At least somebody else shares the same low view I have of Malcom Gladwell, journalist for The New Yorker who has written the best selling books: >The Tipping Point, Blink, and Outlier. If any situation deserved the analogy "the emperor has no clothes", this would be it. These books sound deep and insightful, but have absolutely no worthwhile content.
These books ride the recent wave of scientific mysticism. On one hand, they tackle their topic with the scientific view that there is a natural explanation for everything, that there is nothing divine or spiritual. On the other hand, the theories and explanations are all made up with the same scientific rigor that astrologists use.
The genre of scientific mysticism isn't completely bogus. Richard Dawkin proposed the idea of a "meme" back in 1976 with his book "The Selfish Gene". What makes Dawkins work different than Gladwell's is that Dawkins is a scientist, and he uses real science to discuss his idea.
How do we recognize phony mysticism? How do we recognize when the emperor has no clothes? How do we get to the naked truth of things? Well, it's actually a straight forward application of the scientific method. Unfortunately, while students are taught to believe blindly in science (like evolution), they are never taught what the scientific method actually is. I suppose someone could write a book called "Naked" that would teach science, but it wouldn't sell well. People buy these books because they want to believe in mysticism, so they aren't going to buy anything that debunks it.
Sunday, November 30, 2008
Wednesday, November 12, 2008
Graphics cards are for cracking
I finally got around to testing Elcomsoft's WPA password cracking. If you'll remember, Elcomsoft announced last month that they could use the graphic card to crack WPA passwords 100 times faster than with a normal processor. I found it’s not 100 times faster, but the acceleration is significant enough that if you do WiFi pentesting, you should probably get a graphics card to speed this up.
I ran their software on a number of systems. A screen shot of the results are below:
The systems are:
I tried out some other processors as well. Intel has shipped a new extremely-mobile processor (intended for cell-phones) called the "Atom". It has roughly a tenth the CPU power of the desktop processor.
A tested the MacBook Air. Its graphics accelerator is actually slower than the built-in processor. Its 9400m GPU only does 178 hashes-per-second, but the Core 2 Duo could do around 400 hashes-per-second.
Graphics cards work by having a lot of tiny/simple processors. Here is a breakdown of some typical processors:
In theory, the speed of the cracking software should correlate with the frequency multiplied by the number of cores. The card to get right now is probably the 9800 GX2. I just ordered one from Newegg for $274. It puts two chips together on a single card, which should make it faster (as well as cheaper) than the GT260. I spent another $200 to get a system to go around it.
Elcomsoft currently cannot handle different cards. Therefore, when cracking software on a MacBook Pro (which has a 9400m and a 9600m), you won’t be able to use both simultaneously.
I ran their software on a number of systems. A screen shot of the results are below:
The systems are:
- "Core2Duo-GT260" is a nVidia GT260 GPU, w/ Core 2 Duo 3.0-GHz
- "Core2Quad" is a Core 2 quad 2.4-GHz.
- "EEE901" is an an Intel Atom 1.6-GHz dual-threaded.
- "MacBookAir" is using the nVidia 9400m GPU, w/ Core 2 Duo 1.86-GHz
- "Pentium3-400MHz" is using Intel Pentium III 400MHz single core CPU
I tried out some other processors as well. Intel has shipped a new extremely-mobile processor (intended for cell-phones) called the "Atom". It has roughly a tenth the CPU power of the desktop processor.
A tested the MacBook Air. Its graphics accelerator is actually slower than the built-in processor. Its 9400m GPU only does 178 hashes-per-second, but the Core 2 Duo could do around 400 hashes-per-second.
Graphics cards work by having a lot of tiny/simple processors. Here is a breakdown of some typical processors:
In theory, the speed of the cracking software should correlate with the frequency multiplied by the number of cores. The card to get right now is probably the 9800 GX2. I just ordered one from Newegg for $274. It puts two chips together on a single card, which should make it faster (as well as cheaper) than the GT260. I spent another $200 to get a system to go around it.
Elcomsoft currently cannot handle different cards. Therefore, when cracking software on a MacBook Pro (which has a 9400m and a 9600m), you won’t be able to use both simultaneously.
Friday, November 07, 2008
WPA2 is not next on the chopping block
Researchers have announced they can crack WPA in 12-minutes. Some people wonder if WPA2 will soon be next.
It won't be. WPA was always known to be a weak hack, WPA2 has always been known to be secure. The reason for the compromise was that that hardware didn't support the AES encryption in WPA2, so a weaker crypto was needed to fix the obvious flaws with WEP without requiring a hardware upgrade.
The original WEP was based upon the RC4 encryption algorithm. RC4 is a fine algorithm, it's still used today for SSL today. However, it's a "stream cipher" that needs a unique key per stream. That's why it works for SSL and not WiFi: SSL is one long stream whereas WiFi is a bunch of individual packets. RC4 cannot be used for encrypting packets, just streams.
