Monday, October 13, 2008

WPA is NOT obsolete

Elcomsoft, a company that produces password cracking software, has recently announced an upgrade to that product that uses the computer's graphics processor (GPU) to crack Wi-Fi passwords 100 times faster than before. In response to this, one so-called expert has claimed this means that WPA/WPA2 is obsolete, and that you must use VPNs to secure Wi-Fi networks.

Not quite.

At worst, all this really means is that you have to add one extra character to your WPA password to achieve the same level of security. Password cracking is exponential. Each additional character in a password makes it 100 times more difficult to crack (assuming you use upper and lower case, numbers, and symbols).

The claim of 100 times is a little hyped. It's comparing the most expensive graphics card solution costing $1000 (dual GT280s) compared to a cheap CPU. On my system with a cheaper graphics card (Nvidia 8800GT), the GPU is likely to be only 5x faster than my CPU. If you are going to invest a lot of money in password cracking, you should probably invest in FPGAs (such as those from Pico Computing) instead.

You can only crack WPA passwords when everyone on the same network uses the same password (using "pre-shared keys" or PSK). Companies that give out different passwords to different people (using a RADIUS server and EAP) are not vulnerable to this sort of cracking. If home users are paranoid, then can install a RADIUS server.

Password crackers are good at figuring out the way people choose passwords. If you choose something like "Aardvark*Zebra", your password will be cracked quickly. Your WPA password needs to be both long AND complex.

The true danger of cracking tools like Elcomsoft's isn't the GPU, but the fact that it also uses distributed computing. You can grab all the computers in a small business and have them collaborate on cracking a single WPA password. Few people are going to invest in hardware for the purpose of cracking password, but lots of companies have "unused cycles" they can harness. If somebody were to release an open source program with GPU accelerated WPA cracking, then we'd have something more to worry about.

EDIT: George Ou also has an nice post debunking this idea.

6 comments:

ameft said...

Here it is: the open source program with GPU accelerated WPA-PSK cracking: http://code.google.com/p/pyrit/

avivra said...

Seems like an army of botnet zombies will suffice.

Christian "@xntrik" Frichot said...

Thank you voice of reason! When I first read that article from slashdot this morning my FUD-sense was tingling.

Good work Robert!

bartavelle said...

Like http://code.google.com/p/pyrit/ ? :)

It should be said that contrary to some other ciphers, WPA-PSK is effective to implement on a GPU, and I believe much more cost-efficient than FPGAs.

On the other hand, if you can afford custom FPGAs boards, it will cost a lot more, but will use much less space and power.

ToddH said...

I think the challenge is that IT managers using WPA-PSK (and yes, plenty of them use it despite the warnings) tend towards simpler passwords because that shared password needs to be distributed to a large number of employees.

Having a long, complex alphanumeric shared password for wireless access is absolutely more secure and it also no doubt results in dozens of help desk calls - because you are dealing with the lowest common denominator.

I do agree that WPA Enterprise is the only reasonable solution to the problem either way. WPA-PSK is really only suitable for residential wireless networks.

FWIW I blogged on this topic at http://www.napera.com/blog/?p=96

George said...

No Avivra,

With a 10-character random alpha-numeric PSK, WPA requires 1000 powerful computers with GPUs ~6000 years to break the PSK. Make it 1 million of these powerful computers and it still takes 6 years. Bump up the character set and length a little and we're instantly back up to 6000 years.