Cloud-based password cracking

[LPhifer]

Given availability of commercial cloud-computing services, it's gotten easier to apply more CPU power to password cracking. This week, Thomas Roth blogged about SHA1 brute force hash cracking benchmarks that he ran using Amazon's EC2 Cluster GPU instances:

http://stacksmashing.net/

Roth's post quickly garnered press, as reporters prematurely leapt from SHA1 hash cracking to WPA Pre-Shared Key (PSK) cracking:

http://www.techradar.com/news/internet/amazon-cloud-helps-wi-fi-hack-920221
http://www.zdnet.co.uk/blogs/mapping-babel-10017967/hacker-uses-cloud-computing-to-crack-passwords-10021067/

While there is some relationship - WPA PTKs are derived from PMKs thru repeated SHA1 hashing - there's a huge leap between what Roth benchmarked and brute-forcing a WPA PSK. Applying cloud computing to WPA PSK dictionary attacks isn't new - see this forum's post Strengthening WPA2-PSK Defenses for several commercial examples:

http://bit.ly/dbUzL5

Those who enjoy cryptanalysis may also want to read this thesis entitled "WPA password cracking: Parallel Processing on the Cell BE" -

http://projekter.aau.dk/projekter/files/17901417/WPA_password_cracking__Parallel_processing_on_the_Cell_BE_-goup1045.pdf

In response to over-stated news, Roth quickly posted this clarification:

What I did was benchmarking the speed of the new instance type for cracking SHA1 hashes. My first result was that it takes 49 minutes to do a 95 characters, 6 digit long brute force attack on a list of 14 hashes. The thing that was new is that, due to the new Amazon offering, everyone is able to spawn a 100 or mode node cluster in the cloud and distribute the task of cracking passwords onto these nodes. Especially cracking hashes is perfectly suitable for massive parallelization!

Roth said that he intended this benchmark to illustrate why Key Derivation Functions like PBKDF2 should be used instead of hash algorithms like SHA1. Doing so would make brute force cracking far more difficult and thus more resistant to the benefits of cloud computing.

Wi-Fi bottom line:
WPA PSK weaknesses are already well-known and existing cloud-based WPA PSK crackers can be readily deterred by using long complex passphrases. Roth's research is a good demonstration that such crackers will continue to grow faster and more commercially-viable. Even so, it's not clear that we're close to being able to crack long complex WPA PSKs yet. See this Wi-Fi Net News post for a brief explanation:

http://wifinetnews.com/archives/2011/01/wpa_cracked_unlikely_despite_headlines.html

[LPhifer]

Roth's update posted here: http://stacksmashing.net/tag/black-hat/

Quick synposis:

The possibility of using Amazon EC2 for PSK cracking is nothing new: Moxie Marlinspike's WPACracker uses several very large dictionaries on a 400 CPU Amazon cluster. If the PSK is in those dictionaries, crack time can be as short as 20 minutes.

Roth plans to use his own EC2-based tool at BlackHat to demonstrate how to crack a WPA-PSK handshake by trying ~400,000 PMKs/sec, possibily reaching speeds up to 1M PMKs per second.

But this still sounds like a dictionary attack - best at cracking shorter, simpler PSKs. The bigger the possible PMK space, the larger the dictionary required for an exhaustive search. Run even a moderately long, complex PSK thru WPACracker to see for yourself.

[LPhifer]

For legal reasons, Roth wasn't able to demo his cloud cracking suite at BlackHat DC, but it appears that he hopes to demo and release this tool at BlackHat EU 2011.

So, if you're heading to BlackHat in Barcelona next week, check out this briefing:

Breaking encryption in the cloud:
GPU accelerated supercomputing for everyone
http://www.blackhat.com/html/bh-eu-11/bh-eu-11-briefings.html

While you're at it, drop into this briefing too:

EAPEAK - Wireless 802.1X EAP Identification and Foot Printing Tool
http://www.securestate.com/MediaCenter/Press-Releases/Pages/SecureState-Consultants-To-Release-New-Exploit-Overseas.aspx

Password and PSK cracking get a lot of attention; 802.1X/EAP vulnerabilities are less well-known. But 802.1X attacks could be more of a threat to enterprise WLANs - admins need to understand EAP vulnerabilities and how to mitigate them.

