Networking & Wireless forum

General discussion

Tsitroulis, Lampoudis, Tsekleves Follow on

by roboster2013 / February 24, 2015 3:55 AM PST

Well, for anyone interested I finally tracked down a copy of the paper. I apologize in advance for the length of the following. To me it seems to be a somewhat flawed study, that really doesn't tell us much new other than we should probably be using PSK's that are larger than 25 characters. But that really isn't that new since the recommendation for some time has been to use a 64 digit hex when possible when using WPA2-PSK. If the equipment doesn't support that, use a 63 character random complex string.

The study talks about "At the beginning, the area was scanned-sniffed with 'Airodump' and then a deauthentication attack was made with 'Aireplay'. Through that, an instance of the PSK was caught. Finally, 'Aircrack' was attempting to reveal the secret password by using the instance of the PSK and matching it with every record of the dictionary." There's nothing really new there. Deauth attacks have been the staple of WPA2 cracking for some time now. They go on to say, "For these experiments we used a very big dictionary that consisted of 666,696 standard printable ASCII character records of various lengths." That's not really that large of a dictionary in comparison to the total possible values with a 63 ASCII character string. The list of passwords that they used in the study were all 25 characters or less, and most had very discernable patterns. Again nothing new, predictable patterns emulating dictionary words are a bad idea. Despite this, there was still one key that wasn't cracked due to not being in the dictionary. This makes me curious as to how they selected the character strings used in their passwords, and how they generated the dictionary since the un-cracked password was shorter than at least one of the cracked passwords, and had a discernable pattern.

The crux of their investigation seems to be as noted in the paper, "Hence, the adversary must have a dictionary consisting of all the different combinations of all the printable ASCII characters of all the possible lengths, in order to ensure that (s)he will be able to find the secret key." The researchers then go on to note that this would be 3.991929703310227e124 records and that "Thus, this procedure (that creates and searches the dictionary) will last several weeks using a simple computer, due to the required time which will be extremely high." And "To achieve this in a shorter time, it is advisable to use a supercomputer or a computer cluster. An alternative to that would be to use an FPGA." The primary issue with their premise is the shear mathematics of such an endeavor. Not only would it take considerably longer than "several weeks using a simple computer" to generate the desired dictionary, it appears to be computationally infeasible to do so with the technology currently available. Using a 63 ASCII character random PSK model, provides 63^95 possibilities, or 3.9499093906438035987384260712239e+124 ( a number slightly less than that quoted in the paper.) If we arbitrarily use 12 weeks as the value for "several weeks", to generate the required dictionary would require a computing power of at least 5.4424456991895442002017554993716e+117 Flops. The fastest computer system on the Earth is the Tianhe-2 capable of 3.386e+16 Flops. To generate the required dictionary in the stipulated 12 weeks would require 1.6073377729443426462497801238546e+101 Tianhe-2 equivalents. Moreover, It would require 3.6966480376553713252924523711473e+100 Tianhe-2 equivalents to generate the desired dictionary in a single year. Using cloud cracking doesn't significantly reduce the enormity of the issue either. The total combined computing power of all 500 systems in the Top500 is 309 Pflop/s, or 3.09e+17 Flops. Thus, it would take the combined computing power of all of theTop500 systems 4.0506496967048035354332158179304e+99 years to generate the required dictionary. It appears to me that their proposed method really just boils down to a good old fashioned brute force attack. The only real differenced is that they reference their Java based software which will ostensibly generate a dictionary for a stipulated length of keys using all 95 ASCII characters.

I apologize for all the large boring numbers, but unless I am missing something, it does not appear that they have really discovered anything new. Non-random, non-complex PSK values in WPA2 provide very little risk mitigation. Larger, random, complex values provide better risk mitigation, and at a certain point it becomes computationally infeasible to crack.

My recommendation for WPA2-PSK vulnerability mitigation remains the same after reading the paper. Download a copy of Bruce Schneier's Password Safe and use the key generator to generate a full length PSK. Better yet, if you can, use properly implemented WPA2-Enterprise.



