[QCLUG] Recent article on Slashdot and VPN setup

[Chris Cooper]

The WPA2 standard is far from dead.  This only applies to WPA/WPA2 PSK
(Pre-Shared Key).  It has no effect on WPA-EAP (or any variation
thereof).  If you use a radius server for WPA Authentication, this
article means nothing.

Hardware assisted WPA-PSK cracking is nothing new.  coWPAtty (a
popular WPA cracking utility) already has support for FPGA hardware
acceleration.  What they did was simply alter the code to use the new
NVida API (the NVidia in API mode acts almost like an FPGA for the
heavy floating point math required by RC4 and AES encryption).

Back in May, Lockheed used the Playstation 3 Cell processor to do the same:
http://www.networkcomputing.com/blog/dailyblog/archives/2008/05/lockheed_breaks.html

This really isn't anything new, just a new application.  Even at that,
it is still just brute forcing.  This isn't like WEP where they found
design flaws that let them derive the keys.
Given enough processing power, any encryption is trivialized.  The
3DES standard once used by Linux crypt() is just as cryptographically
sound as AES.  The only difference is AES can use larger keys at the
cost of MUCH greater processing power.  This increases the time
required to exhaust the entire keyspace during a brute force attack.
As computers get faster and faster, and the average core count becomes
greater, all of our current encryption standards will become
trivialized, much the way 3DES has.

As Arron pointed out, it really just boils down to password strength.
A great password generator and site explaining password strength and
complexity is:
https://www.grc.com/passwords.htm



On Mon, Oct 13, 2008 at 10:11 AM, Arron Lorenz <arronlorenz@gmail.com> wrote:
> I also should mention that in Soviet Russia you don't crack WPA, WPA CRACKS
> YOU!!
>
> On Mon, Oct 13, 2008 at 10:07 AM, Arron Lorenz <arronlorenz@gmail.com>
> wrote:
>>
>> I read the article you mentioned and the method for cracking is still the
>> same method they just figured out that if you use hundreds/thousands of
>> networked pc's that it goes faster.
>> From the article:
>> "The 100-fold increase in speed is achieved with two GeForce GTX280's per
>> workstation"
>> Now that is two (2) Nvidia GTX 280's per workstation. They also said you
>> would need 20 of these workstations.
>>
>> They also mentioned in the article that:
>> "This will, of course, mainly affect simple ascii keys. And it will only
>> work against static keys; anyone using more complicated authentication
>> schemes will not be at risk for now. But since that takes a couple of extra
>> minutes when installing, smaller businesses or departments often skip
>> setting this up."
>> I hope that no one is using simple keys for their passwords. "abcd1234"
>> will be cracked quickly whereas "a^b#c$d*1.2,3?4" will take a lot longer.
>> original
>> article: http://securityandthe.net/2008/10/12/russian-researchers-achieve-100-fold-increase-in-wpa2-cracking-speed/
>> So I would say make sure your WPA keys are updated to a good password.
>> Make sure that you change it regularly (The Ron Popeil "Set it and forget
>> it" method of security is not good). Also don't put important financial data
>> over wireless. I also would make sure to not piss off anyone with $20,000 in
>> top of the line nvidia graphics cards.
>> Thanks,
>> Arron
>>
>>
>> On Mon, Oct 13, 2008 at 9:46 AM, Mark Riedesel <mriedesel@gmail.com>
>> wrote:
>>>
>>> Those ingenious Russians. I plan to be there!
>>>
>>> On Mon, Oct 13, 2008 at 9:18 AM, agamotto <agamotto@sbcglobal.net> wrote:
>>>>
>>>>        I read last night that apparently gfx cards can now be used to
>>>> hack WEP and WPA networks with relative ease.  Anyone coming to the meeting
>>>> tomorrow care to discuss setting up a VPN with the usual DSL or Cable
>>>> router/modem setup?  I am a bit confused as to where the VPN sits in terms
>>>> of setup.
>>>>
>>>>        I figured this might be a good discussion topic!
>>>>
>>>> _______________________________________________
>>>> QCLUG mailing list
>>>> QCLUG@qclug.org
>>>> http://qclug.org/mailman/listinfo/qclug
>>>
>>
>>
>>
>> --
>> From:
>> Arron James Lorenz
>> Reel to Reel Drive In
>> http://www.DavenportDriveIn.com
>> 563-579-7046
>
>
>
> --
> From:
> Arron James Lorenz
> Reel to Reel Drive In
> http://www.DavenportDriveIn.com
> 563-579-7046
>