Russian researchers achieve 100-fold increase in WPA2 cracking speed
Russian security company Elcomsoft just posted a press release (original PDF) detailing a new method to crack WPA and WPA2 keys:
With the latest version of Elcomsoft Distributed Password Recovery, it is now possible to crack WPA and WPA2 protection on Wi-Fi networks up to 100 times quicker with the use of massively parallel computational power of the newest NVIDIA chips. Elcomsoft Distributed Password Recovery only needs a few packets intercepted in order to perform the attack.
The 100-fold increase in speed is achieved with two GeForct GTX280’s per workstation; for €599 you can build a network of 20 workstations dedicated to “recovering” your “lost” WPA keys. This means that a WPA or WPA2 key could be cracked in days or weeks instead of years.
This has prompted security firm GSS to advise their clients to add an additional layer of protection to their Wifi networks:
“This breakthrough in brute force decryption of Wi-Fi signals by Elcomsoft confirms our observations that firms can no longer rely on standards-based security to protect their data,” said GSS managing director David Hobson. “As a result, we now advise clients using Wi-Fi in their offices to move on up to a VPN encryption system as well.”
But the question remains how long it will take until the next generation of GPU’s or custom-designed chips will break VPN encryption as well. 3DES DES encryption can already be broken quite easily with custom-built machines, and while AES appears to be better on paper, there is no guarantee that there isn’t some hidden flaw in the algorithm. GSS agrees:
Hobson added that the development could spur a step back from wireless to wired network connection in sensitive installation, such as financial services organisations, particularly concerned about data privacy.
Update: This will, of course, mainly affect simple ascii keys. And it will only work against static keys; anyone using more complicated authentication schemes will not be at risk for now. But since that takes a couple of extra minutes when installing, smaller businesses or departments often skip setting this up.
October 12th, 2008 at 7:28 pm
“3DES encryption can already be broken quite easily with custom-built machines”
It can? Since when?
October 12th, 2008 at 7:28 pm
Maybe this will spur the research into wireless quantum encryption? Right now its not really developed, more of a interesting problem. But if commerical funding were really kicked into high gear, those problems would be solved alot sooner.
October 12th, 2008 at 7:33 pm
This is not new, nor exciting. All they’ve done is taken an embarassingly parallel problem and implemented it in parallel. A factor of 100x speedup will not make a difference in practicality.
October 12th, 2008 at 7:53 pm
You’re looking at it too simplistically.
a) network up to 10,000 machines
b) 100x speedup on nvidia GPUs.
a * b = 1,000,000 speedup.
Further, who said we had to search the entire keyspace, if we can reduce the keyspace by knowing what keys are more probable than others (english words, for example).
October 12th, 2008 at 8:08 pm
I like the distributed aspect. Who needs a small network, self built? Why not put your botnet to work and crack it even faster and cheaper?
October 12th, 2008 at 8:13 pm
It always makes me chuckle when people say things like “oh, we’ll just network 10,000 machines, no problem!”
Did you ever try it?
October 12th, 2008 at 8:15 pm
Tabrisnet:
Brute force approaches have utilized networked machines for years. The only thing new is that they’ve used here is GPU acceleration, which is a perfect fit for parallel applications. Using FPGA’s (field-programmable gate arrays) would be faster still.
Using this technique isn’t any sort of innovative technique, nor does it represent a significant threat to WPA. By threat, I mean the type of vulnerability that brought down double-DES. WPA can be easily extended to use a larger key.
October 12th, 2008 at 8:17 pm
“3DES encryption can already be broken quite easily with custom-built machines”
Maybe these guys are kosher, but a pronouncement like the one above makes me wonder of they are just peddling snake oil?
October 12th, 2008 at 8:19 pm
“Using FPGA’s (field-programmable gate arrays) would be faster still.” Yeah because they’re magic.
October 12th, 2008 at 8:21 pm
“Why not put your botnet to work and crack it even faster and cheaper?”
The day botnet ops start remotely installing GeForct GTX280’s in infected machines is the day I go out and get infected!
October 12th, 2008 at 8:23 pm
See http://code.google.com/p/pyrit/
October 12th, 2008 at 8:28 pm
Umm…brute force does not qualify as breaking an encryption algorithm…by definition.
If you follow good practices for creating and maintaining your keys (English words NOT being in that set), this is not a threat to your security.
And unless you happen to just have a botnet lying around, networking 10,000 machines is simply out of the realm of practical.
October 12th, 2008 at 8:37 pm
““Using FPGA’s (field-programmable gate arrays) would be faster still.” Yeah because they’re magic.”
Because hardware designed expressly for one purpose is always faster than general-purpose CPUs, if roughly the same amount of money/technology is invested.
October 12th, 2008 at 8:46 pm
FPGA’s appear to offer better than 100x improvement — based on my limited, but hands on experience. The problem is that they’re quite costly and very difficult to utilize. There are a couple apps, specifically for wireless cracking but the details are coded by the FPGA “magic” gurus. I think the key here is that NVIDIA cards are cheaper and NVIDIA CUDA isn’t all that difficult to implement.
October 12th, 2008 at 9:02 pm
“This will, of course, mainly affect simple ascii keys. And it will only work against static keys; anyone using more complicated authentication schemes will not be at risk for now. But since that takes a couple of extra minutes when installing, smaller businesses or departments often skip setting this up.”
You are probably referring to 802.1x, which takes MUCH longer than “a couple of extra minutes when installing” in order for it to work properly. Most, if not all, large organisations (financial, etc.) have RADIUS servers and will be using 802.1x, so this whole article is pure FUD. The only people who are at risk are home users or small businesses. Is someone *really* going to build a 32 box/64GPU machine to break their encryption?
Please stop scaring the masses with articles like this.
October 12th, 2008 at 11:07 pm
[…] Link […]
October 12th, 2008 at 11:11 pm
Errrrr… Why use bruteforce encryption? There are already ways to crack WPA/WPA2 in less than a few hours without bruteforcing technique.
October 13th, 2008 at 1:25 am
[…] days of relying on WPA or WPA2 as your online layer of wireless security may be numbered. A new technique that makes use of NVIDIA’s newer GPU’s to do some of hte processing means that […]
October 13th, 2008 at 2:56 am
You all are arguing over publicly revealed tech and software. You should know that, besides the built in back-doors to your operating systems, the encryption methods also are easily and quickly broken. A very small amount of traffic sample data is needed. All traffic follows a certain structure, when you know that structure exists in your slice of data it makes it extremely easy to use intelligent decryption methods. Now if the traffic that was encrypted was created from scratch and was not documented any where it would take much much longer, but that is not the case here. Only the new order uses an undocumented protocol system. Standards are necessary for communication to work, but it also is the weak point of every piece of encrypted data. If I know that in a certain slice of data I have a 99.9% probability that this slice of data is a header or ack, then I can quickly decrypt the rest of the data, even if random byte shifting is occuring inside of the packet the byte shift is usually static so it’s very predictable.
October 13th, 2008 at 3:03 am
I guess what I am trying to show you here is that its not the math of pure brute forcing you should be looking at but how humans and AI use pattern recognition to defeat these systems.
Brute force is only an option when you have the resources. Pattern recognition is actually a lot faster and easier.
It starts from a tree type of thinking. You first isolate data that have a high probability of being a specific “type” then move down the tree one by one factoring in everything you can learn from how it is operating to timing, size, character occurrences, etc. The weakness is all encryption is that is follows a pre-defined model or standard of operation, so a “smart” system that takes this into account can chew through even the most heavily encrypted data.
October 13th, 2008 at 5:09 am
I agree with the comments by securityguru.
I am upset that only at the very end of the article do they hint about IEEE RSN/WPA2 Enterprise and using robust identity/authentication methods.
For the FPGA comment I Refer to NSA@Home http://nsa.unaligned.org/
I am surprised rainbow tables haven’t been mentioned either … i.e. guys, change your default SSID, use a high entropy key (i.e. use a hash with high entropy data) and don’t treat security as a silver bullet.
October 13th, 2008 at 5:20 am
Just want to point out that FPGA’s themselves are VERY cheap. It’s coming up with the design that could be costly 😛
October 13th, 2008 at 7:19 am
Guygoo: Low end FPGAs are cheap. Large and fast FPGAs are all but cheap. Just for fun, take a look at how much Digi-key would like for a Virtex-5 LX 330: Over $17000…
October 13th, 2008 at 8:52 am
[…] Remark: with the power of GPU, no secure wireless networking now. Even WPA and WPA2 could be hacked in minutes. Let’s put gigabyte wired home networking to real! from Security and the Net. […]
October 13th, 2008 at 2:55 pm
I blogged on this over the weekend at http://www.napera.com/blog/?p=96.
