New Wireless Security Standard Has Old Problem? 249
eggboard writes "Wireless security expert Robert Moskowitz, who sits on IEEE and IETF committees on that subject, sent me a short paper on a glaring weakness in the Wi-Fi Protected Access (WPA) protocol that's replacing the weak and broken WEP system well discussed here at Slashdot. His paper, which I've posted here, proves definitively that while WPA itself remains robust and secure, the interface for choosing consumer passwords makes it simple to snarf a tiny bit of network traffic and perform an offline dictionary attack. For Slashdot readers, this probably seems trivial, but because Linksys, Apple, and others are letting users enter My Dog Has Fleas as their passphrase, WPA might be less secure for home users than WEP."
My Dog Has Fleas? (Score:5, Interesting)
My Dog Has Fleas is a positively fantasic password compared to the usual choice of a middle name, spouse's name, child's name or birthdate.
Or, of course, the infamous "password."
WEP newbie question - how bad is it? (Score:3, Interesting)
I did some reading on WEP and it sounds pretty frightening. Today I'm going over to set up the same kit for a friend who's NOT a slashdot type. I'm pretty-well used to data protection issues, and I take reasonable precautions and would also not freak out if something Bad happened. But I'm wondering what I should tell my non-techie friend.
Practically speaking, just how vulnerable is WEP? If my friend has a good non-dictionary password and uses "256 bit" encryption, is he reasonably safe from casual hijacking?
That's certainly what the manufacturers would have us believe, and the low prices and ubiquitous Starbucks access points seem to be causing a lot of folks to adopt wireless, at least out here in silicon valley.
Having read up on the security problems, I'm now hoping some of you can provide or point to real-world scenarios.
Hope this isn't too off-topic...
Re:Some security is better than no security (Score:3, Interesting)
(1) From running dictionary attacks against three sets of passwords.
Computer science students: 75%
Public forum #1: 65%
Public forum #2: 75%
My Dog Has Fleas (Score:2, Interesting)
it's l-i-n-k-s-y-s
my router has a SSID
it's l-i-n-k-s-y-s
RE: password security -- what about the old technique of using an acronym for something that wouldn't be hit by a dictionary attack? Um, like:
My Dog Has Fleas And Your Mom Does Too would create a password of "mdhfaymdt" ? Secure enough...and probably not in someone's best interest to share with anyone else.
one for the crypto/math freaks (Score:3, Interesting)
so, if your 128 bit or 256 bit or bit security system is ultimately based from a human-rememberable (and thus probably short) password, is there ANYTHING that can be done short of requiring 30 character passwords?
Re:My Dog Has Fleas? (Score:4, Interesting)
It refused to let me use a password longer than 8 characters.
I am talking about a release of IRIX that was pressed to CD in the year 2002.
Re:My Dog Has Fleas? (Score:3, Interesting)
Similiar problem with a Windows 2000 server using Services for Macintosh. Microsoft uses an old authentication model which doesn't support long passwords... unless you install Microsoft's client-side authentication model, which is too buggy to use (i.e. authentication windows pop up BELOW everything else).
Organizations Do This to Themselves (Score:3, Interesting)
Kerberos (Score:3, Interesting)
http://web.mit.edu/kerberos/www/
Re:At least use WEP! (Score:2, Interesting)
Most people who are just out casually wardriving are going to drive right by a locked network and hit one of the other 15 that are open.
And if your firmware allows it...
Go into the firmware and shut off the radio broadcast if you're not going to be using your wireless for some length of time. I wish manufacturers would include a radio shut off scheduler like some do for Internet traffic. So you could have your wireless radio broadcast automatically physically shut off at night and automatically come back on at 8 a.m. And a manual switch on the front of the WAP would be cool too since mine sits on my desk. I'd flip the switch to shut off the radio if I was going to leave for a while.
I'm probably forgetting a few things but those tips should help.
Re:At least use WEP! (Score:3, Interesting)
If you need additional services, you can tunnel those too; ssh can do it for free via Cygwin, but it takes a little time to set up. (each port requires a separate ssh command; you can script them if you always need several). You can also use a payware program like SecureCRT to forward multiple ports with a nice GUI interface.
