Wednesday, May 20, 2009

Wireless inSecurity (WPA Owned)

So it has been no mystery that it's possible to break WPA and WPA2's Pre-Shared Key which is the default WPA security on most consumer grade access points. Because there is no direct weakness in the encryption protocol like WEP, it relied on brute force hash matching a process that can take a long time.

Wordlists considerably sped this process up making breaking WPA possible against dictionary PSK's in weeks/months as opposed to years. Why is this process so slow? WPA encrypts in multiple steps including salting the PSK hash with the SSID. So the password "dogthebountyhunter" would be SHA1 hash with the ssid or "DOG" as the salt. This adds unique randomness to make encryption breaking take longer.

Then two years ago group called "The Church of Wifi" released a set of rainbow tables (precomputed password hashes) for WPA security. The only issue is that it only covered the top 10 SSID names (default, linksys, NETGEAR, Belkin54g, etc) listed from

So PCI DSS and an entire industry for years have been championing WPA and strong non-dictionary passwords for wireless safety, and it was generally considered secure, until now...

The biggest reasons WPA and most encryption are hard to break is that they are computationally difficult algorithms which simply take long time to guess. A standard modern processor say an Intel Core2Duo 2.5Ghz could brute-force crack WPA using methods above at around 600-700 PSK/s, well if there are a 500 million possible hashes to try it's going to take while (think lifetime).

Now graphics card developers namely Nvidia and ATI have been making super computers on a chip for a decade now, with simple, fast and highly parallel processors to make Counter Strike run smoothly as possible :) Recently something amazing happened, Nvidia released the CUDA API or programing library so the average Joe could write scripts and applications harnessing the power of their GPU for any type of computation, including encryption. The end result? WPA is broken:

Pyrit Source

Another movie

No comments: