
How I cracked my neighbor's WiFi password without breaking a sweat - laxk
http://arstechnica.com/security/2012/08/wireless-password-easily-cracked/
======
scott_s
_No doubt, this neighbor should have changed his password long ago, but there
is a lot to admire about his security hygiene nonetheless._

I think it's taken too much for granted that one _should_ change passwords on
a regular basis. If we assume that changing passwords more frequently means
that we are more likely to use more rememberable - and, thus, more guessable -
passwords, then perhaps this is not a fluke. Perhaps "pick a truly random,
long sequence and keep it for a long time" is not actually bad policy.

In short, I find it odd that the author unquestionably says his neighbor
should have had different password behavior, yet it was the only password he
couldn't crack. That's an opportunity to revisit assumptions.

~~~
Xurinos
One should change passwords on an irregular basis (a regular basis is weaker
protection than an irregular basis). This is just an additional layer of
security, not a perfection. If the password has ever been compromised, a
password change policy removes the key from bad hands. Discovered passwords
are not always immediately used; in many situations, they are stored for later
use, perhaps even sold/traded.

~~~
InclinedPlane
How often do you rekey your house?

~~~
electromagnetic
I put a keylock on my window and tripwired a claymore to my door. Problem
solved.

Edit: In all seriousness, wouldn't it be logical to keep records of all IP
addresses that attempt/login to the system. If you frequently see attempts
made from one IP address, or IP group (ISP block) then simply prevent them
accessing the login.

Further, for Wifi, wouldn't it be logical to record the MAC codes of computers
trying to access the network and if one you don't recognize is frequently
trying to access the system, simply block it.

It's not foolproof. Actually it probably is. It's not true security against a
determined person (proxies and MAC spoofing), but then a good password
protects you against fools and often not skilled individuals. A key logger on
an insecure computer clearly trumps any password.

~~~
nl
_In all seriousness, wouldn't it be logical to keep records of all IP
addresses that attempt/login to the system._

If you mean specific to WiFi, then no, it wouldn't be logical - often the WiFi
access point acts as a DHCP server and assigns an IP. If you mean more
broadly, then yes it would - see [1].

 _Further, for Wifi, wouldn't it be logical to record the MAC codes of
computers trying to access the network and if one you don't recognize is
frequently trying to access the system, simply block it_

No, MAC addresses are trivially spoofable (as you note), and in some cases I
believe this spoofing is automated. MAC blocking isn't a real security feature
at all.

[1] <http://www.fail2ban.org/wiki/index.php/Main_Page>

------
ctdonath
When addressing various physical home security issues, I came to the
realization that if a trained team of attackers equipped with body armor and
night vision broke into my home, the issue escalated beyond anything I could
sensibly prepare for.

The article reminded me of that. If someone attacks my home wifi with network
sniffing hardware, sophisticated password guessing tools, hours of planning
and execution, etc then, well, the issue escalated beyond anything I could
sensibly prepare for.

I realize these computing tools are easy to come by and not terribly hard to
use. Ditto body armor, night vision, and combat training. And if someone is
inclined to apply them against my pathetic existence, I'm screwed. Planning
for such events is pretty pointless, I have other things to do.

~~~
brigade
A physical assault carries a high chance of being noticed, and unless carried
out by law enforcement, a significant chance of being punished with jail time.
So it's not something that has a high chance of happening. Additionally, it's
hard to defend against, and you definitely _don't_ want to defend against a
SWAT team.

Whereas a bored teenage neighbor could attack your wireless network with a
very small chance of being detected. Or with a sensitive directional antenna
it doesn't even have to be your neighbor if the goal is just to sniff traffic.
Plus, the only cost to you in defending against this attack is entering a more
complex password on new devices. Stick a note on the fridge or choose a
phrase.

~~~
SiVal
I'm no security expert, but after I saw each new wifi password standard
cracked within days of its release, I stopped passwording my wifi and used a
little script I put on a home linux server to watch the router and if it
spotted any unrecognized MAC addresses getting an IP address from DHCP, it
would throw them out within a few seconds.

These days, I just turn on the MAC address filter that's built in to most wifi
base stations. Now, unless I've manually entered your MAC address into my
whitelist, my router won't connect you. My wifi shows up as "open" to any
machine that passes by, yet it won't connect.

