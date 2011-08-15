Trending

Wi-Fi Security: Cracking WPA With CPUs, GPUs, And The Cloud

Is your network safe? Almost all of us prefer the convenience of Wi-Fi over the hassle of a wired connection. But what does that mean for security? Our tests tell the whole story. We go from password cracking on the desktop to hacking in the cloud.

Test Setup

References in this article to WPA can be read as "WPA/WPA2." Furthermore, the techniques used in this article are unaffected by TKIP or AES encryption.

Desktop HardwareNotebook(Lenovo ThinkPad T410)
ProcessorIntel Core i5-2500K (Sandy Bridge), 3.3 GHz, LGA 1155, 6 MB Shared L3Intel Core i5-540M (Arrandale), 2.53 GHz, PGA 988, 3 MB Shared L3
MotherboardAsrock Z68 Extreme4-
MemoryKingston Hyper-X 8 GB (2 x 4 GB) DDR3-1333 @ DDR3-1333, 1.5 VCrucial DDR3-1333 8 GB (2 x 4 GB)
Hard DriveSamsung 470 256 GBSeagate Momentus 5400.6 500 GB
GraphicsPalit GeForce GTX 460 1 GBNvidia GeForce GTX 590AMD Radeon HD 6850AMD Radeon HD 6990 Nvidia Quadro NVS 3100M
Power SupplySeasonic 760 W, 80 PLUS-
Network CardAirPcap Nx USB AdapterAirPcap Nx USB Adapter
System Software and Drivers
Operating SystemWindows 7 Ultimate 64-bitBacktrack 5 64-bit
DirectXDirectX 11
Windows DriversAirPcap 4.1.2Catalyst 11.6Nvidia 275.33AirPcap 4.1.2
Linux DriversCatalyst 11.6Nvidia 275.09.07-

Software
Cain & AbelVersion: 4.9.40
Aircrack-ngVersion: 0.70
Elcomsoft Wireless Security AuditorVersion: 4.0.211 Professional Edition
PyritVersion: 0.4.1-dev

The majority of tests in this article were performed in the field, facilitating an exploration of network security under real-world conditions. There were a few situations where the signal strength of our target network prevented us from proceeding further in our experiments, though. In those rare cases, we used our Cisco Linksys E4200, which we set up to use 802.11g at 2.4 GHz.

80 Comments Comment from the forums
  • fstrthnu 15 August 2011 11:50
    Well it's good to see that WPA(2) is still going to hold out as a reliable security measure for years to come.
    Reply
  • runswindows95 15 August 2011 11:52
    The 12 pack of Newcastles works for me! Give that to me, and I will set you up on my wifi! Free beer for free wifi!
    Reply
  • Soma42 15 August 2011 11:59
    I think I'm going to go change my password right now...
    Reply
  • Pyree 15 August 2011 12:10
    runswindows95The 12 pack of Newcastles works for me! Give that to me, and I will set you up on my wifi! Free beer for free wifi!
    Then either beer at your place is really expensive or internet is really cheap. Need 6x12 pack for me.
    Reply
  • compton 15 August 2011 15:01
    Thanks for another article that obviously took a lot of work to put together. The last couple of articles on WiFi and archive cracking were all excellent reads, and this is a welcome addition.
    Reply
  • mikaelgrev 15 August 2011 15:26
    "Why? Because an entire word is functionally the same as a single letter, like "a." So searching for "thematrix" is treated the same as "12" in a brute-force attack."

    This is an extremely wrong conclusion. Extremely wrong.
    Reply
  • 15 August 2011 16:38
    What about the permutations of the words?
    i.e ape can be written:
    ape, Ape, aPe, apE, APe, aPE, ApE, APE.
    Thats 2^3=8 permutations. Add a number after and you get (2^3)*(10^1)=80 permutations.
    You can write PasswordPassword in 2^16=65536 ways.
    How about using a long sentence as a password?
    i.e MyCatIsSuperCuteAndCuddly, thats 2^25 permutations :)
    Reply
  • molo9000 15 August 2011 16:57
    Any word on MAC address filtering?
    Can you scan for the MAC addresses? It's probably easy to get and fake MAC adresses, or it would have been mentioned.


    *scans networks*
    12 networks here,
    1 still using WEP
    10 allowing WPA with TKIP
    only 1 using WPA2 with AES only (my network)
    Reply
  • agnickolov 15 August 2011 17:50
    Considering my WPA password is over 20 characters long I should be safe for the foreseeable future...
    Reply
  • aaron88_7 15 August 2011 18:05
    "12345, that's amazing, I've got the same combination on my luggage!"Still makes me laugh every time!
    Reply