The blogosphere has reported recently that Jason Crawford of Lockheed Martin's Wireless Security Lab has managed to crack a WPA-encrypted network with a bunch of Sony PlayStations. Hopefully he didn't break them in the process. So what's the purpose? Read on.
The Lockheed wireless lab is engaged in all sorts of interesting research in the way of discovering security flaws in wireless networks before the bad guys do. And while cracking WEP can be done by my grandma (OK, maybe not), you need some serious horsepower to crack WPA. According to Jason Crawford of Lockheed's wireless lab, "The PS3s use a processor called the Cell Broadband Engine, and it's so insanely fast that it didn't take long for us to crack networks once we started writing some software for it," Crawford says. "I set up a cluster of about eight PS3s. ... Getting them together wasn't all that expensive."
Of course, there are two flavors of WPA, and I'm still investigating which flavor Jason Crawford was able to crack. More than likely, Jason Crawford broke WPA-PSK. WPA-PSK relies on a passphrase for access to the secured network, and assuming that your passphrase is sufficiently long enough and uses random characters, it would be nearly impossible to brute force crack a WPA preshared key. But if you Wiki the PlayStation 3, you'll discover that the PS3 hardware has been used to build supercomputing environments, and that's exactly what you'd need to break WPA-PSK by brute force.
Of course, the weakness of WPA-PSK lies not in the strength of its encryption capabilities, but in its reliance on a passphrase. You break the passphrase, you break the network, and that has disastrous implications for some of the military-based projects that Lockheed is working on. According to Crawford, "The military has a vision of having an IP address for every soldier and weapon," Morrison says. "They're not going to be trailing wires around on the battlefield, but that can lead to some vulnerabilities."
For a military application, however, I'm going to assume that the more secure, RADIUS-based version of WPA will be used, WPA-802.1x (AKA WPA-Enterprise). In fact, don't you think it makes more sense to develop a proprietary encryption algorithm? Ideally, it would be something without an IEEE designation that's stamped "Top-Secret." I'd hate for the Iranians to crack the network and start remote controlling some of our military Humvees.
