[Sussex] WPA recent thread discussion
Steve Dobson
steve at dobson.org
Tue Oct 23 05:02:33 UTC 2007
Hi Paul
On Tue, 2007-10-23 at 02:20 +0100, paul wrote:
> About the recent WPA thread - it's not very secure in theory as you only
> have to catch a 4-way eapol which can easily be forced via a deauth.
> Once done, yes you need to perform a dictionary attack, and yes, the
> pass must be in the dictionary.
Agreed, if the secret is a word from a dictionary then WPA is
susceptible to cracking in a reasonable time frame. But that's a pretty
big 'if'. It's like saying that it is easy to steel a car if someone
leaves it with the doors unlocked and the keys in the ignition.
Enigma was only broken during the war because the German's used it
badly. If they had followed better procedures then Turin as the rest
wouldn't have stood a chance.
So I ran some numbers on trying to break WPA. If my brain is working at
this time in the morning (some please check my sums and my logic) then
WPA is safe.
> But, this isn't quite as difficult/unlikely as it sounds, though it can
> be time consuming - but then it's an offline attack anyway...
IIRC WPA has a 512 bit key. That means that there are 1.34 x 10^154
different possible combinations. Of course you don't have to check
every combination, you can stop when you find the right one. But on
average you'll need to check half as it is just as likely the the key
you're looking for is in the last 1,000,000 keys you try as it is to be
in the first 1,000,000.
So if you use a full 512 bit key then the average number of keys that
will need to be tried in a brute force attack is 1.34x10^153. That's a
very big number. Now if you can try 1,000,000 keys per second that
1.34x10^147 seconds on average to break a WPA key (still a big number).
Now the age of the universe is 13.7 billion years old. Using 31,553,280
as the number of seconds per year (60 x 60 x 24 x 365.2) the age of the
universe is only 432,279,936,000,000,000 seconds old (give or take) or
4.32 x 10^17. Yes that is a big number too, but it's not in the same
ball park as above.
So by my calculations it going to take, on average, something like
3.1x10^163 time longer than the universe is old to break WPA with a 512
bit key. I'll take those odds.
> Take a look around, the cowf group have prepared pre-computed tables
> (like shmoo's readily available rainbow tables) specifically for this
> task.
According to Wikipedia the OED 2nd edition includes definitions for over
600,000 words. Holding a look up table for every English word is
doable. But if you use a random 64 character string then the numbers
become impossibly large again.
1.34x10^154 different 512 bit keys require 6.86x10^156 bits of storage.
Again Wikipedia informs me that there is something like 10^80 atoms in
the observable universe. So you are going to have to have a very, very
large disk drive to store a lookup table to hold the full set of WPA 512
bit keys. I can't see that happening anytime soon. :-)
> There is also work in wpa2 ongoing...
> I'll fish out some links if you're interested.......
Yes please.
Steve
--
Steve Dobson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20071023/ba2b4c8e/attachment.pgp
More information about the Sussex
mailing list