Many (most?) of you know more about security than I do. How secure is the MAC
address whitelist approach compared to a password approach?

~~~
archon
I'm chagrined to admit that this simple approach didn't even occur to me. I'm
interested as well; are there any disadvantages to this?

~~~
rcxdude
It's a terrible way to secure a network. MAC addresses are easily spoofed, and
without encryption anyone can sniff your traffic anyway. Even using WEP is
better since then there's (usually) a requirement to see a connected client
for longer than a few seconds in order to break the encryption. The only
reasonable approach for a home network imo in practice is WPA2 PSK with a
decent password.

------
rel
You know, at the cost of $2,500 per year, (although I can't actually find
where to purchase the software) you'd probably be better to just YouTube some
kid's backtrack tutorial.

~~~
sil3ntmac
What software are you talking about? CloudCracker?

~~~
brown9-2
_Using the Silica wireless hacking tool sold by penetration-testing software
provider Immunity for $2,500 a year, I had no trouble capturing a handshake
established between a Netgear WGR617 wireless router and my MacBook Pro._

~~~
1_player
Using the aircrack-ng suite you can do it for free.

~~~
brown9-2
That's exactly what this article points out in the very next sentence after
the section I quoted.

------
koevet
I have successfully cracked a couple of Routers using Reaver. Reaver Leverages
a bug in WPS (wifi protected setup)
[http://arstechnica.com/business/2012/01/hands-on-hacking-
wif...](http://arstechnica.com/business/2012/01/hands-on-hacking-wifi-
protected-setup-with-reaver/) It's way faster than brute force or dictionary
attacks.

------
peterwwillis
People are still really surprised when I offer to crack their neighbors' wifi
passwords for them - "You can do that?". We've only been at it for over 10
years now.

------
ryanmolden
>What's more, WPA and WPA2 passwords require a minimum of eight characters,
eliminating the possibility users will pick shorter passphrases that could be
brute forced in more manageable timeframes

Should I point out that 'password' is 8 characters :) Have there been studies
done that attempt to test the hypothesis that when forced to pick passwords
that meet some arbitrary complexity threshold most common users pick things
like "password1"? I have a hard time believing most non-techies (heck, even a
lot of techies) pick secure passwords.

~~~
commandar
One of the things I try very hard to drive home to people is that WPA2 uses a
pass _phrase_ and not a password.

I highly encourage people to use something like a favorite movie quote or a
line from a book. Something like "Alas, poor Yorick! I knew him Horatio;" is
both harder to crack and easier for a _human_ to remember than something like
"v3$bk:j".

You're essentially taking natural language, which is something humans are
pretty adept at remembering, and turning it into a direct mnemonic for a more
complicated passphrase.

~~~
lotharbot
The problem with movie quotes and lines from books is that they're out there
in a database somewhere. That means they're not nearly as hard for a computer
to guess as you might think.

~~~
commandar
WPA2 keys hash the passphrase and the SSID.

The precomputed tables that make cracking WPA2 feasible have to not only
target passwords, but password+SSID combinations as a result.

I think you're grossly overstating the relative weakness of a longer
passphrase. The more obscure, the better, obviously, but the chances of any
given quote or phrase of any length appearing in a precomputed table are
relatively minimal.

More importantly, any variations in punctuation, capitalization, spacing, etc
would make a precomputed table worthless while still making the passphrase far
easier for a human to remember than a random string of 8 characters.

~~~
lotharbot
> _"variations in punctuation, capitalization, spacing"_

... have the same problem as a random string of characters. You have to
remember which letter it was you capitalized, where you put the semicolon in
place of the comma, and so on.

From a human-memorable standpoint, that's no better than using an actually
randomly generated passphrase. It's no better from a computer-guessable
standpoint, either. So instead of trying to create a new scheme for generating
passwords like "mangle a movie quote", you're better off just using the xkcd
method / passphra.se

~~~
commandar
>From a human-memorable standpoint, that's no better than using an actually
randomly generated passphrase.

Are you seriously arguing that "The quick brown fox Jumps over the lazy dog!"
is less human-memorable than "dlLejs$sAgkCnzklS%9sxckAAnvk"?

 _Any_ variation from what a precomputed table expects renders the table
useless.

>It's no better from a computer-guessable standpoint, either.

Besides the increased key space that has to be attacked?

