A German security researcher snagged some great headlines today, but I suspect the impact is modest: Reuters ran a story today about Thomas Roth's claim that he can hack into WPA-protected networks by crunching passwords in Amazon's Elastic Computing Cloud (EC2) on-demand computing service. I have a query into Roth, but haven't heard back yet. The report says he'll release software after a Black Hat conference presentation later this month. I expect he's developed an approach that uses Amazon's preconfigured instances to produce vastly faster dictionary attacks than are commonly available. (Amazon allows users to tap into the graphics process or GPU, which can offer order of magnitude improvements in certain kinds of mathematical operations, including some forms of password cracking.)
The concept isn't new. In December 2009, "Moxie Marlinspike" launched WPA Cracker, a fee-based dictionary and brute-force cracking service; see my write up at the time. Elcomsoft offers commercial desktop distributed password cracking for preshared WPA keys—along with a host of other types of passwords—with GPU support, too. I interviewed Elcomsoft's chief a few months ago for the Economist, and he provided me piles of information about how difficult it is even with his software to crack well-designed password systems.
WPA/WPA2's weakness is in passphrase choice, something that's been known for years. Researcher Robert Moskowitz gave me permission way back in 2003 to publish a paper on this issue. It remains the most popular article in every year since. Because of how the passphrase conversion routine takes the text you enter for a WPA/WPA2 Preshared Key (PSK) "password" and turns it into a long hexadecimal key, it's susceptible to cracking—but only when the starting passphrase is very short or comprised of only words found in dictionaries (along with common substitutions, like zero for the letter o). The passphrase is combined with the network name (SSID), which has allowed various groups to create large, precomputed cracks of common words (so-called rainbow tables) using default SSID names. (Moskowitz had wanted every access point to ship with a uniquely created name to increase entropy. Apple does this.)
Based on Reuters description, we may have lost a character with Roth's method. That is, a formerly secure eight-character randomly created passphrase, a mix of letters, numbers, and punctuation, may now need to be nine characters for the next several years to assure unbreakability. I'm looking forward to more news.
Leave a comment