Forgot your password?
typodupeerror
Wireless Networking Encryption Security Hardware

Cisco's LEAP Authentication Cracked 162

Posted by CowboyNeal
from the cisco's-bad-week dept.
mtrisk writes "Just a day after Cisco released a security warning about its WLSE access point management tool, a tool to crack wi-fi networks using LEAP authentication has been released, reports Wi-Fi Networking News. The tool, called Asleap and developed by Beyond-Security, actively de-authenticates users, sniffs the network when the user re-auntheticates, and performs an offline dictionary attack upon the password."
This discussion has been archived. No new comments can be posted.

Cisco's LEAP Authentication Cracked

Comments Filter:
  • Not Cisco's week (Score:5, Informative)

    by Novanix (656269) * on Saturday April 10, 2004 @11:45AM (#8824760) Homepage
    Man to say this isn't Cisco's week would be an understatement. It can also read saved libpcap and airopeek captures. It also can save the required data only to a file for later processing so you can use it on a Palm or WinCE device. Also, for those who just want to get started: Windows Binary [slashdot.org] | Source [slashdot.org].
    • Re:Not Cisco's week (Score:5, Informative)

      by nova2 (765982) on Saturday April 10, 2004 @11:47AM (#8824775)
      Better links: Windows [sourceforge.net] | Source [sourceforge.net]
    • Re:Not Cisco's week (Score:5, Interesting)

      by Shakrai (717556) on Saturday April 10, 2004 @12:09PM (#8824891) Journal
      Man to say this isn't Cisco's week would be an understatement. It can also read saved libpcap and airopeek captures

      Yeah it's been a bad week for Cisco but they aren't Microsoft. They won't ignore these problems. You'll see firmware updates to fix the password problem in a week tops (if it isn't already out). I suspect you'll also see an update to address the LEAP issues.

      The only reason to buy Cisco after all (in my experience -- I'm sure the detractors will speak up the minute I click post) is for the support.

      I recall a strange off the wall problem I had using an ISDN line card in a 2600 series router a couple of years back. The line card wouldn't co-exist nicely with the 56k DSU/CSU line card in the other slot. After a few days the ISDN interface would choke and die and the router would need to be rebooted.

      After working with our vendor's (Ingram Micro) Cisco support group and trying about a million different IOS upgrades they referenced us to Cisco -- the Cisco that we didn't even have a support contract with. They actually flew somebody out (we are on the East Coast) to look at the problem and released a specific IOS upgrade to address that issue once they confirmed it.

      Do you think Microsoft would do that for the small time Insurance Agency with one large router (and a couple of smaller ones in our remote offices)? A lousy $6,000 router at that (money for us -- pocket change for Cisco). That's support and that's the reason why I will continue to buy Cisco products even if they are insanely overpriced.

      • by dave_t_brown (447547) on Saturday April 10, 2004 @12:59PM (#8825134)

        Yeah it's been a bad week for Cisco but they aren't Microsoft. They won't ignore these problems. You'll see firmware updates to fix the password problem in a week tops (if it isn't already out). I suspect you'll also see an update to address the LEAP issues.

        Except that they've known about this problem for months, and the security flaw is not entirely inherent in the protocol. Forcing users to choose strong passwords will provide significantly more protection to a "LEAP-protected" networks than any patch that Cisco could issue for LEAP.

        I am entirely unenlightened on EAP-FAST, Cisco's replacement for LEAP, but I'm pretty sure it would be a significant deployment effort for IT to upgrade both the infrastructure and the client devices.

        • Best to use EAP-TLS. It's based on x.509 certs instead of passwords, so there's no way to do a dictionary attack.

          Problem is, most corporations don't have the wherewithal to deploy a PKI to all users just for wireless access. (Though if you're willing to reduce the strength of your PKI certs to the same assurance level as a username and password, you can use MS 2k3 Active Directory certificate services autoenrollment.)
      • Re:Not Cisco's week (Score:5, Interesting)

        by JackAsh (80274) on Saturday April 10, 2004 @01:00PM (#8825152)
        Yeah it's been a bad week for Cisco but they aren't Microsoft. They won't ignore these problems. You'll see firmware updates to fix the password problem in a week tops (if it isn't already out). I suspect you'll also see an update to address the LEAP issues.