~~~
lotharbot
> _"Are you seriously arguing that "The quick brown fox Jumps over the lazy
> dog!" is less human-memorable than "dlLejs$sAgkCnzklS%9sxckAAnvk"?"_

I didn't say "password", I said "passphrase". Something like "breath red long
provide" or "itself even willing establish".

If you're using memorable movie quotes or Shakespeare quotes or anything else
that you could find on wikiquote, your keyspace is going to be smaller than
what you get from stringing 4 random words together. You can try to grow that
keyspace by adding in variations, each of which will get you a few bits of
entropy, but those variations come at the cost of memorability.

It's counterproductive to start with a non-random phrase like a quote, and
then try to add randomness on top of it. If you want both entropy and
memorability, _use a randomly generated passphrase_ (via <http://passphra.se>
or by using dice and a dictionary) instead of piecemeal randomness-on-top-of-
non-random-quotes strategies.

~~~
commandar
>It's counterproductive to start with a non-random phrase like a quote, and
then try to add randomness on top of it.

The primary attack vector against WPA2 keys is via precomputed tables. If your
concern is about your SSID+passphrase combination appearing in one of these
tables, any variation whatsoever from the "canonical" version somebody might
pull from, say, a database of quotes is negated and they're forced back to
square one of a pure brute force attack which the increased key space makes
more expensive.

~~~
lotharbot
The point I'm trying to make here is that you can negate that attack vector by
just _using an xkcd-style passphrase_ , which always works, and which is
typically more memorable than a mangled quote.

The xkcd-style passphrase is simply better than ad-hoc solutions.

~~~
commandar
The thing is, your entire line of argument is predicated on the quote approach
being vulnerable to a dictionary-style attack. In order for that to be the
case, both the SSID and the _exact_ quotation used have to match, otherwise
the attacker is forced back into expensive brute force attacks. _Any_ unique
element, whether intentional or not, renders that vulnerability null.

The xkcd approach certainly works, but the arbitrary, random nature of it is
going to make it difficult for some people to remember. The quotation approach
is just leveraging the fact that people spend their entire lives using
language as a logical framework to simplify remembering things.

 _Either_ is going to be vastly more secure than a random string of
characters.

~~~
lotharbot
My line of argument is more complex than you give it credit for. It has 3
major components:

\- if you do not include "unique elements" (that is, you quote straight from
wikiquote or similar), a quote is _less secure_ than 4 random dictionary words
due to being subject to wikiquote-driven dictionary-style attacks.

\- if you include intentional and unique modifications, a quote from a public
work like a movie or play is _not particularly easier to remember_ than
something from passphra.se or similar. Once you have to remember what you
spelled/capitalized/punctuated in a nonstandard way, what have you really
gained?

\- if you include unintentionally unique elements (a word you always
misspell), or elements that aren't really unique (you always append the same
character), then your passphrase is vulnerable to a dictionary-like attack by
an attacker who has some knowledge of you, particularly one who you've told
your scheme to.

The key to the xkcd-style passphrase is that it remains secure even against an
attacker who knows how you generated it, and who knows your personal
tendencies. It's a completely universal, memorable, secure scheme.

Movie quotes are secure and memorable enough the majority of the time --
vastly more secure than using your kid's name, vastly more memorable than a
string of random characters. But it seems to me like you're advocating a
second-best security practice when we already have a best one.

~~~
commandar
>then your passphrase is vulnerable to a dictionary-like attack by an attacker
who has some knowledge of you, particularly one who you've told your scheme
to.

That's the thing right there: the difference in practical vulnerability all
but requires an attacker to have a certain level of omniscience and access to
a massive database of any conceivable permutation of any fragment you might
choose of a huge number of works.

>But it seems to me like you're advocating a second-best security practice
when we already have a best one.

I'm advocating what can be efficiently communicated to a non-technical user
that gets them to use something better than the short keys they'll tend to use
otherwise.

What's more likely to stick with a 40 year old office coworker that asks how
to secure their wireless network? A scheme that seems nonsensical on surface
that requires a comic and basic grasp of what a keyspace is to understand, or
the suggestion to "use a sentence from something you like that you'll easily
remember?"

Either one is going to stop all but the most determined of attackers. I don't
see the point in confusing the issue for them.