RC4 was baked into the WiFi chips. The correct fix for the WEP-crack problem was to replace RC4 with a "block cipher", namely AES. However, you couldn't get rid of all the hardware in the field. Therefore, an interim solution that still used RC4 was created. The fix was to include a sequence number in each packet, and mix the sequence number with the WEP key to create a unique per-packet key. This was called "TKIP".
Both solutions were standardized at the same time. The WPA certification required TKIP, but made AES optional. The WPA2 certification required AES. We use these terms WPA-RC4-TKIP interchangeably and WPA2-AES-CCMP interchangeably, but technically they refer to different things (the standard, the encryption, and the keying method respectively).
Even as the compromised was reached, everyone knew WPA-TKIP was going to be hacked eventually. Cryptographers have a good nose for such things, and even while they couldn't immediately figure out a way to crack this, they knew it would probably be hacked in time.
However, everyone had full confidence in AES. There are no weakness in AES or the WPA2 standard based upon it. It's going to last for the next 20 years. It's security we can rely upon (at least, as far as encryption goes - there are still issues with authentication).
As a side note, the author of this new attack is Erik Tews. He is the 'T' in the "PTW", the latest and greatest attack on WEP. The original WEP crack required millions of packets and a lot of CPU time to crack. However, this evolved quickly with better and better methods. PTW is the latest and best method so far. It requires only 40k packets and a few seconds of CPU time. Therefore, we can trust this method will probably work, although there might be caveats (such as man-in-the-middle attacks on TKIP packets).
The moral of the story is that you should always have been planning WPA2-AES-CCMP eventually, and been planning to rely upon that for many years. If you planned to only do WPA-RC4-TKIP, then you were wrong.
EDIT: This Ars Technica story interviews Erik Tews and clarifies that the attack doesn't break the key, but instead only allows you to inject a few small packets.
EDIT: The "chop-chop" attack works because RC4 encrypts by XORing against a keystream. AES doesn't do that, it encrypts blocks directly, so chop-chop attacks won't work against it.
It won't be. WPA was always known to be a weak hack, WPA2 has always been known to be secure. The reason for the compromise was that that hardware didn't support the AES encryption in WPA2, so a weaker crypto was needed to fix the obvious flaws with WEP without requiring a hardware upgrade.
The original WEP was based upon the RC4 encryption algorithm. RC4 is a fine algorithm, it's still used today for SSL today. However, it's a "stream cipher" that needs a unique key per stream. That's why it works for SSL and not WiFi: SSL is one long stream whereas WiFi is a bunch of individual packets. RC4 cannot be used for encrypting packets, just streams.
RC4 was baked into the WiFi chips. The correct fix for the WEP-crack problem was to replace RC4 with a "block cipher", namely AES. However, you couldn't get rid of all the hardware in the field. Therefore, an interim solution that still used RC4 was created. The fix was to include a sequence number in each packet, and mix the sequence number with the WEP key to create a unique per-packet key. This was called "TKIP".
Both solutions were standardized at the same time. The WPA certification required TKIP, but made AES optional. The WPA2 certification required AES. We use these terms WPA-RC4-TKIP interchangeably and WPA2-AES-CCMP interchangeably, but technically they refer to different things (the standard, the encryption, and the keying method respectively).
Even as the compromised was reached, everyone knew WPA-TKIP was going to be hacked eventually. Cryptographers have a good nose for such things, and even while they couldn't immediately figure out a way to crack this, they knew it would probably be hacked in time.
However, everyone had full confidence in AES. There are no weakness in AES or the WPA2 standard based upon it. It's going to last for the next 20 years. It's security we can rely upon (at least, as far as encryption goes - there are still issues with authentication).
As a side note, the author of this new attack is Erik Tews. He is the 'T' in the "PTW", the latest and greatest attack on WEP. The original WEP crack required millions of packets and a lot of CPU time to crack. However, this evolved quickly with better and better methods. PTW is the latest and best method so far. It requires only 40k packets and a few seconds of CPU time. Therefore, we can trust this method will probably work, although there might be caveats (such as man-in-the-middle attacks on TKIP packets).
The moral of the story is that you should always have been planning WPA2-AES-CCMP eventually, and been planning to rely upon that for many years. If you planned to only do WPA-RC4-TKIP, then you were wrong.
EDIT: This Ars Technica story interviews Erik Tews and clarifies that the attack doesn't break the key, but instead only allows you to inject a few small packets.
EDIT: The "chop-chop" attack works because RC4 encrypts by XORing against a keystream. AES doesn't do that, it encrypts blocks directly, so chop-chop attacks won't work against it.
Subscribe to:
Posts (Atom)