        Read the article - the LEAP problem was reported to them in AUGUST 2003.

        I agree they are not a Microsoft, and they are generally much more responsive, but how would you feel if you had over the past six months implemented a major, wonderful, well protected Cisco LEAP wireless network? Only to receive the news that "yeah, we kinda knew since August our security sucked" (for the record, I am NOT in that situation, but LEAP was a contender for our upcoming wi-fi implementation).

        Honestly, Bruce Schneier was recently saying that it's no longer about the crypto, as anyone can do strong crypto these days. It's about the factors around it, like usernames and passwords, physical security, but most of all, implementation. You'd think that something which was hailed at the time as the solution to the broken WEP protocol would be partially secure... Ugh. Now I'm just ranting.

        -Jack Ash

        • Re:Not Cisco's week (Score:4, Informative)

          by ca1v1n (135902) <snook@@@guanotronic...com> on Saturday April 10, 2004 @01:40PM (#8825445)
          They've known for a long time that LEAP is inherently flawed, and no patch can fix it. That said, it's a hell of a lot simpler to deploy than more secure things like EAP-TLS. This attack still requires an offline brute force decryption attempt. Granted, it may be a highly accelerated brute force decryption attempt, but if you don't allow your users to use passwords that are vulnerable to dictionary attacks, LEAP is Good Enough for many purposes.
        • Using your situation, couldn't you argue that Cisco made some false claims, engaged in false advertising, and if you got a contract with them... negotiated in bad faith? This seems like it should be s serious issue for their 'newer' customers and maybe they deserve some sweeteners to be added to their contracts.
      • Are you somehow comparing code complexity of router firmware to that of an OS? Because if you are, that's just absurd.

        The reason they flew someone out is probably because they wanted to confirm the situation... it is in their best interest after all.

        The reason why Microsoft doesn't fly people out isn't because they don't care, it's because a) you're dealing with software (not firmware) which can submit bug reports, b) reproducing the problem on their servers will most likely work (software is generally

        • IOS is an OS. It's quite router-specific, but it is an OS nonetheless. As is JunOS on Junipers (Which is FreeBSD based).

          Even many dinky little routers actually run Linux as their OS.
        • You know the problem with this thread is that most of the comments have nothing to do with the story. A problem is discovered in a Cisco product and so we get immediate speculation about how Microsoft would have reacted to the problem.

          It brings to mind the GOP claim made immediately after 9/11 that it was all Clinton's fault, nothing at all to do with them, oh and no way would Gore have taken the decision to invade Afghanistan. As a result of making these silly statements the administration is now having

      • Yeah it's been a bad week for Cisco but they aren't Microsoft. They won't ignore these problems.

        Not quite true. Their IPsec extension called XAUTH has got the same problems, and and these have been ignored for years:

        http://www.ima.umn.edu/~pliam/xauth/

        There's a recent rediscovery of the problem archived at: http://www.securityfocus.com/archive/1/347351

        The only reason to buy Cisco after all [...] is for the support.

        Exactly, and that's why it's sometimes so painful to be a Cisco customer. You have t
  • Insight appreciated? (Score:5, Interesting)

    by monstroyer (748389) * <devnull@slashdot.org> on Saturday April 10, 2004 @11:47AM (#8824772) Homepage Journal
    As a small business, i use a Linksys wireless router. Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless? I'd really appreciate a summary of what all the fuss is about and how it affects people who don't run mega corps. Thanks.
    • by rusty0101 (565565) on Saturday April 10, 2004 @11:53AM (#8824805) Homepage Journal
      Not sure I can alleviate all your concerns, however...

      The easiest way to see if you are affected by this issue is to get the model number of your access point, and go to the Linksys website. See what capabilities your AP has, and if the AP supports the LEAP authentication protocol.

      If it does not, you are probably immune to this particular disorder. Beyond that I would say do not manage your AP over the wifi connection, without another encryption, and if possible disable login to the AP from the Internet. Beyond that I would recomend getting a good book on WiFi security, some have been reviewed here, though how good they are, I can't really judge.

      -Rusty
      • If it does not, you are probably immune to this particular disorder.

        Right. But this is like telling the Ebola patient that he doesn't appear to have cancer.