~~~
lotharbot
On the one hand, you're saying that it's a huge keyspace because you might
choose from such a huge number of works and there are so many possible
variations. My criticism of that _version_ of your idea is that those
variations are as hard to remember as random words.

On the other hand, you're telling people "use a sentence from something you
like", which is likely to result in only the smallest exploration of that
keyspace -- the most popular lines out of the most popular shows or movies,
with only a small number of capitalization or punctuation variants. If people
are going to pick things like "to be or not to be" or "I can kill you with my
brain", then you're suggesting something that's not particularly secure (and
may _already_ be contained in many dictionary attacks).

So the approach you advocate is fundamentally insecure, which you've argued
can be made secure by adding exactly the sort of measures that confuse the
issue for the people you say will benefit from the approach.

Here's an easier approach: tell people "anything you can find in a dictionary
or on a list of quotes, hackers already have on their computers. To make a
password hackers don't already know about, you need to put some random words
together." Then point them to passphra.se and tell them to hit "generate
another" until they get something they like. They can even add in more words
to make it more memorable, or mix their random words into a movie quote ("I
can melt you with my smoky vegetable universe", in River Tam's voice... creepy
and memorable.)

In other words, instead of starting with "memorable" and then trying (and
probably _failing_ ) to add enough entropy without sacrificing memorability,
start with enough entropy and then make it memorable.

------
rvid
You're also screwed if you have WiFi Protected Setup enabled (Its enabled by
default in most routers). Once can easily crack a WPA2 passphrase easily in a
few hours using a tool like reaver.

~~~
ohashi
Care to elaborate?

~~~
rvid
Look here: <http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf>

And here's a link to the tool: <http://code.google.com/p/reaver-wps/>

------
zerohm
I found this article to be a bit sensational. It should be titled, "how I paid
some experts to crack my neighbor’s Wifi." I’m not trying to dismiss the
threat, just put it in perspective. The use of these tools is either expensive
($2500 a year?) or requires a non-trivial amount of expertise (Aircrack-ng).

I did find the article linked within to be more interesting and informative.

[http://arstechnica.com/security/2012/08/passwords-under-
assa...](http://arstechnica.com/security/2012/08/passwords-under-assault/)

~~~
moxie
There's also an in-between. Many CloudCracker users employ tools like KisMAC
(which are fairly user-friendly) to get a capture, and then simply upload the
output to CloudCracker (also fairly user-friendly).

------
forcer
Don't really want to hijack this thread so feel free to downvote me if you
feel its not appropriate.

We launched a product that protects you from these attacks - more discussion
here - <http://news.ycombinator.com/item?id=4444478>

~~~
sil3ntmac
My review (of wifiprotector.com): dude, this looks like a virus. Spruce up the
page! Give me some screenshots! Please, let me trust you!

~~~
forcer
Thanks! The download link goes to CNET download.com where they make sure all
software is trusted. but I understand we should improve the page so people
actually feel reassured before they click on download.

~~~
mikle
I want to add to mock's point - I will trust you more if I could download it
from your site than from download.com. It has become such a dump that I
actively avoid visiting it. Why delegate the user experience of downloading
your products to someone whose interests don't align with yours?

~~~
forcer
OK. Point taken. We have done some A/B tests and see that download rate is the
same as from our website. The benefit of redirecting to download.com is that
with increased rankings we get more users who visit download.com. I know these
issues you said and I saw the articles on HN before. However, you can tell
download.com to stop injecting offers into the installer which we did and
there are no issues.

~~~
tjoff
_However, you can tell download.com to stop injecting offers into the
installer which we did and there are no issues._

How are your users supposed to know that?

Also, you are know asking your users to trust both you and CNET.

------
joshuahedlund
> To his chagrin, it took CloudCracker just 89 minutes to crack the
> 10-character, all-numerical password he used...

> Remarkably, neither CloudCracker nor 12 hours of heavy-duty crunching by
> Hashcat were able to crack the passphrase. The secret: a lower-case letter,
> followed two numbers, followed by five more lower-case letters

So an all-number password was easily cracked with this method, but a shorter
password with letters was untouchable?

