Cracking WPA/WPA2 password is easy!

Don't think that cracking WPA/WPA2 password require dictionary!  This video shows you that WPA/WPA2 can be cracked as usual with GPU(s).

Samiux

Wpa2 都唔安全。。。??

TOP

Wpa2 都唔安全。。。??
kirafung 發表於 2012-5-28 17:52


密碼夠長,時不時轉下密碼,這些基本安全措施你懂的。

TOP

It's still a dictionary attack!  See at 17:42 in the video, it shows, the cracking program had tried 260,013 times and found the password to be 'samenita'.  If you do know the password to be 8 chars in length and you just use lower case alphabets, you should have 26^8, or around 208 billion combinations.  With the GPU running at 1388 encryptions per second (as shown in the video), you still need 4.8 years to run through all combinations.

There are a few observations:
1) 8-character, just lower case alphabets, WPA/WPA2-PSK, is still good for personal use, unless you're very rich and have a lot of money transfer through e-banking.
2) 'Just' to increase the character sets to upper / lower case + digits (62 alphabets) will increase the trying time to around 5,000 years.  It should be good enough even for the most secret stuffs.  Hey, after a few thousand years, if there is still human being, and the guy find out that you see some 'porns', what's the big deal?
3) Or, increase the length of your password to say 10-characters, it will make the trying time to be around 3,200 years.  Good enough?  For me, I do want my grand-grand-grand-child to know a bit about his/her ancestor, so, no need to be so secure.
4) The GPU in the show is a rather outdated chip (Nvidia 8400M), which by Moore's law, speed double every 18 months, for example, after 6 years from now (16 times increase in computing power), you can crack the 8-character, all lower case alphabets in 108 days, again, not very good.  But with a 62-alphabets, 8-character password, it still takes 311 years to crack, so, already acceptable by most application, right?

My 2 cents.

Stephen WONG @ Hong Kong

TOP

I've read some articles related to pyrit, it's not very hard to protect your WPA/WPA2 WiFi:

1) Use a non-default SSID, if you use 'default' 'linksys' 'netgear' 'dlink' etc.  Some hackers can pre-compute PMKs, it's only a matter of storage (hard disk space), very little computation is needed to crack (if your SSID is those very popular one)
2) Use a non-dictionary derived password, with more than 10 characters, mixing upper/lower case alphabets and with some digits

Another 2 cents.

Stephen WONG @ Hong Kong

TOP

@stephenwong,

I am very surprised that you watched the whole video.  Many persons out there will not have such patient to do so.

The length of the video is about 19 minutes and consists of 2 methods of crack.  One is cracked without Pyrit and the other is using Pyrit.  The attacker in the video is not using any dictionary, I can confirm that.

The first crack that without Pyrit consumed about 8 minutes.  Although we do not know what CPU that he is using, it should not be a modern one as per the nVidia card that it shown.

The second crack that using Pyrit consumed less than 8 minutes with such a very out-dated nVidia display card.  The attacker is only equipped with one display card.  How about he got more than one?

The password is 8 characters long in lower cases and all in letters, the attacker requires 8 minutes to crack without using GPU(s).  If the password is longer or up to 62 characters long, the time consuming may be longer but not the figure that you calculated when he is using Pyrit with more than one moden display cards.

Pyrit does not work with SSID and it does no matter to the cracking.  Pyrit is not using rainbow table to crack, be keep in mind.  The crack is running in the memory only as per the video.

Your calculation is fine and it is for the out-dated hardwares but not for the modern one just like nVidia series 4xx or higher display cards.  How about the process is using multi-threads or multi-processing, just like Pyrit?

What do you think if the attacker equipped with Intel i7-3930K and two nVidia GTX 590 display cards or higher?

Samiux

TOP

It's still a dictionary attack!  See at 17:42 in the video, it shows, the cracking program had tried ...
stephenwong 發表於 2012-5-28 21:25


少少修正
by Moore's law, 係number of transistors in chip doubles every 18 months, 唔係speed

TOP

See the following 2 articles from pyrit:

http://code.google.com/p/pyrit/
http://pyrit.wordpress.com/the-t ... i-protected-access/

For sure, pyrit is a dictionary attack tool (instead of a brute force attack tool), and for sure, in order to crack WPA/WPA2 password in reasonable time now, no matter how powerful GPGPU you have, it still depends on the fact that the password chosen (and the SSID in use) is weak.  From the above articles, I quote:

"Let's do some number-crushing. The NIST estimates the guessing entropy of an 8 character password with certain rules to be about 30bit. We can assume that a lot of people somehow got smarter over night and use passwords with a guessing entropy of 32 bit. In order to crack a password of that strength with a chance of at least 50% we need about 3 billion guesses."

30-bit entropy is around 1 billion, and 32-bit entropy is around 4 billion.  But if you just do a simple calculation, 26^8, is around 208.8 billion (or around 38-bit entropy)

The real issue (at this moment) is, if the password strength is 30-bit (it implies there is some rule, ie. dictionary, to predict the password space), and you have a very fast GPGPU (say 100,000 PMK per second), you can go through all the words in the dictionary in 3 hours.  However, if you choose a random password using 'only' 8-character of lower case alphabets (a-z), with the same hardware, it will take around 24 days to go through every possible combination.

Still not comfortable, as I suggested, 'just' use lower / upper case alphabets (a-z, A-Z) and numbers (0-9) and with 10 characters.  If you can make sure the 10 characters are really random, your password is safe, (with the 100,000 PMK per second cracker, it will take 265,957 years to crack!)  Or, until if one day, we can manage quantum cracking, then, it's the end of encryption game!  Who knows if US already has some quantum cracking machine?

Stephen WONG @ Hong Kong

TOP

少少修正
by Moore's law, 係number of transistors in chip doubles every 18 months, 唔係speed ...
KinChungE 發表於 2012-5-29 01:17


But we put all the 'derivatives' into the mouth of Mr. Gordon Moore for long long time!  I quote from Wikipedia:

"Moore's law is a rule of thumb in the history of computing hardware whereby the number of transistors that can be placed inexpensively on an integrated circuit doubles approximately every two years. The period often quoted as "18 months" is due to Intel executive David House, who predicted that period for a doubling in chip performance (being a combination of the effect of more transistors and their being faster)."

Stephen WONG @ Hong Kong

TOP

It's still a dictionary attack!  See at 17:42 in the video, it shows, the cracking program had tried ...
stephenwong 發表於 2012-5-28 21:25
1) 8-character, just lower case alphabets, WPA/WPA2-PSK, is still good for personal use, unless you're very rich and have a lot of money transfer through e-banking.


E-banking會行SSL, 要再crack多一層.

TOP