Wi-Fi Security: Cracking WPA With CPUs, GPUs, And The Cloud

WEP Is Dead, Haven't You Heard?

Wired Equivalent Privacy (WEP) was the first security algorithm used by wireless networks to restrict access. It was originally introduced in 1999 as part of the 802.11 standard. However, it has long been considered to be a "broken" algorithm, and was effectively replaced by Wi-Fi Protected Access (WPA).

Recovering a WEP key out in the wild.Recovering a WEP key out in the wild.

If you're still using WEP on an older wireless router, try not to feel too safe. The Wi-Fi Alliance abandoned WEP in 2003 because it's very easy to crack. With $20 and some basic technical know-how, a neighbor can procure your WEP password in about 10 minutes using publicly-available tools. It really is time to upgrade to at least WPA.

The process of breaking a WEP password can vary, but we've seen it done enough times that there's little reason to detail this bit of deviousness here on Tom's Hardware. Think of us like AMC's Breaking Bad. We're not here to show you how to cook meth. But our story hinges on the process. An enthusiast using WEP should know how easy it is to circumvent, and we did it so that you don't have to learn the hard way. To give you an idea of what's involved, we used Cain & Abel, Aircracking-ng, and an AirPcap Nx adapter to find a nearby network's WEP key in about five minutes. The length of the key doesn't affect recovery time, either.

Connecting to the cracked network after six minutes of effort.Connecting to the cracked network after six minutes of effort.

The fundamental problem is that it's incredibly easy to eavesdrop on a WEP network and sniff out the information needed to crack the RC4 cipher backing the protocol. Even if there aren't enough packets traveling between the router and clients inside the network, it's possible to send packets in such a way to simulate reply packets, which then can be used to find the key. It's even possible to forcibly boot users off a router in order to generate packets with authentication information. Scary stuff; avoid it at all costs if security truly matters to you.

This thread is closed for comments
80 comments
    Your comment
  • fstrthnu
    Well it's good to see that WPA(2) is still going to hold out as a reliable security measure for years to come.
  • runswindows95
    The 12 pack of Newcastles works for me! Give that to me, and I will set you up on my wifi! Free beer for free wifi!
  • Soma42
    I think I'm going to go change my password right now...
  • Pyree
    runswindows95The 12 pack of Newcastles works for me! Give that to me, and I will set you up on my wifi! Free beer for free wifi!


    Then either beer at your place is really expensive or internet is really cheap. Need 6x12 pack for me.
  • compton
    Thanks for another article that obviously took a lot of work to put together. The last couple of articles on WiFi and archive cracking were all excellent reads, and this is a welcome addition.
  • mikaelgrev
    "Why? Because an entire word is functionally the same as a single letter, like "a." So searching for "thematrix" is treated the same as "12" in a brute-force attack."

    This is an extremely wrong conclusion. Extremely wrong.
  • What about the permutations of the words?
    i.e ape can be written:
    ape, Ape, aPe, apE, APe, aPE, ApE, APE.
    Thats 2^3=8 permutations. Add a number after and you get (2^3)*(10^1)=80 permutations.
    You can write PasswordPassword in 2^16=65536 ways.
    How about using a long sentence as a password?
    i.e MyCatIsSuperCuteAndCuddly, thats 2^25 permutations :)
  • molo9000
    Any word on MAC address filtering?
    Can you scan for the MAC addresses? It's probably easy to get and fake MAC adresses, or it would have been mentioned.


    *scans networks*
    12 networks here,
    1 still using WEP
    10 allowing WPA with TKIP
    only 1 using WPA2 with AES only (my network)
  • agnickolov
    Considering my WPA password is over 20 characters long I should be safe for the foreseeable future...
  • ojas
    Interesting article, i see that my fortress is safe :)
  • dickcheney
    molo9000Any word on MAC address filtering?Can you scan for the MAC addresses? It's probably easy to get and fake MAC adresses, or it would have been mentioned.*scans networks*12 networks here,1 still using WEP10 allowing WPA with TKIPonly 1 using WPA2 with AES only (my network)


    Same over here. I have a guest though, its a bit weaker than my main network. The guest is a 20 alphanumerical character long WPA2 AES-256bit. My main is 40 character long... Guess I went a bit overboard.
  • gokanis
    aaron88_7"12345, that's amazing, I've got the same combination on my luggage!"Still makes me laugh every time!


    One of the best lines in the movie...
  • fausto
    i better check on security when i get home
  • banthracis
    molo9000Any word on MAC address filtering?Can you scan for the MAC addresses? It's probably easy to get and fake MAC adresses, or it would have been mentioned.*scans networks*12 networks here,1 still using WEP10 allowing WPA with TKIPonly 1 using WPA2 with AES only (my network)


    MAC address filtering is a joke, especially if the network actively broadcasts its SSID. Simple reason, MAC address and IP info is not even encrypted when sent over the air. So, wait for legit user to connect, grab his MAC, spoof MAC address and enjoy.
  • acku
    163150 said:
    "Why? Because an entire word is functionally the same as a single letter, like "a." So searching for "thematrix" is treated the same as "12" in a brute-force attack." This is an extremely wrong conclusion. Extremely wrong.



