|Chad Perrin, IT consultant, developer, freelance writer||Topic: WPA cracking, security|
Environment/software: All systems/all software
In his article, "Welcome to the future: cloud-based WPA cracking is here," Chad Perrin alerts readers to a US$17 "cloud"-based service, WPA Cracker, which involves capturing your cloud network traffic and uploading it to the service where it is subjected to what the author calls a "brute force cracking effort." The service is supposed to be effective against pre-shared WPA and WPA2 wireless network key deployments.
A little background
WPA (Wi-Fi Protected Access) is a certification program developed by the Wi-Fi Alliance to replace WEP to comply with the security protocol the Alliance create that was designed to secure wireless computer networks. The protocol implements the majority of the IEEE 802.11i standard.
Pre-shared key mode (or PSK) is designed for systems that don't require the more complex 802.1X authentication server (802.1X authentication needs three parties: A supplicant, an authenticator, and an authentication server). Wireless network devices encrypt the network traffic using a 256-bit key; the key may be entered either as a string of 64 hexadecimal digits or as a passphrase of 8 to 63 printable ASCII characters. Shared-key is vulnerable to password cracking if the user chooses a weak passphrase; a truly random passphrase of 13 characters is deemed sufficient to protect the network from a brute force attack.
And there is an extra layer of security: The Church of WiFi has a set of lookup tables for the top 1000 SSIDs (service set identifiers) for a million different WPA/WPA2 passphrases ... it's known as the CoWF WPA-PSK Rainbow Tables. Your network's SSID shouldn't match one of these SSIDs.
Back to the article
The WPA Cracker site advertises that it can reduce the job of performing a 135-million-word list attack on your system in about 20 minutes. Or someone else can have them perform the same attack on your system -- the difference is that if you perform the attack, you're engaging in legitimate testing and will not be worried about leaving behind a payment trail.
There's also an additional 284-million-word dictionary you can have them employ if the 135-million one fails to crack your system.
Two trends seem to emerge, one good, one not so:
- This type of service can be a boon to those wishing to perform a hefty penetration test on their site. It really echoes one of the best benefits about cloud computing ... eliminating the cost and effort to set up an application testbed.
- This is a good price to eliminate a lot of the work for someone wishing to crack a system.
Of course, the clues are embedded in the description of the service as to what to do to make this type of attack harder for someone to pull off. Go for the truly random 13 characters or more.
- "Distributed security cracking," another blog article by this author, describes distributed denial-of-service attacks and spam botnets as early, successful implementations of cloud computing technologies.
- WPA Cracker is a cloud cracking service for penetration testers and network auditors who need to check the security of WPA-PSK protected wireless networks; it gives you access to a 400-CPU cluster that will run your network capture against a 135-million word dictionary created specifically for WPA passwords.
- The IEEE 802.11i standard specifies security mechanisms for wireless networks; it replaces the Authentication and privacy clause of the original with a detailed Security clause and it deprecates the broken WEP.
- The Church of WiFi's CoWF WPA-PSK Rainbow Tables are a good start for which passphrases to NOT choose. This site provides a look into the methodology and logic behind conceiving and building the CoWF WPA-PSK Rainbow Tables.
- "Review and summary of cloud security scenarios" from the authors of the"Cloud Computing Use Cases Whitepaper" highlights security issues that architects and developers should consider as they move to the cloud.