        If you aren't layering some sort of VPN-based security on your wireless network, complete with firewalls on every wireless device that seal off everything other than the VPN connections, you're insecure.

        If being insecure is a problem for you, you had better address it. Quickly. And LEAP is no longer an option.

    • by Anonymous Coward on Saturday April 10, 2004 @11:54AM (#8824809)
      Your WEP 64 is already trivial to defeat with sufficient captured data (numbers fail me at the moment.. though something tells me that it may be in the many hundreds of megs captured).

      Moreso if your router is older and produces the 'weak' packets that programs like Kismet detect (in which case, hundreds of megs becomes hundreds of kilobytes :-P )
      • (numbers fail me at the moment.. though something tells me that it may be in the many hundreds of megs captured).

        Any WEP implementation can be broken with about a million packets, so says the documentation for AirSnort.
    • by AKnightCowboy (608632) on Saturday April 10, 2004 @11:54AM (#8824813)
      Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless?

      This is for Cisco wireless products (their Aironet series for example), not Linksys products. I'm sure they're still pretty seperate companies even though Linksys may be a wholly owned subsidiary. i.e. Linksys access points don't run IOS (hell, some run Linux). Plus, your Linksys box wouldn't support LEAP anyway. Now, the problem with you is that 64-bit WEP is already easy to crack with enough data so it's a thin veil of security, nothing more. Don't rely on it to encrypt your traffic! If you're doing anything that needs encryption then use higher layers like SSL or even IPSEC.

    • by Shakrai (717556) on Saturday April 10, 2004 @11:55AM (#8824823) Journal
      As a small business, i use a Linksys wireless router. Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless? I'd really appreciate a summary of what all the fuss is about and how it affects people who don't run mega corps. Thanks.

      I haven't seen any Linksys hardware that uses LEAP but I haven't bought or used any since Cisco bought them out -- not out of distrust or dislike of Cisco -- just haven't had the chance or reason to.

      I have used LEAP before in the Aironet 350 series AP from Cisco. My hunch says that LEAP is still limited to the Aironet line (Linksys is more targetted at home users while Aironet is for Enterprises) but I could be wrong. In any case I wouldn't call your Linksys AP secure just because it doesn't support LEAP. There are other ways to break WEP/mac address protection that have been discussed here before.

      I purposely leave an AP on my home network. I figure it's an easy out if I get busted for downloading mp3s or Windows source code ;)

    • by FauxPasIII (75900) on Saturday April 10, 2004 @11:55AM (#8824826)
      > hardware found in big companies like Bell Canada, and not my WEP 64 wireless

      Correct; asleap won't crack your network. However, airsnort will.

      http://airsnort.shmoo.com/

      So far as I'm aware, there hasn't been a link-layer security protocol for wireless made yet that
      hasn't been cracked. That's why I run ipsec.
      • How much damage can be done if somebody cracks your WEP? I am not particularly worried if someone is using my connection as much as I am worried that someone will get my private information like credit card numbers. If I only use machines on the wired LAN to keep and transmit private data, does that protect me?
        • > How much damage can be done if somebody cracks your WEP?

          If somebody breaks into your WEP, they can do anything that any machine on your LAN can do. That is, they can sniff your traffic, they can access any internal servers that use only IP address checking for security (NFS is commonly set up this way) and they can use your connection to the net. The latter is more serious than you might think; for instance, what if they launch a DDoS, port-scan a bank, or serve child pornography from your IP addres
          • Couldn't you just filter by MAC address and be done with it? That's how I do things and I haven't had any real problems, although it is admittedly a pain in the ass.
            • MAC addresses can be sniffed too and cloned. Just about every NIC has the ability to have it's MAC set in the driver nowadays. Heck, in routers, it's a semi-big selling feature to be able to "clone" a MAC address (used if your ISP filters access by MAC).
              • That is true, I forgot about the manual MAC settings. I guess the only real key to security is disconnectivity.
                • I find it important to remember that security is not an on or off state. Any given system exists somewhere on a continuum between security and convenience. You just have to decide where on that continuum you want to be.

                  For instance, it doesn't do much good to spend hours setting up a cumbersome cryptographic scheme for your wireless LAN in order to protect your internal file server, if you only have normal household padlocks and no human guards on the server. Attackers will always find the path of least
      • So far as I'm aware, there hasn't been a link-layer security protocol for wireless made yet that
        hasn't been cracked. That's why I run ipsec.


        A wireless network using Windows RADIUS is pretty secure; the vulnerability in WEP requires many packets to go down the pipe in order to be visible. RADIUS requires IEEE 802.1x authentication, and assigns each user their own rotating key based on that. Unless a user stays connected to the network for days at a time, it's theoretically unbreakable, as the key rotatio
    • Bin it now! Not because it's insecure, bin it cos it's crap.

      BTW, if you're running standard WEP it's pretty easy to get into your network anyway.

    • by ph4s3 (634087)
      First of all, don't use WEP. Many many articles about it being broken have been written. At a minimum you should be running a linksys with at least v1.41 (1.42?) of the firmware and be using the WPA security.

      If you're doing anything that needs real encryption, such as administering anything requiring strong passwords or doing financial transactions, you should be researching a VPN layer or something along those lines.

      Along the same lines, this seems to open up a new service category... VPN service a
    • I can't alleviate your fears with regard to your wireless router.

      While Cisco owns Linksys, they don't use LEAP on that device (LEAP is typically used in enterprise contexts for wireless access...). However, your WEP based device is actually every bit as vulnerable because WEP's been cracked for pretty much any number of bits and has been for some time. LEAP was being touted as the fix to the problem and Cisco was flogging it pretty heavily- we now know that LEAP's not any better than WEP in all practical
    • As a small business, i use a Linksys wireless router. Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless? I'd really appreciate a summary of what all the fuss is about and how it affects people who don't run mega corps. Thanks.

      The vulnerability is if you use 802.1X authentication with the LEAP protocol.

      The Access Point doesn't have a security flaw in it, the LEAP prot
  • by bfg9000 (726447) on Saturday April 10, 2004 @11:49AM (#8824780) Homepage Journal
    What are these guys, the Microsoft of hardware?
    • by PoopJuggler (688445) on Saturday April 10, 2004 @11:51AM (#8824793)
      Wouldnt that make them Microhard?
    • Can't we accept some problems with EVERY piece of software or hardware. At least they tried to make a product to make up for existing wireless security.
    • by Svartalf (2997) on Saturday April 10, 2004 @11:57AM (#8824836) Homepage
      It's WHY you really, really ought to have a cryptologist design your subsystems if at all possible. If it's not possible, you need to have them AUDIT it at the very least. Suffice it to say, each and every one of the wireless designs so far seem to be fairly flawed- and I don't believe that a single one was designed by or audited by a competent cryptographer (Someone like Schneier comes immediately to mind- never mind how expensive this sort of person will be for you with the design work or an audit, the embarassment and increased liability for exploits on the system make it far, far more expensive to NOT hire them...).

      I'm a fairly competant amateur- I know better than to assume anything I or anyone else that's not an SME produces in this arena is anything but vulnerable until proven otherwise.
      • There's another thing that I don't understand. Why use yet another method of encryption for wireless? Why can't the AP or router behind it be set up for a VPN. My company doesn't trust the internet, so it uses a VPN. If you don't trust your WIFI link, why not use a VPN?

        This is the setup I have at home:
        My AP is connected to it's own NIC in my router box (running linux). The DHCP server on the box will give people coming over that interface non-routable IPs, and iptables is configured to drop everything not
      • Who are you going to trust? In '95 I wondered into a student dorm in Wash DC to buy a pixel machine. The price of the device went up by the time I got there and I wondered off to the ATM and when I got back the box had a "better offer" and disappeared. It had 82 CPUs that could deal with 40 des real quick. When it comes to cryptologist they come in 3 flavors, 1) the gov't versions, 2) civilian grade and 3) amature. From what what I've seen type 2==type 3. Take a look at how Schneier describes him self
      • by kbonin (58917) on Saturday April 10, 2004 @01:44PM (#8825466) Homepage
        When I quit Cisco, I was the only real security programmer left in my business unit - all the other positions had been "outsourced" to Bangalore. That team didn't write "bad" code, it just wasn't robust. And they didn't get it. And management didn't care. And marketing just wants it to ship with the feature checklist complete.