With this kind of setup, WEP becomes essentially irrelevant. In fact, it may be a detriment, simply because you may get sloppy about not setting up your tunnels if you think maybe you're not being watched.
You can also do IPSEC, which will work with anything and won't require specific tunneled ports, but that's a lot more complex. SSH is simple, fast, easy, and pretty secure.
Re:My Dog Has Fleas? (Score:3, Interesting)
Re:WPA dictionary attack (Score:3, Interesting)
I'm sure the manufacturers would hope that people would just rush out and buy new WPA-capable equipment after junking their old WEP-only ones, but I'm figuring most people would just keep on using it (or is part of the WPA rollout going to involve a massive FUD campaign to instill The Fear Of Airsnort upon the general public?).
In which case, won't Airsnort et al retain "usefulness" well beyond the introduction of WPA and the ostensible "retirement" of WEP... ?
(Of course, none of this would apply to the people using completely unencrypted wifi. which is a yet bigger proportion of the wifi using population...).
Tell me about it. I practically orgasmed... (Score:3, Interesting)
And in typical Sun style, they created a new plugin architecture to support it. There are all of two useful plugins (the standard crypt is built into libc)...
Re:At least use WEP! (Score:3, Interesting)
That's not really great advice. If you can use WPA w/EAPOL, then use WPA w/EAPOL. If you can't be bothered to run an authorization server (or you don't know what that is), then use WPA w/PSK (pre-shared key).
Robert Moskowitz is telling us that securing a network with a poorly-chosen shared secret is a bad idea, because dictionary attacks are easy to mount. If your WEP key is an ASCII string of characters spelling out the word "PEANUT" then you're just as vulnerable (if not more) than if you had used that secret as your WPA pre-shared key passphrase.
Why? Because, in addition to the well-known weakness of WEP, it's also the case that an offline dictionary attack might succeed sooner. Just snarf a pile of WEP-encrypted frames and mount a dictionary attack on the raw WEP key used to encrypt the IP headers.
And if the access point is an Apple AirPort Base Station, then the WEP key is actually most likely the product of a hash function (one not widely published, but it's no secret). That's only a little speedbump.
The problem has always been there. It isn't getting any worse with WPA pre-shared key. If you can upgrade to WPA, you have no good reason to stick with WEP other than you're lazy. (Don't get me wrong-- lazy can be a perfectly good reason.)
And if you're a network administrator, and you care deeply about wireless security, because-- I don't know-- you're on contract to the U.S. Department of Homeland Paranoia, then install a RADIUS server and run WPA w/EAPOL. And spend the extra $49.95 per station for the hardware upgrade to support AES rather than TKIP. All your deepest fears should be ameliorated by this.
--
Re:one for the crypto/math freaks (Score:4, Interesting)
Your chance of winning the lottery is exactly the same if they change the winning numbers, or if they don't change them.
Making users change passwords does the following:
1) Annoys the users.
2) Users are likely to pick easy passwords to remember, rather than memorizing a really good password just once. Or worse, they will write the password down.
3) Does all that for no increase in security. Yay!
Re:open waps... (Score:3, Interesting)
Wait a minute. Person A has an open WAP. Person B downloads kiddie porn using person A's WAP. Assuming person A doesn't have a caching web proxy how does person A posess anything that person B downloaded? It isn't on his WAP (granted it was in his WAP's RAM for a few milliseconds), it isn't on his laptops, it isn't on his desktops, it isn't printed out in his house, it isn't hiding in his car.
Wouldn't that be like charging person A for kidnapping if person B drove across his lawn with a trussed up body in their trunk?
It doesn't pass the sniff test.
Now this being "anything to protect the children" America I can see them charging Person A with something else, some sort of aiding charge or something. (actually I guess they could charge you with anything, but getting a judge to not laugh at possesion when nothing is possesed seems like a long shot)
Re:open waps... (Score:3, Interesting)
Jolyon