[wlansecman]

From my expierence, very good WiFi authentication and encryption identifcation tool is WiFish Finder 2.0 from AirTight http://www.airtightnetworks.com/home/re ... inder.html
For example:
bt WiFishFinder-v0.2 # wifishfinder --test --client 00:11:22:33:44:55 -v ath0

Wi-Fish Finder (Beta v 0.2)
Security Assessment Tool for WiFi Clients
(c)2009 Md Sohail Ahmad, Prabhash Dhyani, AirTight Networks
===========================================================

CH 0 [ Elapsed: 6 mins ][ 2011-03-07 13:53]

STATION AUTH ENC Security-Posture MODE Probed SSID

00:11:22:33:44:55 WPA2-802.1x CCMP Secure Infra Test-WPA2-1X-AES
--:--:--:--:--:-- WPA2-PSK CCMP Secure Infra Test-WPA2-PSK-AES
--:--:--:--:--:-- WPA1-802.1x CCMP Secure Infra Test-WPA-1X-AES
--:--:--:--:--:-- WPA1-802.1x TKIP Secure Infra Test-WPA-1X-TKIP
--:--:--:--:--:-- WPA1-PSK CCMP Secure Infra Test-WPA-PSK-AES
--:--:--:--:--:-- WPA1-PSK TKIP Secure Infra Test-WPA-PSK-TKIP
--:--:--:--:--:-- -Open OPEN Vuln (Unencrypted) Infra Test-OPN
--:--:--:--:--:-- WPA2-802.1x CCMP Vuln (PEAP Attack) Infra Test-PEAP-Vulnerable
--:--:--:--:--:-- WPA2-802.1x TKIP Secure Infra Test-WPA2-1X-TKIP
--:--:--:--:--:-- WPA2-802.1x CCMP Vuln (PEAP Attack) Infra Dionis
--:--:--:--:--:-- WEP-Open WEP Vuln (WEP Cracking) Infra TestCaffeLatte
--:--:--:--:--:-- ---- ---- Trying... Infra cuckoo
--:--:--:--:--:-- WPA2-PSK TKIP Secure Infra Test-WPA2-PSK-TKIP
--:--:--:--:--:-- WEP-SKA WEP Vuln (WEP Cracking) Infra Test-WEP-SKA
--:--:--:--:--:-- WEP-Open WEP Vuln (WEP Cracking) Infra Test-WEP-OPN

[LPhifer]

WiFish-Finder and EAPEAK are both interesting and useful pentest tools, but with somewhat different goals and methods.

WiFish-Finder assesses client vulnerabilities by actively interacting with specified clients to learn the SSIDs each is willing to associate with and highlight known vulnerabilities for accepted SSID/auth method. Try running this tool against a iPhone, for example. This can be a real eye-opener about networks remembered from past connections, and how saved SSIDs leave clients vulnerable to "phishing" by ETs or ad hocs.

EAPEAK appears to start with a packet capture and passively analyze EAP handshakes to identify live APs/SSIDs represented in the capture, the clients that associated to them, the EAP methods those clients and APs were willing to accept, and any EAP user IDs/passwords that were exposed. I'd want to run this tool to assess my network's security posture and EAP-related vulnerabilities. Looking forward to learning more when EAPEAK is actually released.

Good to see folks looking more closely at these kinds of vulnerablities and exposures, with an eye towards finding and fixing them before some else takes advantage of them!

[LPhifer]

Here's an excellent in-depth analysis on PSK cracking, including PSK composition/length and time to crack with various tools and platforms:

http://www.tomshardware.com/reviews/wireless-security-hack,2981.html

For specifics on cloud-based cracking, visit these pages:

http://www.tomshardware.com/reviews/wireless-security-hack,2981-9.html
http://www.tomshardware.com/reviews/wireless-security-hack,2981-10.html

If you read nothing else, visit the article to read author Andrew Ku's rationale for these recommendations:

* Avoid words from the dictionary.
* Avoid words with numbers appended at the end.
* Avoid double words or simple letter substitution.
* Avoid common sequences from your keyboard.
* Avoid common numerical sequences.
* Avoid anything personally related.

Better yet, see the table Total Search Time Assuming 1 Million WPA Passwords/Second (Cost using EC2 Reserved Rate). This makes it abundantly clear why min 8 character mixed-case alphanumeric passwords are so often recommended.

The author's bottom line:

Besides using a unique SSID, a WPA password should follow the following rules:
* Fully random
* At least eight characters in length.
* Contain at least one upper-case letter
* Contain at least one lower-case letter
* Contain at least one special character, such as @ or !
* Contain at least one number

IMO, sound advice - backed by ample and unusually detailed evidence.