        I said it below, I'll say it again here. Companies have to CARE enough about security to have experienced crypto people do this sort of work. To design it, to implement it, and to test it.

        But now its all about keeping things cheap.

      • It's WHY you really, really ought to have a cryptologist design your subsystems if at all possible.


        No!!!!!!

        Seriously, the last thing we need is slow hardware.

        The trick to beat hackers and crackers is put out so much variety they have no idea what the hell to do. Seriously, if 99% of people didnt run the same hardware and software for everything hackers would cause very minimal damage.
        • Seriously, the last thing we need is slow hardware.


          1) Some of the fastest hard crypto (i.e. military grade...) came from the very person I mention as an example.

          2) Variety can only take you so far- chaff, etc. can make it difficult, but in the end, you basically end up with the same level of vulnerability you had in the system to begin with. Even variety doesn't make up for a weakness in your system.

          • Some of the fastest hard crypto (i.e. military grade...)


            Your talking to someone who worked in DOD. Theres no such thing as military grade crypto. Its the same stuff you find in the consumer market. When the use Cisco hardware they dont load anything special on it. Thats why you hear of crackers/hackers getting into them or military projects hurt by simple things like Microsoft Windows worms.


            Even variety doesn't make up for a weakness in your system.


            Sure, but which system? Ill use a simple exa
  • Wifi is once again unsecure.

    -Grump
  • dictionary attack? (Score:5, Interesting)

    by Njovich (553857) on Saturday April 10, 2004 @11:51AM (#8824796)
    Sure, this is a well done cracking tool, but isn't "cracked" a bit sensationalistic considering it still requires brute forcing the password? The weakness remains the password here, hardly the authentication scheme... good luck dictionary attacking a good password!
    • by Anonymous Coward on Saturday April 10, 2004 @12:05PM (#8824873)
      Yeah, let me tell you, a dictionary attack WILL break a cisco router in seconds, every time.

      Of course, not just any dictionary will do: you need a dictionary with not only simple English words, but with long definitions and even off-beat, obsolete words.

      Routers are quiet small in the scheme of things, and they really can't stand up to a quick beating by, let's say the Oxford English dictionary, especially if the router is opened up and the electronics are exposed. No, those little dictionaries you get with a subscription to Time magazine won't do (after all, Time's vocabulary is pretty light-weight to begin with).

      However, a quality rack-mounted cisco router will likely be protected in a secure data center or other secure closet. in that case, you'll have to take all the words in the dictionary and hash them up. And if the users aren't dumb, they'll pick tough passwords. It can take many years (or even decades) to successfully attack quality passwords.

      I think the physical dictionary attack is the easier approach. Unless you permit your users to choose stupid passwords (like mine: "17Trees")

    • by MBAFK (769131) on Saturday April 10, 2004 @12:06PM (#8824877)
      "good luck dictionary attacking a good password"

      The time to brute force the password is a combination of many factors not just the strength (length and composition) of the password. The amount of resources avaible to compute the hashes and the complexity of the algorithm used to create the hashes have a large effect on how long it will take to compute a match.

      In this age it is becoming possible to precompute the hashes and then look them up, in that case the "strength" of the password becomes less important.
      • Aren't you assuming that the relationship between the number of bits in the password and the number of bits in the hash are not one to one?

        If the number of bits possible in the password are 256, 512, or 1024, then password strength definitely does matter.

        +2
      • "In this age it is becoming possible to precompute the hashes and then look them up, in that case the "strength" of the password becomes less important."

        I would love to know how this works -- I thought it was pretty much useless. First because the storable keyspace is so much tinier than the total keyspace, and second because of salts.

        IANACrypto person, but the basic idea with salts is that the router would say 'please send me your password hashed with the string "abcdefg".' The client then says, "oh, of
        • OK speaking as somebody that started doing this years ago vs unix crypt function commonly used to store passwords. The salt does add to the number of permutations as for each cleartest password you need to crypt it with every possible salt.

