WPA-PSK Cracking As a Service

An anonymous reader writes "Moxie Marlinspike, a security researcher well known for his SSL/TLS attacks, today launched a cloud-based WPA cracking service, where for $34 you can test the security of your WPA password. The WPA Cracker Web site states: 'WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes.'"

Build a dictionary!

[Anonymous Coward]

So for $34 you can make sure your password is part of their dictionary?

Re:Build a dictionary!

[supernova_hq]

No no no no, when you submit your password it will only appear as ***** to them.

Re:

[Macrat]

That's what they want you to think.

Re:

[theTerribleRobbo]

Holy shit. How did you get my password?

Re:

[qmaqdk]

Oblig.:

http://bash.org/?quote=244321 [bash.org]

And Slashdot is promoting this

[ClosedSource]

because?

Re:

[Sir_Lewk]

Because this is news for nerds, stuff that matters.

Dumbass.

Re:

[ClosedSource]

And this matters because..

Re:

[geekmux]

And this matters because..

#1: It's IT-related

#2: It's Security IT-related

#3: Within IT, it has to do with one of the most prevalent technologies in use today.

#4: And finally, it's here, because it sure as hell ain't gonna show up on CNN or the nightly news "tech" corner. Well, at least not for another 6 months or so, when it's "breaking news" to them.

Re:

[Sir_Lewk]

Ok, I originally assumed you were purposely being obtuse so my answer was short, and apparently comical to someone... I'll try to explain this clearly and concisely, so that it might sink into that brain of yours:

And this matters because..

Because any self respecting nerd who isn't busy getting their panties all twisted over "OMG HAXX0RZ" could reasonably be expected to find this interesting.

Moxie Marlinspike is a rather high profile computer security researcher who has been featured on slashdot at least on

Re:

[ClosedSource]

Yes, somebody already said that. But advertisements aren't news.

Re:

[ClosedSource]

Sure, because nobody around here thought about security until this story was posted.

Re:

[Nerdfest]

Because Moxie Marlinspike is the coolest name ever, with the possible exception of Neal Anderthal.

Re:

[kalirion]

Because information wants to be free, dude!

"test your key", riiiiight

[SuperBanana]

While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes

Anyone interested in testing their own key would not care about it taking 5 days. During a weekday, you're not around most of the time anyway. I doubt anyone cares enough to spend $40 for something that can be done for free.

Re:

[Dan541]

Suppose your in the middle of a download and suddenly you ISP capps you. For $34 and 20minutes later you could be back online at full speed.

Well at least you can say Moxie has Moxie.

[al0ha]

$34 to see if your password can survive a dictionary attack? Hell pay me $20 and I'll gladly save you some money and provide you with a password guaranteed to be unbreakable by brute force. I'll even sign an NDA to ensure I don't disclose it to anyone but rest assured even I won't be able to remember it!

Re:Well at least you can say Moxie has Moxie.

[chill]

I'll save 'em the full $34.

Go here: https://www.grc.com/passwords.htm [grc.com]

Re:Well at least you can say Moxie has Moxie.

[Urd.Yggdrasil]

Pfft, that's only pseudo random data, why settle when you can get true random data.

https://www.fourmilab.ch/hotbits/secure_generate.html [fourmilab.ch]
https://www.random.org/passwords/ [random.org]

Re:

[Techman83]

Great if you want a secure password. But the parent has provided a link specifically for Wifi passwords. Long, random and valid for WPA and WPA2. Personally I'd reckon that they'd be pretty hard to crack!

Re:

[mlts]

Even better, use a utility that gets random data without going through the Internet. Here, I use KeePass, tell it to make a 63 character random string, wiggle the mouse and type in some keys.

Then I paste the string into my router, put a copy of the string on a file in a TC protected container. That I copy to a USB flash drive and manually copy and paste that into the rest of my boxes' WPA2 config.

If I forget the WPA2 password, who cares. I log on the router via a hardwired connection, repeat the above pr

Re:

[cbiltcliffe]

....God herself.

