A good network administrator knows that a strong Wi-Fi password is crucial. Some even put up with the hassle of regularly scheduled password changes. However, not everyone has a deep understanding of why it is dangerous to deviate from these procedures. Knowing how Wi-Fi passwords are compromised can help convince administrators to use and stick to these best practices. Having a basic understanding of brute-force cracking can help them select a password that will be resilient to this type of attack.
4-Way Handshake Attack
Clients connecting to a WPA2 Wi-Fi router will authenticate using what is called the “four-way handshake”. During this four-part conversation the client and the access point will negotiate the terms of the communication, determine the identity of the client, and check to see if the client is providing the correct password.
The problem is that during this negotiation an encrypted version of the password is passed around in public space. In other words, it is trivial for an attacker within signal range to record the encrypted password. Unfortunately, this type of attack is virtually impossible to prevent and tracking down the attacker can be just as difficult. For this reason, it would be prudent to assume everyone has your password (in the encrypted form). For the attacker to log in to the victim’s network they will need to decrypt the password. This task can range from easy to highly improbable depending on the strength of the original password.
To begin, an attacker will scan to find the details of the target Wi-Fi access point. Next, they will attempt to record the 4-way handshake as another legitimate client connects to it. This tactic can be carried out using a common laptop or mobile device and freely available software.
Once the attacker records this information they will then guess a password, calculate its WPA2 encrypted value, and compare that to the stolen encrypted password. They will repeat these steps until they find a match or give up trying. This process is known as “cracking”.
Rather than make these calculations by hand, attackers utilize special software and hardware to significantly speed up the rate at which they can guess passwords. Computer graphics cards are commonly used for cracking because they happen to be very fast at these types of computations. In one case researchers used 8 GPU cards in one computer to reach WPA2 cracking speeds of 4,788,600 passwords per second. Additionally, the resources of multiple cracking computers can be pooled together to reach even faster speeds.
4-Way Handshake Defense
A strong password is needed to defend against this type of attack, and the primary ingredient for a strong password is a large keyspace. “Keyspace” is a term that describes how many possible variations there are for a string of characters (such as a password). It is calculated by using the length of the string and the character-sets used. For example, the password ‘11’ has a keyspace of 100. This is because the password is using a numeric character-set and is two characters long.
An easy way to calculate keyspace is by using the following formula: (the number of possibilities for a single character) to the power of (the number of characters in the string). For example, the password ‘1a’ uses the numeric character-set and the lower-case character-set. Each character has 36 possibilities (10 + 26) and the length is 2 characters. Therefore, the keyspace of this password is 362, which equates to 1,296. A little better than the previous password but still weak. Luckily, WPA2 passwords require a minimum of 8 characters.
Keyspace grows exponentially as length and/or character-set diversity increase. To see this in action imagine an attacker is using a single NVIDIA GeForce GTX 760. This is a relatively affordable consumer-grade GPU. Despite this GPU being slightly outdated, the attacker is still reaching WPA cracking speeds of 47,919 passwords per second.
The password ‘87654321’ is numeric-only and 8 characters long. With a keyspace of only 100,000,000 our hypothetical attacker would be able to crack this one in under 35 minutes. As keyspace diversity is increased by adding lower-case, upper-case, and special characters, the strength of the this otherwise weak password increases dramatically.
|Password Length||Numeric||+ Lowercase||+ Uppercase||+ Special Chars|
|8||100 Million||2.8 Trillion||218 Trillion||6 Quadrillion|
|Cracking Time:||35 Minutes||681 Days||144 Years||4,033 Years|
At this point, one might be feeling comfortable with an 8-character Wi-Fi password that uses numbers, lower-case, upper-case, and punctuation. However, password length plays an important role as well. Check out how password length affects the strength of the same password from the previous example.
|Character-set||8 Characters||10 Characters||20 Characters||35 Characters|
|Numeric||100 Million||10 Billion||100 Quintillion||10 Decillion|
|Cracking Time:||35 Minutes||58 Hours||66 Million Years||66 Sextillion Years|
Even though WPA2 allows for up to 63 characters, it may not always be feasible for a company to use such a lengthy password. The goal is to balance usability with security. Keep your private Wi-Fi protected by choosing a password with a sufficiently large keyspace. Furthermore, ensure that your password is never eventually decrypted by changing it within a reasonable timeframe. These are your only lines of defense against the 4-way Handshake Attack.
A Note on WPA3
WPA3 has been announced and it promises several enhancements over WPA2 1. In WPA3 the four-way handshake method (PSK) is replaced with Simultaneous Authentication of Equals (SAE) protocol which claims to be “resistant to offline dictionary attacks” 2. Despite some skepticism being voiced in various forums, the fact of the matter is that WPA3 won’t be widely available any time soon. Hardware vendors are still in the process of incorporating this new technology into their products, and companies may not want to immediately use the new technology until it has proven itself for some amount of time.
Whether or not WPA3 truly solves offline password cracking remains to be seen. In either case knowing how the attack works and how to defend against it will help keep your data and assets safe.
For assistance protecting your IT/OT assets contact the experts at Revolutionary Security.
- All values are hypothetical estimations.
- Attackers also use “intelligent” dictionaries instead of guessing in succession. The use of easily-guessable or frequently-used passwords is never good security practice regardless of their length and complexity.
- The formula used to calculate cracking time: Keyspace / Cracking Speed = Seconds to crack all passwords in that keyspace.