          I think the funny bit about this is there is allready a fix anyway it's SecurID as it rotates the password at every signon it invalidates this program as knowing the password does no good.
    • I don't think so - in my experience, most infrastructure equipment have terrible passwords. The truth is a simple dictionary attack would probably crack half the cisco routers out there. Just because it isn't sophisticated doesn't mean it won't work.
  • by Moderation abuser (184013) on Saturday April 10, 2004 @11:52AM (#8824798)
    Cos the very very large corporation which I very recently used to work for has just rolled out Cisco based wireless across *all* of it's sites worldwide.

  • by FreeLinux (555387) on Saturday April 10, 2004 @11:52AM (#8824799)
    Because if you are using a Cisco network it is self-defending, self-securing and self-healing. No, really. I saw it on TV.

    They had this little girl on the computer and she like, downloaded a worm. But, the network saw it and popped up a message on her screan that the worm was there. Then it said that it was like, isolating the worm and everything. Then it like, popped up another message that said the worm had been destroyed. It was like, way cool and I didn't even know that Cisco like, made antivirus software.

    Of course the above is a joke but, what is not funny is that the television advertisement is well done and likely to be very influential to the typical PHB who will buy it hook, line and sinker.
  • by cdavies (769941) on Saturday April 10, 2004 @11:59AM (#8824851) Homepage
    .. with my Open System Wireless, with MAC address access control, but at least my intruders will be using a better class of operating system, on which you can easily spoof MACs.

    Script kiddies using canned cracks on me from Windows machines would just make me feel dirty.

  • by codepunk (167897) on Saturday April 10, 2004 @11:59AM (#8824854)
    I seen the leap cracker downloadable for at least several months now. This means it has been in use for quite some time no sense in worrying about it now.
  • Not quite a crack (Score:5, Interesting)

    by russotto (537200) on Saturday April 10, 2004 @12:02PM (#8824866) Journal
    This is an offline dictionary attack, not a cryptographic break as has been done to WEP. If you use a strong password (one not in the dictionary), this won't break it. I don't know if preventing offline attacks was a goal of LEAP; if it was, it's fair to describe this as a crack, but if not, this is really just a tool to automate what was already known to be possible.
    • Re:Not quite a crack (Score:3, Informative)

      by wasabii (693236)
      Read the article. They use a weakness in the establishment of the connection to DRAMATICALLY reduce the time it takes for a dictionary attack, by gaining knowledge of the last two bytes of the NT hash.
      • Thanks for the correction, it took me a couple of links to find that, but you're right; this is a crack. Cisco should have known better than to use MS crypto.... It's still a dictionary attack, in that the 45M passwords/sec depends on having a precomputed dictionary... but it's probably practical nowadays to precompute some pretty decent lists.
    • If you use a strong password (one not in the dictionary)

      Well, if you were to try every possible combination, it would take 185 days to crack any 8 letter or less password, given the quoted rate of 45 million password tries per second that the author quoted
  • Since large businesses use secure VPN over any insecure channel (wireless, internet, dialup, even inside their own wired network) then it will only affect small businesses or those with poor security specialists who try to save money by putting the security into the network infrastructure.

    Unfortunately while the firmware may be upgradeable, the cryptographic functions are usually implemented in hardware (better performance) and it may be hard, if not impossible, to secure the authentication so this kind of attack is harder.

    What they really should do is have a public/private key for each access point, with the SSID set to the public key. Then any client can transmit to the access point without possibility of eavesdropping. This would be used to set up the secure LEAP session. Since the password is never sent back to the client then it's not going to be breakable by offline brute force attacks.

    Of course, in the end anything is breakable given enough time and/or money.

    -Adam
    • by raehl (609729)
      Of course, in the end anything is breakable given enough time and/or money.

      Or a big enough hammer.
  • Offline attack (Score:5, Interesting)

    by Knightmare (12112) on Saturday April 10, 2004 @12:20PM (#8824931) Homepage
    Many people here are talking about the length of time it takes to brute the password. I saw a demonstration of the asleap tool about 1/2 a year ago and it took 15 seconds to reveal the password. Something you need to keep in mind is the fact that there is no salt involved in the password hash for LEAP. So a precached hash of the possible passwords is very easy. All you need is lots of disk space and a well written index of the hashes.

    There are quite a few others that are saying well thats only if you let your users pick bad passwords... Come on guys, have you actually worked in the real world? Normal users can't remember crazy passwords, they are going to pick their dog and their favorite football player's number put together. Or their aniversary and the current food they are eating.