You said that just to piss people off, didn't you? :)

Re:

[mlts]

If an attacker can get at my machine's clipboard, then I have far bigger problems to worry about other than how sturdy my WPA2 key is. That's akin to worrying if someone is fretting about using Medeco M3, Abloy PROTEC, or Evva MKS on the front door when a robber just smashed into the living room with a pickup truck.

The weakest point of the WPA2 implementation is that every machine on the SSID has to know that key. So if one laptop gets compromised and the attacker is able to extract the key, they have a t

Re:

[mlts]

That could be a decently secure system if done right. Have a program running on each of the boxes that takes the year, date, day of week, and hour (perhaps having a value for quarter hour, but you don't want to granular because machines may not be that tightly timesynced). Then add a secret key value. 128 bits would be minimum, best would be something 512 bits of cryptographically strong unpredictable data.

SHA-512 the date info + the random secret key, and convert the info to a WPA2 key format by getting

Re:Well at least you can say Moxie has Moxie.

[Power_Pentode]

Pfft, that's only pseudo random data, why settle when you can get true random data

No "random" data that you get from the net should be trusted. I throw old 16-sided gaming dice to generate a transparent X-Y grid, which is then set over the top of my cat's litter box. The positions of the cat turds are normalized against a reference litter box and fed into a fancy matrix algorithm, the output of which is SHA4 hashed and truncated to make the WPA2 key.

Re:

[VoidCrow]

But that's vulnerable to a statistical analysis of the preferred distribution of cat turds. Maybe you should randomise it by giving them catnip every time they take a dump?

Re:

[cenc]

Randomize the cat.

Or you could go even one more step and kill the cat after it takes a dump.

Re:

[selven]

That's interesting. I feed the gaming dice to my cat, then feed it ipecac and let the cat throw the dice!

Re:

[blair1q]

"I trained your cat to turd in predefined locations. I'm now 0wning your box."

That string is my WPA-PSK password! How did you get it!

Re:

[kalirion]

Eh, it's all been predetermined from the beginning of time anyway.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[wagnerrp]

That's great if you have a compliant device. I spent two hours trying to figure out why my mom's Nokia wasn't working with such a passphrase. I finally got tired of typing in such a long phrase and truncated it to 15 or so characters only to find it instantly working. Turns out while it lets you type in long phrases, it will silently fail to use them in a completely undocumented deficiency.

Re:

[zmollusc]

Nokia aren't the only phones with crap wpa implementation. My LG Renoir allows you to type in a 63 digit wpa key with only moderate difficulty, but if you actually try to connect to the wifi network the phone reboots. How i laughed.

Re:

[Hurricane78]

$20?? Pad me $10 offer a tool that generates an unlimited number of military-grade security passwords that even a young child can remember forever, and optionally also generates public/private keys to use in-between.

<fearmongering>Plus a guide on proper usage and a link list if you’re interested in learning more about how to prevent your young daughter being online-raped, your partner being raped in the ass in prison because of someone framing her, and you getting caught by Chinese/Russian/Ameri

Which is why...

[Darth Turbogeek]

... you dont use d!ct!0n@ryw0rd50r@tl3@st make them hard to be brute forced.

I cant really see how this is service is legal but I am willing to be educated how it could be.

Re:

[Sir_Lewk]

Why should it be any more illegal than tools like aircrack-ng, nmap, or for that matter, telnet? Just because something can be used by hackers doesn't mean it's illegal*.

*Unless you live in Germany. "Hacker tools" are illegal there iirc.

Also, l33t-speaking dictionary words is generally considered a pretty poor way to create passwords.

Re:

[L4t3r4lu5]

That password would be vulnerable to a standard dictionary attack which included l33t v@r1a7i0nZ.

Interleaving words makes it mmuocrhe htaord bfrourtcee.

(much more hard to brute force)

Re:

[L4t3r4lu5]

Apologies for replying to myself, but I realise that you concatenated several words. That's great if you want a 20+ character password, but which user wants that? First name + year of birth: 1R9o8b3. EAsy to remember, shocking to crack.