What makes this the perfect storm for WPA-PSK is two factors.
1. The increased speed of brute force attacks against WPA, whether via this GPU accelerated method or rainbow tables.
2. The typical simplicity of shared WPA-PSK passwords. Because they are shared by design, these passwords tend to be shorter, within a restricted character set and easily guessable.
The solution is not deploying VPN’s however. The solution is to deploy WPA Enterprise, which any WAP made since March 2006 supports.
Of course, WPA Enterprise is another can of worms because many people are not comfortable with RADIUS, rolling your own certs and 802.1X.
October 13th, 2008 at 5:22 pm
[…] was some great hype in the wireless security world this weekend thanks to an article that made it on to Slashdot, and some FUD pumping so-called security consultants. Elcomsoft issued a press release that they […]
October 13th, 2008 at 6:53 pm
WPA2-PSK keys can contain spaces and all sorts of things that complicate brute force attacks on passwords. I suggest you use a short (4-10 words), easy to remember pass-phrase with standard punctuation and capitalization. It also helps if you keep your SSID hidden. One other thing, use at least one archaic word or the brand name of some commonplace, unrelated item in your home for one or more words in your pass-phrase. That drastically increases the complexity of a successful brute force attack.
October 13th, 2008 at 9:12 pm
How does keeping your SSID hidden help since the SSID is placed as clear text in the header of every packet flying around.
October 14th, 2008 at 3:37 am
[…] The article at Security and the Net […]
October 14th, 2008 at 7:23 pm
Hiding your SSID is completely useless as Kevin has said it is in every packet. It’s easy to find hidden networks.
October 15th, 2008 at 12:07 am
[…] Into It – 15 Oct 08 Russian researchers achieve 100-fold increase in WPA2 cracking speed – Security and the Net Russian security company Elcomsoft just posted a press release (original PDF) detailing a new […]
October 15th, 2008 at 3:15 pm
I know many organizations require to use 802.11x and even hardware token to authenticate users. In addition, PCI-DSS has similar requirements of WPA. This might help mitigate the risks.
October 15th, 2008 at 5:34 pm
[…] Wochen statt Jahre […]
October 16th, 2008 at 5:05 am
[…] you can build a network of 20 workstations dedicated to “recovering” your “lost” WPA keys. This means that a WPA or WPA2 key could be cracked in days or weeks instead of years. Tags: password recovery, tech, wpa, wpa2 You can follow any responses to this entry through […]
October 18th, 2008 at 1:28 pm
[…] ontwikkelde een nieuwe methode om WPA en WPA2-sleutels in slechts enkele dagen in plaats van jaren te kraken. Het bedrijf noemt de methode heel onschuldig Elcomsoft Distributed Password Recovery, maar zo […]
October 25th, 2008 at 8:19 pm
[…] http://securityandthe.net/2008/10/12/russian-researchers-achieve-100-fold-increase-in-wpa2-cracking-… […]
October 28th, 2008 at 7:23 pm
[…] http://securityandthe.net/2008/10/12/russian-researchers-achieve-100-fold-increase-in-wpa2-cracking-… […]
October 29th, 2008 at 5:22 am
[…] you don’t stutter your way through Crysis. Luckily the clever folks at Elcomsoft are finding other uses for those […]
November 6th, 2008 at 4:00 am
[…] articles regarding cracking of Wireless Access Points using Nvidia cards can be found in SCmagazineUK and Heise […]
November 12th, 2008 at 10:42 am
[…] unveiled. For now… Guy Builds F-35 Fighter Jet On His Own. The 10 richest tech companies. Russian researchers achieve 100-fold increase in WPA2 cracking speed. Make your own icons. Scientists Create Beer That Could Extend Life. The Internet For Plants. […]
December 29th, 2008 at 4:26 am
hi,what software can i use for cracking wpa?
how long time to cracking wpa if i use standard machine?
thanks.
May 13th, 2009 at 7:19 pm
[…] http://securityandthe.net/2008/10/12/russian-researchers-achieve-100-fold-increase-in-wpa2-cracking-… […]
July 20th, 2009 at 3:34 am
[…] wireless LANs. Today I’m going to wear my myth busters hat again and alert you to the latest bunk news on the latest WPA cracking method and the irrelevant fear mongering “experts” that are […]
June 5th, 2010 at 9:04 am
Wow, unbelievable, I guess that no one with a wifi connection is safe