    Keeping a dictionary of enough passwords to get into the network would be trivial. All you need is one user with a weak password to get in, after that who cares how strong the rest are.
    • Re:Offline attack (Score:3, Interesting)

      by Anime_Fan (636798)
      Come on guys, have you actually worked in the real world? Normal users can't remember crazy passwords, they are going to pick their dog and their favorite football player's number put together. Or their aniversary and the current food they are eating.

      At least we force hard passwords for administrators.
      I've got some 7 complex passwords for admin accounts at work.
      Add 2 for my regular accounts there.
      Add 1 for Lotus Notes there.
      Add 1 for my user at my home server.
      Add 1 for root at the server.
      Add 5 for the enc
  • by throwaway18 (521472) on Saturday April 10, 2004 @12:22PM (#8824939) Journal
    A conspiracy theory.

    WEP is broken by design. A few engineers who don't know anything about cryptanalysis making their own encryption system that turns out to be broken is quite plausable however wifi standards are set by the IEEE. The IEEE is not stupid.

    Was WEP deliberatly broken to make government snooping easier?
    That may seem ludicrus now but what if the likes of consume [consume.net] suceed in their goal of building mesh networks across citys? Securing wireless connections at VPN or application level is so much hassle that only 0.01% of users bother.

    The reaction of the American government to the new Chinese wifi encryption standard lends weight to this theory. Supporting WAPI just means hardware manufacturers have to write a bit more software. Once it's in the software it will no doubt be supplied as standard worldwide. It may actuall be secure with little work. Why else would the American government threaten retailation over somthing so obscure?
    • WEP was weak (not broken) by design: when the spec was being designed, the US government still had its onerous cryptographic export restrictions (classifying them as munitions) and one person involved in setting the WEP spec said they erred towards weakness in part because of that climate, and in part because they didn't have computational juice available. The broken parts are just broken, but the strength was intentional.

      On the Chinese front, you're way off base. The problem is that the Chinese government
    • Securing wireless connections at VPN or application level is so much hassle that only 0.01% of users bother.

      Ever hear of SSL? How difficult is it to open a browser and go to an SSL website? How difficult is it to use IMAPS or POPS? How difficult is it to use SSH instead of Telnet? Getting users to understand PKI and client side certificates to manage in their IPSEC VPN client is one thing (and I agree it's entirely too complex a solution for the problem people use it to solve), but teaching users to t

    • Related to this, since I've gotten into networking, oh 18 years or so ago, I've been told that it is illegal to develop your own encryption that can't be broken by the government. So you either don't use encryption, or you must use a publicly available encryption like WEP, SSL, etc.

      What I want to know is, is this true? Would sending random looking data to some IP addresses get you into trouble?

      -1
  • by acz (120227) <z@[ ]t.org ['her' in gap]> on Saturday April 10, 2004 @12:23PM (#8824948) Homepage
    Slashdot's always a bit late on interesting security issues. This news [hert.org] was on the Hacker Emergency Response team beta new website [hert.org] a few days ago.


    The site which accidently looks a lot like slashdot, focuses on quality security news; no vuln reports people don't care about... all the latest news and white papers.


    A cool white paper on utf-8 shellcodes was released [hert.org] on it too.

    • The site which accidently looks a lot like slashdot,

      Are you sure that incedentally wouldn't be a better term? Lots of developers start with slashcode when building their forums, and they are not ashamed of the fact (nor should they be.

      It only makes sense to use something that works well and is already written if it asddresses your needs and is offered freely by its creators.

      no vuln reports people don't care about...

      It's nice to know that their knowledge is so complete that they can make that decision
  • "Cracked"? (Score:2, Insightful)

    by Anonymous Coward
    Whee! /. goes security journalism:

    Dictionary attack == LEAP is cracked!
  • by hta (7593) on Saturday April 10, 2004 @12:38PM (#8825008) Homepage Journal
    So NOW I know why everyone's telling me that LEAP is not the end-game, and we need to move to systems based on PEAP (which is supposed to be an open standard, as opposed to LEAP which is proprietary) or some other, even newer variant.
    Security protocols are like windows (the physical kind). Once they're broken, duct tape is not the answer.
    • Show me a PEAP implementation for Linux, or Mac OS/X, if PEAP is so 'open'.