Re:

[karnal]

by L4t3r4lu5 --> Apologies for replying to myself, but I realise that you concatenated several words. That's great if you want a 20+ character password, but which user wants that? First name + year of birth: 1R9o8b3. EAsy to remember, shocking to crack.

You were born in the year 4345??? And your real name is Ltrlu?

From the Article...

[BulletMagnet]

"Marlinspike declined to say who operates his compute cluster"

I guess he can't come out and say he's using botted boxes, right?

Re:

[John Whitley]

Or perhaps MM simply doesn't want to get the plug pulled by a conventional cloud compute provider, due to the questionable PR (and possibly other attention) that this service may

One could view this as an alternative to the old "publish the exploit as a goad to the provider" tactic. Previously, some cryptographic weaknesses required someone to have the resources to obtain a compute cluster large enough to deal with some specific cracking problem. With this approach, it isn't even necessary to be able to se

It's actually $17 for 40 min.

[Anonymous Coward]

...$34 is the super-fast price.

who uses WPA anyways?

[Gothmolly]

Who uses WPA or WEP anyways? Either you leech your neighbor's unprotected WiFi, you live far enough away from other homes so that your signal doesn't leave your property, or you maintain a separate DMZ of wireless IPs that can't get into the good stuff, but can access the Internet.

Next people will say that MAC address security is actually meaningful.

Re:

[rikkards]

Or, you run wired.
One of the first projects I did when I moved into our new house was run ethernet to all rooms

Re:who uses WPA anyways?

[mlts]

Believe it or not, there are some embedded devices which don't have the CPU juice for WPA2, so they were given a BIOS update so they can run something better than WEP as some form of security. WPA has its issues, but it sure beats WEP.

The best wireless setup is to have two wireless SSIDs. Your internal one that runs off of WPA2-Enterprise, RADIUS server, and smart cards. Then an external one that has a stern packet filter and throttling mechanism. This way, people can log on your open wireless to check E-mail, but Limewire and other P2P apps will be stopped. Of course, someone can jump that, but if they do that, its not your problem anymore.

I do see one use for MAC address security, and its more of a legal thing than computer protection. If a security breach criminal case winds up in court, and you can prove a potential intruder was bypassing your MAC security, it might land a conviction. Otherwise, someone can make up a story of you allowing people to have your WPA2 passwords, etc.

Re:

[mlts]

It is a cool excercise in geekdom to have that though. Plus, another advantage of having the WPA2 password change every so often is that you can give your LAB party guests the WPA password for that interval of time and know that as soon as the cronjob fires to change the router's key, their access automatically gets pulled. Without the cryptographic nonce, they have no way of figuring out what the n+1 phrase is.

Re:

[bigstrat2003]

All forms of security are flawed, if that's what you're getting at. The goal is not to make it impossible to break into your space (be it computer network, home, whatever), but to make it difficult enough that it's not worth the attacker's trouble. I fail to see why you're bashing things like wireless encryption or MAC filtering for not being perfect, when you ought to realize this simple truth.

I mean, let's look at your example of "your signal doesn't leave your property". If your attacker cares enough to

Re:

[cenc]

I live in a country where most of the major ISP's provide DSL and cable modems (I would say around 40% of the country has one these) boxes with wireless and only WEP encryption ( they claim much of the country still only uses WEP when asked ). They do not provide most of the time a way to modify this, and most users would not know how anyway.

Even worse, most use a predictable well known formula for generating the password, that is based on publicly available information. Essentially you need to know two pie

If it can be brute forced you're doing it wrong

[zblack_eagle]

Nobody is going to brute force my randomly generated 63 character alphanumeric key. Not before a vulnerability in the encryption appears or the hardware gets replaced with a new standard

Re:

[Fnord666]

Nobody is going to brute force my randomly generated 63 character alphanumeric key. Not before a vulnerability in the encryption appears or the hardware gets replaced with a new standard

I thought this [xkcd.com] was how you brute forced a password in less than 30 minutes.

$34? I can undercut that.

[smchris]

For $30 I'll run the command-line random number generator I found on the web and send you a 60 digit number.

If you act today, that's only 50 cents a number!

Passwords that are found in dictionaries = FAIL!

[Hurricane78]

I’m sorry, but if your password is found in a dictionary, you fail, and deserve to be cracked. I don’t care if you’re 50 year old steel worker with no higher education. You are still a human. The most intelligent being on the planet! Behave like one, would ya?

Protip: Adding just ONE special character to your password is going to wreck even faster brute force attacks. Let alone dictionary ones.
If you want your password being “penis”, and it complains that it’s too short, n

Re:

[wisty]

It's a horrible myth that L337SP33K is very secure. Special characters just aren't that great.

Try something like "the quick brown fox shat all over the lazy dog".

Or "twinkle twinkle like a rolling stone".

Or any other phrase that makes sense to your twisted and uniquely messed-up gray matter.

Plaintext is easier for a human to remember than quasi-random characters, and it will be just as secure.

Re:

[qmaqdk]

3. If you can, use public key authentication. Let’s see them brute-force a 2048 bit key!

Remember that you can't compare symmetric and asymmetric schemes like that. Usually, in symmetric schemes the bits refer to the length of the password, where in asymmetric schemes it refers to the size of the prime numbers involved. For instance it took a good amount of time to break 64-bit DES at distributed.net, but a 663 bit prime number has been factorized using a general purpose algorithm (http://en.wikipedia.org/wiki/RSA#Integer_factorization_and_RSA_problem).

Re:

[qmaqdk]

Remember that you can't compare symmetric and asymmetric schemes like that. Usually, in symmetric schemes the bits refer to the length of the password, where in asymmetric schemes it refers to the size of the prime numbers involved. For instance it took a good amount of time to break 64-bit DES at distributed.net, but a 663 bit prime number has been factorized using a general purpose algorithm (http://en.wikipedia.org/wiki/RSA#Integer_factorization_and_RSA_problem).

That would be a 663 bit NUMBER. Even I can factorize prime numbers :P

Use a passhprase

[WD]

e.g. a sentence. With capitalization and punctuation. You won't really have to worry about dictionary attacks that way.

Nice name

[Frogbert]

Moxie Marlinspike. That's a Gnome name if ever I heard one.

We have a situation here

[gadget junkie]

In Italy, where I live, it is illegal to set up an unprotected wifi point, but since the vast majority of ADSL modem/routers are sold to homes or small businesses, I see a lot of unprotected access points, with names like "D-link "; I doubt that getting people to use robust passwords would work as well as having them use ANY password.

5 days?

[Bert64]

Assuming 5 days for a dual core, and thus 2.5-3 days for a quad core, that's not really a huge amount of time on a machine that's easily available. I certainly wouldn't want to spend $34 when i can just leave a spare quad core box running this in the background for a few days.

Brilliant business plan

[argStyopa]

Capitalism-wise, it's genius. Nearly as smart as prostitution.

"Let me perform a service, charging you by the hour, but the longer I go the happier you are."

Re:One problem

[ctmurray]

I think the tool is not being sold to people wanting to crack into a WiFi network, rather selling to people so that they can test their WiFi network.

Re:One problem

[Korbeau]

I think the tool is not being sold to people wanting to crack into a WiFi network, rather selling to people so that they can test their WiFi network.

[x] Check this box if you are above the age of 18 and promise not to use this tool for malicious intends.

[BUY NOW!!!]

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[aztracker1]

I'm sure they're willing to "test" their geolocation analytics while they test your wpa passwords too...

Re:

[Dan541]

Because I really find value in testing my OWN network.

Re:

[cbiltcliffe]

Because I really find value in testing my OWN network.

If you don't, then you don't really understand security.
The point is, these dictionaries are already available to the people with their evil bit set.
If you're going "nobody's going to figure out this password," especially if you're running a business, you really should be _making sure_ that nobody's going to figure it out, rather than going on faith.

Unless you have a multi-tens-of-millions word dictionary yourself, so you can make sure that your WPA passphrase isn't in it, you're not properly protecting you

Re:

[Dan541]

You sound like a salesman, "for only $34 you can be sure that your network is secure".

