Debunking the latest fear mongering news on WPA security
For most of this decade, I have worked tirelessly to educate the public and IT on the issue of wireless network security. I’ve debunked all the wireless LAN security myths, published a comprehensive guide to wireless LAN security, clarified the difference between link-layer and VPN wireless security, and alerted IT managers to the real threats against enterprise wireless LANs. Today I’m going to wear my myth busters hat again and alert you to the latest bunk news on the latest WPA cracking method and the irrelevant fear mongering “experts” that are pitching new VPN deployments to replace existing wireless LAN security solutions.
So what really happened?
Russian software company ElcomSoft has created a new bruteforce password cracking solution that leverages General Purpose Graphical Processing Unit (GPGPU) technology to speed up hash computations by a factor of 100. More specifically, they’re using NVIDIA’s Compute Unified Device Architecture (CUDA) compiler to generate software that leverages NVIDIA GPUs. In simpler terms, ElcomSoft is using cheap off the shelf gaming graphics cards to reduce the time it takes to crack passwords.
Note: NVIDIA CUDA is also useful to the scientific community for high performance computing and it can be used to improve video encoding and Photoshop performance dramatically.
What does this mean?
It means any authentication system that relies on password complexity are now 100 times weaker. So if a user’s password normally takes 100 million years to crack, now it “only” takes 1 million year to crack. If your password only took 100 hours to crack, now it takes 1 hour to crack using this new software coupled with some high performance NVIDIA gaming graphics cards.
Who does this affect?
This is NOT a Wi-Fi Protected Access (WPA) specific attack; it’s for any authentication scheme that relies on PSK or Password complexity which affects many VPN solutions as well. If anything, WPA probably has one of the more resilient PSK schemes in use because it was deliberately designed with 100 rounds of SHA-1 hashing to make brute force attacks much more expensive. This affects some VPN and some WPA wireless security implementations.
It generally affects home users who use the home implementation of WPA which uses pre-shared keys (PSK) which are just longer passwords. Some businesses also use WPA in PSK mode so they’re affected to. Some VPN authentication mechanisms like PPTP VPN and some IPSEC VPN implementations that rely on passwords or PSKs are also at higher risk.
It has zero affect enterprise mode WPA deployments which use TLS protected authentication such as PEAP or EAP-TLS. Internal LAN authentication schemes such as NTLM and LDAP are also significantly weakened. SSL authentication schemes are not vulnerable to this particular attack.
What should the affected do?
If you haven’t already done so, make sure you’re using a long enough and random enough password for your PSK. That means you don’t use something out of the dictionary or some variation of a dictionary word or anything else that might be guessed by brute force. My previous minimum recommendation was 10 random alpha-numeric characters which would have taken about 579 thousand years for a single computer to crack. With the new cracking software, it takes a single computer with a high performance gaming graphics card about 5793 years to crack. With 1000 GPU-armed computers, we can cut that time down to 5.79 years but no rational attacker is going to use this method to go after a residential target or even business targets. There are much easier, cheaper, and faster ways of breaking in to a network. If you want to neutralize the new GPGPU threat to passwords, simply add 2 random alpha-numeric characters to your PSK.
Should you switch to VPN wireless security?
First of all, this new crack does not affect most businesses since they should generally be avoiding any authentication scheme that relies on password complexity. Second, read my article on the difference between link-layer and VPN and you’ll understand that VPN has never been the right solution for wireless LAN security. Ignore the “experts” and companies that are trying to sell you a new solution that were never relevant to begin with and use some common sense. Enterprises should be more concerned with the real threats against enterprise wireless LANs.
Update: Looks like Robert Graham independently came to the same conclusions in his blog that this is bunk. He also points out that this only goes 100 times faster with $1000 worth of graphics cards and that FPGA solutions are more feasible. I do doubt the feasibility of using large-scale distributed computing because it can only be targeted on a single wireless LAN at any given time because pre-computed tables only work for a unique SSID because it is used as a SALT in WPA PSK. There are always far cheaper and faster methods than a brute force method for breaking in to any system.
I don’t see the $1000 dollar Graphics boards being needed for this task. $200 9800 GTX could do some damage. A $300 9800 GX2 could halve that task. Two of those cards could decrease the crack time by 2 and may be after spending an extra $200 on a power supply and may be $200 extra on the board, $50 on a hard drive, $40 on RAM, $100 on the KVM and
Dual GTX 280s would be nice, but they don’t have near the power of 2 GX2s. It’s like running a 3.0 GHz Dual Core against a 2.4 GHz Quad core.
http://fah-web.stanford.edu/cgi-bin/main.py?qtype=osstats
This is the OS client folding scores using CUDA for nVidia cards. If you average the CPUs to the GPUs, you come up with about 100 times more power per GPU than CPU. This is probably the basis for the article for coming up with the calculation time.
As I said before though, I think my Dual 9800 GX2 Rig is probably 100 times more powerful than a Quad core Xeon at 3.1 GHz.
The Graphics cards do have the fact that they have to be manufactured in the last two years while the processors can be as old as pentiums and still contribute.
As I noted elsewhere, VPN can be a good solution for some workers: those that use their laptops both on the road and in the office. These people will (hopefully) already have a VPN client configured, so this won’t add any additional work for the IT department.
Still, it’s generally much easier to get onto a network by social engineering instead of guessing PSK’s for a VPN or WiFi connection.
In my VPN versis Wi-Fi security article, I’ve noted that there is a time and place for everything. Obviously you can’t use Wi-Fi security from a remote location and that’s where VPN comes in handy. When you’re in Wireless LAN range, you use WPA Enterprise grade security.
I have WPA2 for my wireless network using a 24 character string with some symbols. I figure that if someone really wants on, they’ll get on, but even using this tool, the fastest Xeon or Core 2 Extreme processors, and as many over-clocked GX280s as the system can handle (complete with cooling tower from a nuclear facility), it’s still going to take someone a long time to crack my password.
@Martin – VPN is only secure as the network it’s on. If you’re in an office with unsecured Wi-Fi connected directly to the office LAN, the VPN isn’t going to secure anything if a wardriver sits outside the building.