Discussion is locked
You are posting a reply to: Tsitroulis, Lampoudis, Tsekleves Follow on
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Tsitroulis, Lampoudis, Tsekleves Follow on
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
by R. Proffitt Forum moderator / February 24, 2015 3:58 AM PST

Given the other easy exploits where I just plug into an Ethernet jack or use the old Evil Twin method, why do you think this WPA2-Enterprise helps?

Collapse -
by roboster2013 / February 24, 2015 4:07 AM PST
In reply to: DOA?

Hi Bob,

The key is properly implemented. I'm specifically referring to using EAP-TLS with mutual authentication. Using certificate based authentication where the server authenticates the client, and the client authenticates the server mitigates the evil twin attack.


Collapse -
Evil Twin still works.
by R. Proffitt Forum moderator / February 24, 2015 4:13 AM PST
In reply to: WPA2-Enterprise

Mind you I own a Hak5 Pineapple so it was easy to log names and passwords. Folk continue to fall for it.

Just toss up the Pineapple and name it similar to the secure spot and folk will connect and try it.

Nothing easier today.

The Ethernet jack is also great for most networks. Just plug in your own WAP and you're connected to their LAN. Remember the first rule of security? It's physical.

Collapse -
by roboster2013 / February 24, 2015 4:25 AM PST
In reply to: Evil Twin still works.

Yes, you're right. The first rule is physical, which is why I use port security on my switches. Although, even in my pre-caffinated morning state, I think I might notice if you snuck into my home and connected a rogue AP to my network. Wink And, if it's NSA or FBI doing a black bag job, I have bigger problems to worry about than my wireless security. Wink EAP-TLS uses certificates, not usernames and passwords. Again, mutual certificate validation is important to thwart the evil twin.


Collapse -
How did you know about my black bag?
by R. Proffitt Forum moderator / February 24, 2015 4:44 AM PST
In reply to: Physical

One of the continued issues about all this is it's not secure enough. Due to US gov export restrictions any security that's too good is hounded off the market. There are lots of examples about this such as Lavabit's story.

The evil twin or rather a hotspot that is similar to name of your secured WiFi continues to be where I get the best demo of the issues. Not only must you secure your WiFi and ports but all it takes is one user to connect and fall for it.

Collapse -
Technical controls
by roboster2013 / February 24, 2015 6:49 AM PST

I'm sure that you do. Technical controls can only go so far. The weak link will always be the user because a single click can undo all the layers of technical controls that one puts in place.

Collapse -
Or update our tools. LINSET?
by R. Proffitt Forum moderator / February 24, 2015 7:04 AM PST
In reply to: Technical controls
Collapse -
by roboster2013 / February 24, 2015 7:33 AM PST

I have virtual instaces of various distributions on one of my devices. I may create a new one for Kali to check it out. BTW, which tools do you use?

Collapse -
So far, just the hardware method works so well.
by R. Proffitt Forum moderator / February 24, 2015 7:38 AM PST
In reply to: Kali

It's more of a wakeup call for companies that think they have their network locked down.

Collapse -
by roboster2013 / February 24, 2015 7:49 AM PST

Yeah, without proper physical port security, any drop is an open gangway for a rogue device.

Collapse -
(NT) Did you ever use/see/read about the HAK5 Pineapple?
by R. Proffitt Forum moderator / February 24, 2015 7:52 AM PST
In reply to: Hardware
Collapse -
by roboster2013 / February 24, 2015 8:00 AM PST

I've read some about it. I know it figured prominently at this past Def Con.

Collapse -
Kali take 2
by roboster2013 / February 24, 2015 7:35 AM PST

That should have read I have virtual instaces of various Linux distributions on one of my devices. I may create a new one for Kali to check it out. BTW, which tools do you use? More coffee please. Wink

Collapse -
by roboster2013 / February 24, 2015 4:02 AM PST

That should have read 95^63 not 63^95. My fingers aren't cooperating today. Wink

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.