Re:

[Spazztastic]

Really. If you need to spend money to test if your password is secure. Its not. Get a better P@$sW0rD!. Otherwise Looks like I am finally getting FIOS!! lol.

Right, because it's so simple as just a password. We're not talking about your shitty residential ISP going to your moms basement hooked in to your DD-WRT router. We're talking about businesses who do their own internal audit on their network security. If $34 is all it would cost to make a point to your manager to approve infrastructure upgrade or serious changes, then that's well worth it.

You'd be very surprised how even a very complex password can be cracked with a dictionary attack, including "P@$sW0rD!"

Re:

[Dan541]

You'd be very surprised how even a very complex password can be cracked with a dictionary attack, including "P@$sW0rD!".

What about: C5&}+6@.lf2^?5Im^j~~+:VBYWe>EPohr@j)R\cwVeb/tqrm,CQDGNk)4p2X=7{;12$?Kvppgx?OWd5*eR,APZxgX^g[/\Xi_t>mwL;tCu_wvIVV{F;V'h:QGOA.o__WU6K7-v'`&&"BbbdkpFs*0I0u$eB$L$m9^vM_P>1nALd%>rbNW`uCnCF'f{][uANt`a6N`n>fKS~c;Y6-!rKS4Mzom0GFOP_-{,&@X52lym:ttAFaR"Kc"oMRQ*^-(fKA;UT/[XXdV+aHO!&Lmk?9h'"D%zp]l\g1G{k$$9tw@w!gFTXoi>cwiW-c'KfG

Re:

[Spazztastic]

Have fun remembering that off the top of your head.

Also, WPA2 passwords are limited to 256 bits, so the maximum length would be 64. Want a quick pseudo-random password? Type this into any bash prompt:

cat /dev/random | tr -dc [:alnum:][:punct:] | head -c64

Not reccomended for commercial application, but it'll keep that stupid kid next door from getting in.

Re:

[ceoyoyo]

Riiight. It does a dictionary attack on the password. Want to know if your wifi is secure against this? Does it have a dictionary word in it? Then no. Is it a random string? Then yes.

You can pay me now.

Re:

[snowraver1]

Well, you could impress a client if you were a security contractor. For $35, that's a bargain! You could also screw with your neighbor... if they so deserve it.

Re:

[Anonymous Coward]

If their password appears in a dictionary, even one of 135 million words, then you could probably impress that client with shadow puppets, or blowing bubbles.

Re:

[hey]

Maybe somebody might want to crack their neighbor's wifi now so you so can connect if they have an outage.

Re:One problem

[vivian]

Alternatively you could actually not be an asshat, get on with your neighbour and negotiate with them (over a 6 pack of beer) to allow legal access in the event of an outage.

Re:One problem

[Just Some Guy]

Living in fear must suck, huh? I have 4 open WiFi networks available to me at the moment (in a subdivision with 1/2-acre lots, not in a dense apartment complex). I've hopped onto a neighbor's network when my phone was out, and I have DHCP logs showing when they've been on mine. If I got hit with a subpoena, it'd be a piece of cake to show how many other people are using my router. That's a lot better approach for me and my neighbors than shutting each other out in a moral panic.

Re:

[GameboyRMH]

Well then it sounds like you have enough users connecting for plausible deniability. If it's only you and your neighbor sharing a private AP, you have the downsides of both the single-house private AP (no plausible deniability) and open AP (can't be sure what's passing over your network) approaches. The blame will fall on the owner of the connection that handled the offending traffic. If he downloads loli or pop culture warez over your connection and the authorities / the MAFIAA take notice, you're fucked,

Re:

[L4t3r4lu5]

That's lovely, but your contract will almost certainly make you liable for all traffic going over the connection you signed the contract to lease. Logs or not, it's your credit card paying the bill, and it'd your address the line is leased to.

Re:

[Just Some Guy]

Contract? Lease? WTF are you talking about?

Re:

[krakelohm]

I believe he is working towards your internet connection, you had to sign a contract and you pay that bill under your name correct?

Re:

[Hatta]

Having a way out of trouble doesn't negate the pain of getting in trouble in the first place. If someone does something naughty on your wifi, it's your computers who are getting confiscated, and you're paying for the lawyer to get it all back. Living in fear does suck, but that's the world we live in.