Edit: I get that 10^10 is less than 36^8. I was more wondering how the cracker
assumes, without knowing already if it's all-numeric or not, that it should
try longer numerics before shorter alphanumerics and when it decides to give
up on the numbers. I guess it's just known to be more likely for a good number
of characters.

~~~
spicyj
Surprising considering that the latter has less than 2 bits more entropy.

~~~
ajross
By my math, a 10 byte sequence of decimal numbers has 33.2 bits of entropy,
while a 8 byte sequence of lower case numerals and decimals has 41.3 bits.
That's almost 300x as hard to crack.

There's also the issue of pattern heuristics. Number-only passwords seem like
they'd be common, and thus a reasonable pattern to try out to ~35 bits or so
(something that corresponds roughtly to "can be tried in a perceptively short
time"), but it's not as clear that there's a significant fraction of passwords
in the wild that use alphanumerics but no capitals. So they wouldn't try the
passwords from the 36-character alphabet, more likely using a slower heuristic
like things where the leading alpha character might be capital, or there might
be punctuation between "words", etc...

------
guilhermetk
>To capture a valid handshake, a targeted network must be monitored while an
authorized device is validating itself to the access point.

I think it's a really noob question, but how do you monitor a network if you
are not connected to it?

~~~
coob
The same way you tune into a radio station, these packets are in the air for
everyone to see.

Many wifi chips can be put into 'promiscuous mode' which allows them to
monitor a channel and capture all traffic on it.

------
phusion
As one of the comments mentions, you can bypass this whole step by using
Reaver, which attacks the WPS pin number instead of the encryption scheme.
It's not 100% and it takes 8-12 hours to complete, but it does work.

------
olalonde
> To his chagrin, it took CloudCracker just 89 minutes to crack the
> 10-character, all-numerical password he used, although because the passcode
> wasn't contained in the entry-level, 604 million-word list, I relied on a
> premium, 1.2 billion-word dictionary that costs $34 to use.

There are 10 billion (10^10) possible 10-character all-numerical passwords.
Can anyone explain how it was cracked using a 1.2 billion-word dictionary?

~~~
githulhu
Maybe they assume that a 10-number password is likely to be a phone number,
and so constrain the three most significant numbers to just valid US area
codes. Add in other rules, like the fourth digit never being a zero, etc...and
the space is pared down quite a bit.

------
laxk
Is there way to measure WiFi signal quality between router and connected
devices? any API on linux side? An easy generic protection can be done in the
following way (if there is api): Ban all unknown MAC addresses with WiFi
signal quality below the specific treshhold. In that case if hacker decides to
use fake MAC address he cannot fake signal quality on my side.

Does it work?

~~~
icebraining
You can measure the signal quality, but that doesn't buy you much. If you only
ban unknown MACs, then he can just clone yours, and signal quality is easy to
evade with a cheap (< $20) higher gain antenna.

In my home, I often get a better signal using my laptop with an external
antenna two walls from the AP than with my phone just a couple of meters away
from it.

------
stonefroot
re: MAC spoofing

I don't use WiFi as a matter of practice, but I'm curious: What if you could
keep all the "whitelisted" MAC's continually logged in to your network, or, at
least, you could keep track of when they log out. The idea being that MAC
spoofing is not possible if the particular MAC that the attacker wants to
spoof is currently logged in. This is generally true with Ethernet, correct?
Is this true with WiFi as well? (Assume the traffic is encrypted.)

And in fact, it seems this guy's hack relies on someone "rejoining" the
network, triggered by a deauth frame. Without that "rejoining" step, I don't
think he could get very far. If his target is continually connected, and
there's no way to force a "rejoin", and all the traffic is encrypted, then
what can he do? The problem to me sounds like the fact that someone can send a
"deauth" frame and have it be accepted, and the Apple Mac gives no warnings
that the connection underwent a "rejoin".

------
smackfu
I would place good money that most AT&T wireless routers (SSID = 2WIREXXX) are
using the same 10-digit password that is printed on the sticker on the unit.
Yes, it's more secure than the old days of a default password being "default"
or "admin" but not so great if 10-digit passcodes are easily broken.

