Pages: [1]
  Print  
Author Topic: Speedily Crack WPA/WPA2 - For those who said it couldn't be done.  (Read 4557 times)
Lucid
Level 3 Member
***
Posts: 139



« on: January 19, 2009, 11:56:45 AM »

Looks like the GPU will be used to hack into our boxes. Read the full artile here:
http://www.tomshardware.com/news/elcomsoft-gpgpu-wifi-crack,6863.html#xtor=RSS-1811

This is going to be a real pain in the you know what....I knew this want' fool proof but I wonder if everyone should just make use of a radius server.

Later.

Lucid.
Logged
Lucid
Level 3 Member
***
Posts: 139



« Reply #1 on: January 19, 2009, 11:58:48 AM »

Here's from the developers themselves:
http://www.elcomsoft.com/news/268.html
Logged
EddieZ
Level 11 Member
*
Posts: 2500



« Reply #2 on: January 19, 2009, 01:40:00 PM »

Have a look at the average knowledge base of users, you will find that a Radius server is a bridge too far for most.  Wink
Logged

DIR-655 H/W: A2 FW: 1.33
Lucid
Level 3 Member
***
Posts: 139



« Reply #3 on: January 19, 2009, 02:11:32 PM »

Which makes it a good choice!

LOL. There are some tutorials out there to help one do it but I don't have a spare computer and the tutorial wasn't as easy for me to understand....Smiley

Logged
funchords
Level 3 Member
***
Posts: 298


« Reply #4 on: January 20, 2009, 11:35:04 AM »

It still can't be done.  This device is not doing anything new except using a faster way to brute-force attack an unknown password.  Unless someone uses weak passphrases, there is nothing to worry about.  The weaker the passphrase, the easier it is to guess.

From the Tomshardware article:

Quote
Wireless Security Auditor performs advanced dictionary search attacks with mutation to expose weak passwords consisting of words and phrases in spoken languages. The software also allows highly customized mutations of ordinary words to perform hundreds of mutations on each word in order to ensure the most attack coverage possible. Standard alpha-numeric incremental attacks are also supported, but naturally take a long time, even for supercomputers.

In other words, this is the standard brute-force method of password guessing.  It's telling that it hasn't chosen the PSK, but it's instead chosen dictionary words, like...

apollo
boulevard
city
dolly

...and mutations...

ap0ll0
Apollo
@POLLO
Blvd.
CITY
c1ty
d0lly

... and customized mutations, such as spaghetti and meatballs ...
spaghetti and meatballs
spaghettiandmeatballs
spaghetti & meatballs

This means that WPA hasn't been cracked -- they're attacking the human-generated passphrase! Whatever passphrase you chose is hashed together with your SSID and then converted into a 256-bit key (32-bytes).

http://www.wireshark.org/tools/wpa-psk.html is a safe tool that will help you see this work -- for example, if your SSID is dlink and your pass phrase is "this is a test' then your key is f6deb25c82479391e75132e6dcb0effbf56deb25f2b6ac69373306b6e4c0311f (and yes you can use that key instead of your passphrase and even mix them -- use the key on some devices, use the passphrase on others, and all devices will work). 

Obviously, a program can also run all combinations of the above -- from
0000000000000000000000000000000000000000000000000000000000000000 to
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff.  However, doing that takes more computing power or time than virtually anyone has, so it's unlikely your neighbors will stumble upon your particular combination any time soon. 

KEY LEARNINGS:
WPA has not been cracked
Easy passwords have always been quickly guessed, todays article is about software that makes guessing them faster and attacks the WPA passphrase using dictionary words.
For best results, choose a passphrase that avoids dictionary words or common permutations or create a random 256-bit key -- such as the 64-Random Hex one generated by https://www.grc.com/passwords.htm. 
Logged
EddieZ
Level 11 Member
*
Posts: 2500



« Reply #5 on: January 20, 2009, 11:50:57 AM »

Everything can be cracked. Sometimes it takes 5 minutes, some take 100 years. Just depends on the resources you want to apply (and how much time you have left on this planet  Grin)
Logged

DIR-655 H/W: A2 FW: 1.33
Lucid
Level 3 Member
***
Posts: 139



« Reply #6 on: January 20, 2009, 03:50:15 PM »

Looks like school is out.
Logged
KevTech
Guest
« Reply #7 on: January 20, 2009, 06:10:23 PM »

Keypass creates random passwords of any size/characters you want.
Logged
funchords
Level 3 Member
***
Posts: 298


« Reply #8 on: January 21, 2009, 02:56:12 PM »

Yeah, I've not used that but if you do, be wary of ASCII passwords or phrases that use anything swappable in the ASCII set.  They're just not supported evenly across different gear. 

If you get an ASCII random password like that, then replace any strange looking character with something from the alphanum set and you might avoid problems down the road.   (Tip does not apply to random HEX).
Logged
summerstormpictures
Level 2 Member
**
Posts: 93


« Reply #9 on: January 21, 2009, 09:36:00 PM »

I'll pass on a nice little tidbit from my ''friends'' at ''the Agency.'' One of the easiest and most stealth ways to work painlessly with passwords that are not ''real'' words in any language--are random--and ones you can change regularly--is currency serial numbers. Most people working in ''the Agency'' or in foreign offices have access to foreign currencies, but for those here in the States, U.S. will do fine.

Basically all you do is keep your money in your wallet pretty much like you would normally--perhaps find a way not to accidentally spend it. You can for example have a banknote from Turkey with letters and numbers, and you can leave yourself a ''clue'' in the password hint as simply ''Turkey'' or some other Turkish related clue. You can even collect obsolete banknotes and do this. You can combine banknote serial numbers (Turkey+Ireland+Japan etc.) as well. Anytime you want to or feel like you should change your passwords, simply accumulate some more random currency. Hey, maybe this is a way to stimulate saving money?

Another thing they do that is perhaps a little more stealth but provides typically only numbers is to hold onto receipts and use the item stock number and then simply leave a clue like ''toaster'' or ''car battery'' or ''oil change'' (or combinations).

Anyway, you get the idea. It really does work, is painless, is random and is hard to defeat.

By the way, a corollary to this system if you want to make an account dual-access only, one person types in their number, then the other theirs. This way, unless both parties are there to enter their ''half'' of a password, the account or whatever is secure.

Try it. Like someone said earlier, ''nothing cannot be defeated'' but perhaps by the time someone's hacked your password, you'll have already changed it to a new one.

Of course if you get nailed by a pick-pocket and lose your wallet... Roll Eyes
Logged
Pages: [1]
  Print  
 
Jump to:  

Theme by webtechnica.com.