Cracking WPA keys in the cloud
At the forthcoming Black Hat conference, blogger Thomas Roth plans to demonstrate how weak WPA PSKs can be cracked quickly and easily using Amazon's Elastic Compute Cloud (EC2) service. Last November, Roth had already caused a stir when he used Amazon's EC2 to launch an attack on SHA-1 hashes. Amazon had added "Cluster GPU Instances", an option for fast calculations, last November and even before that, EC2 had already been used for cracking passwords.
In his latest tests, Roth said that (after obtaining consent) he cracked his neighbour's WPA password in 20 minutes using a dictionary attack and a list of 70 million words. The attack only required one instance of Roth's self-made Cloud Cracking Suite (CCS) tool running in the cloud. It reached about 50,000 PSKs/s.
Roth believes that an optimised version of his software could crack Pre-Shared Keys (PSKs) in six minutes. He said that at a price of $0.28 per minute per instance, the task would cost about $1.68 in total. While several instances in Amazon's cloud would increase the speed, the price would remain the same due to linear scaling. Roth said that his project is intended as a wake-up call for administrators who think that WPA is uncrackable.
The developer plans to release his tool in the near future. Those who have trouble using it can try the WPA Cracker service. For $17, the service operators use 400 cloud CPUs to launch a dictionary attack on a WPA key. The attack is based on a list containing 135 million entries which can be extended to include such optional extras as a German dictionary or an extended English language word list (284 million entries).
However, dictionary attacks are currently the only practical method for cracking WPA keys. Unlike WEP, WPA does not contain an implementation vulnerability that allows a key to be derived using collected data. Therefore, the rule for secure WPA passwords is that they should be long and complex – and not contained in any word list. The minimum password length of eight characters specified in the WPA standard is definitely insufficient.
Attackers can generally also try their luck with a brute force attack. But, "A brute force attack on long passwords of suitable complexity can't be completed successfully within a reasonable time despite the high speed", Roth wrote in an email to heise Security.
How long a tool would need to crack a password can be tested with Timothy Mullen's online password checker. The tool calculates the required time from the keyspace and the number of iterations a brute-force tool would need to arrive at the correct character combination.