    If you truly understand programming, then you know that my statement is a comparison of dictionary vs. brute-force attacks. In a dictionary attack, you provide a wordlist, which is used to make unique combination. For a brute-force attack, each letter is randomly selected and joined together in a string. The length of a password has no bearing on the number of KDFs. I suggest that you read Ivan Golubev's blog post and hit up the BackTrack forums if you need help understanding why this is the case.

    Quote:
    "Next Big Bang" do you known what moore's law is? that "All (Printable) ASCII characters" 12 character password will be cracked in your lifetime, possibly with the cpu power of your cell phone. in 1982 we had spectrum zx with a z80 cpu running @3.5mhz. now I've an intel E7-8870 with 10cores running @E7-8870. not to mention like you demonstrated that gpu's are far more powerful cracking passwords. Also you can use other programs, pyrit is not the best for cracking with gpu's. Also you can use rainbow tables. Your assumption that a WPA2 with 12 characters is safe forever is very wrong and missleading and dangerous. It's the same assumptions that made people believe WEP was ok to use forever. now we can crack wep under 1 minute.


    RISC? That better be distributed if we're going to walk down that path. And as I've explained time and time again, rainbow tables are not valid for this type of attack. I purposely explained why under "Understanding WPA/WPA2."

    Second, I'm not sure what you're using but Pyrit is considered the standard by which other brute-force crackers are measured for WPA/WPA2. It's what's used at DEFCON. Our version has some optimizations, but again, it you go to any of the major security conferences, you'll find that it's what people use.

    Third, WEP is can be broken with relative ease because it's not a brute-force attack that renders it ineffective. It's a related key attack. Any nondirect attack leverages weaknesses in order to compromise a system. That's a different ballpark. We're dealing with cracking at the lowest common denominator.

    Quote:
    What about the permutations of the words? i.e ape can be written: ape, Ape, aPe, apE, APe, aPE, ApE, APE. Thats 2^3=8 permutations. Add a number after and you get (2^3)*(10^1)=80 permutations. You can write PasswordPassword in 2^16=65536 ways. How about using a long sentence as a password? i.e MyCatIsSuperCuteAndCuddly, thats 2^25 permutations :)


    Permutations of words don't count in a dictionary based attack. I mean com'on. :) Let's be reasonable. You're either paranoid at this point or too smart. Though, I'd argue that caps on the first letter is easily defeatable.

    Cheers,
    Andrew Ku
    TomsHardware.com
  • custodian-1
    All through history people have tried to lock things if someone locks it someone else will figure how to unlock it. It may me mathematically impossible but it's not the only way. Someone will have to know the password and we are fallible.
  • WyomingKnott
    Quote:
    or amateur script kiddies testing their meddle.

    I try to avoid picking on grammar or word errors, since it seems that many of these articles are translated from German. But this is a beauty.

    The phrase is usually "testing their mettle," which the dictionary on Yahoo! defines as "Courage and fortitude; spirit." The usual error on this phrase is the substitution of the word "metal" by spell checkers, dictation software, or people who don't know the origin of the phrase.

    But since these kiddies do indeed "meddle" with out networks, our data, and our lives, the substitution works elegantly.
  • jamie_1318
    Man sucks for all you people who live close enough to there neighbor to worry about their password being hacked. My nearest neighbor is more than 200m away, and than I live in a brick house, so it barely goes out the windows. It would be pretty obvious if some dude was standing outside my house accessing my files.
  • djridonkulus
    Why don't they limit the number of authentication attempts like you said in the article like banks? Wouldn't that kill all attempts at brute force hacking?
  • bounty
    All is takes is 1 non-common letter substitution to make a simpler (but not short) password avoid a word list. Then it's back to searching the whole key space. I only mention this because making your password so complex, you end up writing it down or re-using it is worse than making it slightly less than fully random. I prefer medium phrases with 2-3 randomly swapped in/inserted symbols and numbers. Maybe with some word part capitalized. Something like hun.ryHI5ppo (a bastardization of hungry hippo) can be memorized but isn't "fully random."

    Also, do you have an idea of what the FPGA's speed would be like in comparison? Or for that matter speculation on other upcomming hardware? I'm thinking of stuff Nvidia and Intel are throwing at HPC etc. Also moore's law.
  • palladin9479
    What you quickly notice is that the weakest link isn't the security system but the user / person involved. People talk about 10,20,40 character passwords, those mean absolutely nothing if the characters are alphanumeric words. A dictionary based attack can crack those much faster then a truly random password.

    And in all honestly, why are we using "passwords" with a network encryption system. Just generate a random sequence of ASCII characters and use that again. The best method would be to directly generate the key in binary and just import it into the encryption system.
  • MrBig55
    Before I'd secure my neiborhoods networks while I do tweaks/repairs for them, most were using WEP, some didn't protect their wi-fi at all and I was the only one behind a WPA2 protected network. Now a few years later, on 26 networks detected in my livingroom, no neighbor networks are unprotected, 3 uses WEP, all other uses WPA/WPA2.

    Since I helped configure every router I've put my hands on, my neighborhood is much more secure than it was only years later. So I'm happy to see WPA2 won't be crackable in the near future. ^-^
  • Total search time is a worst-case scenario. On the average, you should crack the code in half that time or less?