~~~
moxie
It's a pretty big keyspace, but not quite big enough these days. I haven't
noticed any lack of uniformity across it, but I don't really have enough
samples yet to be sure. We have a dictionary specifically for those devices,
just because they're so common:
<https://www.cloudcracker.com/dictionaries.html>

~~~
smackfu
Very cool. The obvious question I have after looking at that is why the
largest 2WIRE dictionary has 4.8 billion entries when the keyspace is 10
billion. Is the keyspace really not all 10 billion, or is there a 50% chance
my key won't be in the dictionary?

~~~
moxie
Yep, 50% chance of success. I'll probably be able to adjust this to 100% in
the coming months, but in the current setup that's the maximum space we can
cover for our estimate of the maximum price elasticity.

------
mgualt
A couple of naive questions about the design of the security system:

1\. Why is it possible to do the password tests remotely? Why would the key on
the router be allowed to be transmitted? Even a 6 character password should be
safe if you don't allow multiple tries.

2\. Why isn't the handshake protocol encrypted?

~~~
jdthomas
1\. The attack is to brute force the shared secret (password). This can be
done offline because by capturing the exchange you have the ANonce and SNonce
and all other information required to generate the same key -- except the
shared secret. Try lots of passwords and check if you generate the same PTK as
the two stations do.

2\. Encrypted with what? This is the key exchange stage that is attacked here.

802.11w adds signing to management frames which eliminates the deauth attack
-- makes it harder to capture the EAPOL frames. Also, IIRC, WPA2-enterprise
would not be susceptible to this sort of attack; you've pre-shared a key
rather than a (short) password for generating one.

edit: spelling

~~~
caspianm
Password authenticated key exchange should do what we want. I was hoping WPA2
would have have used it already.

[http://en.wikipedia.org/wiki/Password-
authenticated_key_agre...](http://en.wikipedia.org/wiki/Password-
authenticated_key_agreement)

------
frankus
My strategy is to use a human-readable password for my guest network (which I
actually considered leaving completely open), and a crazy-long random password
that I copy and paste from my password manager for my internal network.

~~~
robertskmiles
Why did you decide not to leave it open?

~~~
frankus
I felt like it would make me responsible for monitoring it for abuse.

It could be something as innocent as a cheapskate neighbor using enough
bandwidth to run afoul of my cap, or someone using it for nefarious purposes
either on a continuous or drive-by basis.

------
recursive
The only reason I even have a password is on my router is that it crashes more
often under traffic if I leave it open. I intentionally made the password easy
to guess.

------
chadyj
What is the command for aircrack-ng to generate the pcap file with the
handshake?

(For those curious mac users, you can simply type "brew install aircrack-ng")

~~~
eli
Note that (I think) Apple typically uses Broadcomm wireless chips, which are
not the best choice for this sort of thing.

~~~
chadyj
So far I have been using Macstumbler in passive mode, but it takes a long
time. So far I have only hacked my own test 12345 password

------
X-Istence
That is why a passphrase is so important. No longer it is a dictionary word,
now it is multiple dictionary words together.

~~~
debacle
Was it correct battery horse staple or battery horse correct staple?

I use passphrases almost exclusively. The key is picking words at random -
phrases are easy to guess, though sometimes I pick them because, to me,
they're easy to remember.

"Areyouopposingshadowmoon?" is an incredibly secure password, and it's very
likely that no one would ever 'guess' that phrase, but it's also highly easy
to remember (because 1997 engrained it into my head).

~~~
X-Istence
I use things I remember from movies/books. Stuff that has always stuck in my
head to the point that there is no way for me to forget it.

------
nickpresta
So what do I run now instead of Kismac, since it doesn't support anything >
10.7.2? Aircrack with some GUI frontend?

~~~
gjulianm
A Linux distro.

Don't get me wrong, this isn't an anti-apple rant: I've myself tried to my
Macbook laptop to learn aircrack and finally desisted. The most important
tools, airodump and aireplay, don't work in Mac, even if you have an
injection-capable card.

Your best option is try with Linux either in your Mac (I think Backtrack has a
Live CD so you don't have to install anything) or in a non-Apple PC.

~~~
syassami
& A simple remedy for staying on your mac is to use a wireless dongle (USB)
that supports packet injection. It's extremely simple to set up in backtrack.

------
pc86
Am I the only one that's bothered by seeing that red dotted underline for
ANonce, SNonce and Ack?

~~~
smackfu
No, you would think an editor would notice that kind of thing.

------
praveenhm
This is very interesting read.

