Given the other easy exploits where I just plug into an Ethernet jack or use the old Evil Twin method, why do you think this WPA2-Enterprise helps?
Bob
Well, for anyone interested I finally tracked down a copy of the paper. I apologize in advance for the length of the following. To me it seems to be a somewhat flawed study, that really doesn't tell us much new other than we should probably be using PSK's that are larger than 25 characters. But that really isn't that new since the recommendation for some time has been to use a 64 digit hex when possible when using WPA2-PSK. If the equipment doesn't support that, use a 63 character random complex string.
The study talks about "At the beginning, the area was scanned-sniffed with 'Airodump' and then a deauthentication attack was made with 'Aireplay'. Through that, an instance of the PSK was caught. Finally, 'Aircrack' was attempting to reveal the secret password by using the instance of the PSK and matching it with every record of the dictionary." There's nothing really new there. Deauth attacks have been the staple of WPA2 cracking for some time now. They go on to say, "For these experiments we used a very big dictionary that consisted of 666,696 standard printable ASCII character records of various lengths." That's not really that large of a dictionary in comparison to the total possible values with a 63 ASCII character string. The list of passwords that they used in the study were all 25 characters or less, and most had very discernable patterns. Again nothing new, predictable patterns emulating dictionary words are a bad idea. Despite this, there was still one key that wasn't cracked due to not being in the dictionary. This makes me curious as to how they selected the character strings used in their passwords, and how they generated the dictionary since the un-cracked password was shorter than at least one of the cracked passwords, and had a discernable pattern.
The crux of their investigation seems to be as noted in the paper, "Hence, the adversary must have a dictionary consisting of all the different combinations of all the printable ASCII characters of all the possible lengths, in order to ensure that (s)he will be able to find the secret key." The researchers then go on to note that this would be 3.991929703310227e124 records and that "Thus, this procedure (that creates and searches the dictionary) will last several weeks using a simple computer, due to the required time which will be extremely high." And "To achieve this in a shorter time, it is advisable to use a supercomputer or a computer cluster. An alternative to that would be to use an FPGA." The primary issue with their premise is the shear mathematics of such an endeavor. Not only would it take considerably longer than "several weeks using a simple computer" to generate the desired dictionary, it appears to be computationally infeasible to do so with the technology currently available. Using a 63 ASCII character random PSK model, provides 63^95 possibilities, or 3.9499093906438035987384260712239e+124 ( a number slightly less than that quoted in the paper.) If we arbitrarily use 12 weeks as the value for "several weeks", to generate the required dictionary would require a computing power of at least 5.4424456991895442002017554993716e+117 Flops. The fastest computer system on the Earth is the Tianhe-2 capable of 3.386e+16 Flops. To generate the required dictionary in the stipulated 12 weeks would require 1.6073377729443426462497801238546e+101 Tianhe-2 equivalents. Moreover, It would require 3.6966480376553713252924523711473e+100 Tianhe-2 equivalents to generate the desired dictionary in a single year. Using cloud cracking doesn't significantly reduce the enormity of the issue either. The total combined computing power of all 500 systems in the Top500 is 309 Pflop/s, or 3.09e+17 Flops. Thus, it would take the combined computing power of all of theTop500 systems 4.0506496967048035354332158179304e+99 years to generate the required dictionary. It appears to me that their proposed method really just boils down to a good old fashioned brute force attack. The only real differenced is that they reference their Java based software which will ostensibly generate a dictionary for a stipulated length of keys using all 95 ASCII characters.
I apologize for all the large boring numbers, but unless I am missing something, it does not appear that they have really discovered anything new. Non-random, non-complex PSK values in WPA2 provide very little risk mitigation. Larger, random, complex values provide better risk mitigation, and at a certain point it becomes computationally infeasible to crack.
My recommendation for WPA2-PSK vulnerability mitigation remains the same after reading the paper. Download a copy of Bruce Schneier's Password Safe and use the key generator to generate a full length PSK. Better yet, if you can, use properly implemented WPA2-Enterprise.
Thoughts?
Rob

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic