 6, 2010
559
0
18,980
0
[citation][nom]slicedtoad[/nom]@acku"thematrix" is only the same as "12" if you have 9 words in your dictionary. Since you say there are 300k words, not including common changes, that's 2^300000.I suppose you may have meant "thematrix" is the same as any two printable ascii characters. You're still wrong as there are only 94, not 300k.I would also suppose the above "isn't the point". Your trying to explain that a dictionary word password isn't as secure as a random one of the same length. You're right of course.While i wouldn't normally take issue with something like that, that statement threw me off because I automatically believed you and tried to apply it to my thought process while reading the rest of the article.The rest of the article was excellent though.[/citation]

Your math still isn't right. It's 300k^2 for two word combos!

A dictionary-attack that takes into account combinations treats a single word the same way a brute-force attack treats a single character. Hence "the" = "1". Formula is n^(password length), where n is the number of elements. Element in a dictionary attack is words. Password length is the number of word combos used to create a password.

That is what makes a word-based password fundamentally weak.
300k words and 2 word combos = 90 billion
94 ASCII printable character set and 12 character length password = 4.76x10^23
 

shannon78

Distinguished
Dec 20, 2008
16
0
18,510
0
[citation][nom]aaron88_7[/nom]"12345, that's amazing, I've got the same combination on my luggage!"Still makes me laugh every time![/citation]

"I see your schwartz is as big as mine"

"Sir, It's mega maid, she's gone from suck to blow"
 

11796pcs

Distinguished
Jan 3, 2011
608
0
18,990
4
A relative of mine needed the Internet once so he rode around with his laptop, found an open unprotected network, used it to gain access to the Internet and then logged into their network and changed their SSID to ThanksForLettingMeUseYourInternet. I can only imagine what happened when the family finally realized what happened. And having an SSID of linksys is like saying "come hack me".
 

jman_26

Distinguished
Jul 9, 2009
34
0
18,540
2
Well, the SSID is not at all what matters. I you have at least WPA 2, then you can say, "Hey, try to hack THIS!"

If you have WEP, then you may as well say, "Hack without mercy!"
If you are Open - i.e., zero security, then you may as well leave ALL your doors and windows opened and unlocked, with a neon sign saying "WELCOME - EVERYONE!"
 

acku

Distinguished
Sep 6, 2010
559
0
18,980
0
[citation][nom]jman_26[/nom]Well, the SSID is not at all what matters. I you have at least WPA 2, then you can say, "Hey, try to hack THIS!"If you have WEP, then you may as well say, "Hack without mercy!"If you are Open - i.e., zero security, then you may as well leave ALL your doors and windows opened and unlocked, with a neon sign saying "WELCOME - EVERYONE!"[/citation]

Careful... the SSID is your salt. If you have a common SSID, there's a decent chance your password can be defeated by rainbow tables ala Church of WiFi.
 

slicedtoad

Distinguished
Mar 29, 2011
1,034
0
19,360
44
[citation][nom]acku[/nom]Your math still isn't right. It's 300k^2 for two word combos! A dictionary-attack that takes into account combinations treats a single word the same way a brute-force attack treats a single character. Hence "the" = "1". Formula is n^(password length), where n is the number of elements. Element in a dictionary attack is words. Password length is the number of word combos used to create a password.That is what makes a word-based password fundamentally weak.300k words and 2 word combos = 90 billion94 ASCII printable character set and 12 character length password = 4.76x10^23[/citation]

Damn, i hate making mistakes while pointing out others'. My point still stands though, a two word password is far stronger than a two character one because of the number of elements (words/ascii chars).

Now let's see if i can get some math right this time.
A two word password has 9e10 possibilities. The equivalently strong random ascii password would be between 5 and 6 chars (7e9 and 6.9e11).
Three words = 2.7e16 equivalent to 8 to 9 chars (6e15 and 5.7e17).
Four words puts you at 8e21 which is just past 11 randoms (5e21).

So, if my math was right that time, four random words are just as safe as 11 random ascii printables. They are also a lot easier to remember.

An example:
4 randomly generated words: "brushing haystack jesting drag"
11 random ascii chars: "Qb+L`nrh},}"

Unless you have a very strange memory, the words are far easier.
 
Status
Not open for further replies.

ASK THE COMMUNITY