November 15th, 2005

Steve Gibson weighs in on WPA-PSK keys

Posted by George Ou @ 2:04 am

Categories: Mobile/Wireless, Networking, Security

Tags:

When I got an email from a gentleman pointing me to a link where the great Steve Gibson weighed in on my blog about sufficient key lengths for WPA-PSK keys, I knew I had to brace myself for a good old fashion can of WA.  Little did I know that my blog from editor’s hell which required four edits had an infectious quality to it that even proved Steve Gibson a mortal.  In any case, it’s three of my mistakes compared to Gibson’s one so it’s not like I have anything to gloat about.  But in all seriousness, I have the utmost respect for Mr. Gibson and I’m going to address some of his points.

Gibson first questions my premise that WPA-PSK pass phrase cracking programs check possible WPA-PSK keys at approximately 100 keys per second on a fast PC and states that he could probably make it significantly faster.  While I have no doubt that Gibson can deliver on such a promise because of his superb programming skills in raw assembler, the 100 keys per second figure is based on a publicly available tool (by Joshua Wright) which happens to be the fastest WPA-PSK cracking tool I know of.

Then Gibson went on to say (which he later took back) that it would be possible to generate a pre-computed master table that makes it extremely fast to search for weak WPA-PSK keys.  In a subsequent post soon after his original post, Gibson corrected himself and stated that such a pre-computed master table was not possible due to the solid design of the WPA-PSK standard.  To clarify the situation further, Joshua Wright did point out to me that the WPA-PSK uses the SSID as the SALT to prevent the ability to generate pre-computed tables.  What this means is that it is possible to generate a pre-computed table for a given SSID of a Wireless LAN which means it’s a good idea to throw in some randomness for the SSID name you give to your Wireless LAN.  Furthermore, pre-computing the fast cracking table takes a just as long (100 keys per second) to compute in the first place unless you start using some of the newer dual-core processors, expensive hardware floating point accelerators, a massive bank of PCs (perhaps hijacked as David Berlind pointed out), or if Gibson writes an Assembler optimized version of a WPA-PSK cracker.  But even with these additional factors thrown in, bumping up the WPA-PSK pass phrase from 8 alphanumeric characters to 10 alphanumeric characters with a few capitol letters thrown in will make the cracking exercise almost about 298 thousand times more difficult.

Now this debate in WPA-PSK key selection is definitely interesting, but it really wasn’t the point of my original blog.  My point was not to make a recommendation for a WPA-PSK key that was technically "unbreakable", but to make a recommendation for a key that was very infeasible to break for a home network.  Brute forcing cryptographic keys is only interesting from a top secret or academic standpoint.  Brute forcing a random 8 character alphanumeric WPA-PSK key for a home is a fool’s errand because there are infinitely cheaper and easier ways to penetrate a home network by some other means.

The real reason for my blog was to address the pathetic penetration of WPA in the home.  If you look at the results from that poll, you’ll see that most people are still using WEP while many others were opting for one of the myths in Wireless LAN security.  My purpose was to make WPA-PSK reasonably safe while trying not to intimidate the end users.  Microsoft even offers this tool for automatically setting up a USB key with a long random key and an automatic secure wireless profile installer.  That’s great if you have a USB key available, but that may not always be an option.  There are many other ways which are definitely more sound from a cryptographic standpoint, but what good is it if people don’t want to use it because it’s too hard?  The real challenge is to get people to use WPA at all.