Re:

[Jedi Alec]

Any clued neighbor wouldn't be allowing others onto their wi-fi.

Considering my neighbour is hot, blonde and single, if she wants to use my connection to download pr0n I'm sure we can come to some sort of arrangement...

Re:

[Spazztastic]

Considering my neighbour is hot, blonde and single, if she wants to use my connection to download pr0n I'm sure we can come to some sort of arrangement...

I told most of my friends to avoid using someone's connection because there's a lot of creeps out there who will probably intercept their information. Parent is a perfect example.

Re:

[Enleth]

Nothing a trip to the coffe shop around the corner won't fix.

A friend of mine has a modified ThinkPad fitted with threee WiFi adapters (one IWL, one Atheroes with AP/bridge functionality, another Atheros for quick scanning and data dumps on multiple channels) with external high-gain antennas and basically the only thing that keeps him from having net access virtually everywhere is the CPU power to crack keys. Luckily for him, the biggest telecom around here gives out wireless routers with preset (permanentl

Re:

[Gothmolly]

Isn't it cheaper, easier, and less douchebaggy to just get an aircard?

Re:

[supernova_hq]

Not if what you want to get to is only on that network...

Re:

[fake_name]

Just wait for the iPhone app, so you can use your mobile connection to break into the faster wifi broadband.

Re:

[Yo Grark]

SETI@HOME?

Just wonderin.....

Yo Grark

Re:

[Shadow-isoHunt]

It's not difficult to find rainbow tables for WPA-PSK(special in that they're salted(with the SSID) hashes) in community rainbow table projects. Think BOINC - the same goes for LM/NTLM/MD5/SHA1 too.

Re:400 CPU cluster or 400 node botnet?

[mzito]

Actually, in this case, it's very straightforward. He's using Amazon EC2. EC2 charges by the hour, and all you have to do is spin up the number of servers you want. In fact, I happened to run the numbers on what the costs are for running 50 "8-core" servers, and it happens to be...$34/hour. So, what he did was say, "If I run two jobs an hour, I make a small amount of money. If I run 4-5 jobs per hour, I make more money"

This is, of course, a textbook use case for EC2, and I'm surprised no one has done it sooner.

Re:

[Fnord666]

This is, of course, a textbook use case for EC2, and I'm surprised no one has done it sooner.

It [electricalchemy.net] has been, quite recently in fact.

Re:

[Dan541]

Amazon EC2?

Re:

[wagnerrp]

The cost of $34 is exactly a 50% markup of 400 of Amazon's 'medium high-cpu' instances for the quoted 20 minutes.

Re:Cloud? (not a)

[frosty_tsm]

They don't discuss it, but I wonder if they don't just fire up 400 Amazon instances, do the work, then shut them off. For $34 (an oddly specific number), they can't afford to have 400 CPUs around. However, if they allocate on a job-by-job basis, then their overhead is very low.

This kind of work (high computation, high parallelization, infrequent request) might be the most brilliant and non-obvious use of cloud computing. Low overhead due to using someone else's hardware (rather than having 400 CPUs laying around). If this is truely what they are doing, I am very impressed.

Re:Cloud? (not a)

[wagnerrp]

A medium 'high-cpu' linux instance at Amazon is $0.17/hr [amazon.com].

($0.17/hr) x (20min) x (400 instances) = $22.66666... +50% = exactly $34

Re:

[Lord Kano]

That's far too short. "yourmomdrinksassmilk" would take longer brute force.

Question!

[Dan541]

Will it help me break into my neighbours WiFi?

 

Re:

[Dan541]

In that case ill change my computer name to something other than "Dan-PC"

Re:

[moonbender]

Hah! Now that you've said that he knows that if the intruding computer's name is something other than Dan-PC it must be you! Unless that is what you want him to think! Hmm.

Re:

[Dan541]

FTA: 20 minutes instead of 5 days.

If 360 people were using this system simultaneously,

There aren't that many idiots here. They're all at the mall.