The concept isn't new. In December 2009, "Moxie Marlinspike" launched WPA Cracker, a fee-based dictionary and brute-force cracking service; see my write up at the time. Elcomsoft offers commercial desktop distributed password cracking for preshared WPA keys—along with a host of other types of passwords—with GPU support, too. I interviewed Elcomsoft's chief a few months ago for the Economist, and he provided me piles of information about how difficult it is even with his software to crack well-designed password systems.
WPA/WPA2's weakness is in passphrase choice, something that's been known for years. Researcher Robert Moskowitz gave me permission way back in 2003 to publish a paper on this issue. It remains the most popular article in every year since. Because of how the passphrase conversion routine takes the text you enter for a WPA/WPA2 Preshared Key (PSK) "password" and turns it into a long hexadecimal key, it's susceptible to cracking—but only when the starting passphrase is very short or comprised of only words found in dictionaries (along with common substitutions, like zero for the letter o). The passphrase is combined with the network name (SSID), which has allowed various groups to create large, precomputed cracks of common words (so-called rainbow tables) using default SSID names. (Moskowitz had wanted every access point to ship with a uniquely created name to increase entropy. Apple does this.)
Based on Reuters description, we may have lost a character with Roth's method. That is, a formerly secure eight-character randomly created passphrase, a mix of letters, numbers, and punctuation, may now need to be nine characters for the next several years to assure unbreakability. I'm looking forward to more news.
That WPA/Amazon Crack Story
Atom Feed (xml)