      • I have seen a lot of half-truths in responses here.

        PEAP is not an open standard. But there are Linux clients available for PEAP. Meetinghouse sells one, for example.

        Cisco and Microsoft competed for different PEAP standards, while Funk Software competed with PEAP using a EAP-TTLS standard.

        PEAP (protected EAP) is suppose to be the succecessor for LEAP (light EAP, which may explain why Cisco has not released any type of update for LEAP yet.

        Also, Cisco is also releasing an EAP-FAST to help with secure han
        • PEAP could reasonably be described as an open standard, but it has two problems:

          It's unfinished, and there are implementations of different (incompatible) drafts in use.

          Many implementations only support a very restricted set of EAP types over PEAP (eg EAP-MS-CHAP-V2 for microsoft and EAP-GTC for Cisco) which is a problem for interoperability.

          The former problem should be resolved as the PEAP version 2 specification matures.
  • by eggboard (315140) * on Saturday April 10, 2004 @12:52PM (#8825083) Homepage
    The LEAP problem is pretty egregious because PEAP and EAP-TTLS are in wide use -- both of which encrypt the authentication process protecting against just sucking down a transaction for offline analysis. PEAP was supposedly supported by Microsoft and Cisco, but I don't see how Cisco is supporting it by releasing EAP-FAST, which is an alternate approach that's not as strong as PEAP. (PEAP is also supported by Mac OS X 10.3, just by the way, as well as third parties who made 802.1X authentication software clients.)

    But remember that this problem isn't limited to LEAP. As Robert Moskowitz of ICSA Labs wrote last November, poor WPA preshared key passphrase choice can allow WPA keys to be cracked [wifinetnews.com]. WPA (Wi-Fi Protected Access) is a fix to WEP that involves dramatically more complexity and sophistication in deriving per-packet keys.

    However, if you choose a dictionary-crackable passphrase of under 20 characters in WPA, you hit the same problem as LEAP: a cracker can trigger a deauthentication, capture the reauthentication in less than a minute, and then crack at their leisure.

    WPA-PSK will probably only be used in home and small office networks, where passphrases may be poorly chosen. I have spoken to manufacturers about changing the presentation layer: don't let users pick bad passwords. So far, to no avail. Not even a recommendation from the Wi-Fi Alliance.
  • Allways on the ball (Score:5, Informative)

    by RustyTaco (301580) on Saturday April 10, 2004 @01:22PM (#8825309) Homepage
    Wow, this is slow on the uptake even for slashdot. This was demonstrated last year at DefCon in August. It works because, as somebody else mentioned, there is no salt on the hash so you can pre-compute massive hash dictionaries. Also, it's a bastardized MS-CHAP which stupidly pads the hash with two constant characters so you can almost instantly cut down the keyspace you need to brute force by a huge margin.
    The limiting factor is how fast your attack machine can read your pre-computed dictionaries off the disk.

    - RustyTaco
  • by kbonin (58917) on Saturday April 10, 2004 @01:29PM (#8825363) Homepage
    This is yet another example of why you need to hire security programmers with actual experience in the field, not just outsource it to a cheap Indian programming group with no real experience writing robust protocols.

    I'm an ex Cisco security programmer, and thats exactally what was happening before I quit. I wish I could say more...
  • It's funny how much effort people put into solving the wrong problem - if you simply treat your wireless network like the Internet and secure your actual services, none of this is a concern.
  • OUTSOURCING (Score:4, Interesting)

    by ShadowRage (678728) on Saturday April 10, 2004 @02:43PM (#8825815) Homepage Journal
    anyone think this is due to outsourcing besides me?

    just after cisco started utsourcing, their products have become faulty, sure, the programmers in india are pretty smart, but most are quickly trained amatuers who are usually new to coding secure applications. anyone else think this may be the case?
  • dictionary attack ? (Score:2, Interesting)

    by Anonymous Coward
    Maybe people should stop using dictionary words for passwords?

    I think of a phrase and take first letter of each word, like

    Top of the morning to you ==> totmty

    etc..

<<<<< EVACUATION ROUTE <<<<<

Working...