Forgot your password?
typodupeerror
Wireless Networking Encryption Security Hardware

WPA Weak Key Cracker Posted 168

Posted by michael
from the bet-the-NSA-already-has-it dept.
Glenn Fleishman writes "The folks at TinyPEAP released a cracking tool to break Wi-Fi Protected Access (WPA) keys. WPA is the replacement for weak WEP keys in the original 802.11b specification. Robert Moskowitz of ICSA Labs released a paper almost exactly a year ago documenting how WPA keys that were short and lacked randomnness could be subject to cracks. This tool automates the process. Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits. Some tools exist to produce better keys, including chipmaker Broadcom's SecureEZSetup (in selected hardware) and Buffalo Technologies' hardware-based AOSS for automatic key generation and propagation. Enterprise-based WPA with 802.1X doesn't have this weakness: each user gets a long WPA key that's randomly generated and uniquely assigned--and can be frequently changed during a session."
This discussion has been archived. No new comments can be posted.

WPA Weak Key Cracker Posted

Comments Filter:
  • When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.
    • by Anonymous Coward
      When you really think about it, by nature the internet can never be too secure. I mean, your data is being transmitted through dozens of other servers to another point. Think about it.
    • by wcdw (179126) on Friday November 05, 2004 @10:26PM (#10739940) Homepage
      Theoretically, perhaps - but how secure does it need to be? All wireless traffic in my home uses SSH tunnels between the laptop and the firewall.

      When it becomes possible to conveniently crack SSH tunnels, I'll start to worry. By then, I'm sure there will be something better available. Meanwhile, you can sniff those ESP packets to your heart's content.

      This is trivial under Linux, and not much more difficult under Winblows (clients), and I'm surprised more people don't suggest it as an alternative to WEP/WPA.

      (My girlfriend uses Winblows w/ SSH Sentinel, and has only had one problem that rebooting wouldn't fix - in over 3 years. That one? Installing XP / SP2 turns on the [useless] firewall, which blocks the ports needed by the VPN.)

      http://www.theboyz.biz/ [theboyz.biz]Computers, parts, electronics, small appliances and more!
      • by Anonymous Coward

        Installing XP / SP2 turns on the [useless] firewall, which blocks the ports needed by the VPN.)

        That's what firewalls do...they block ports. Be they SP2 or some other variation this has nothing to do with the design of Microsoft's firewall and everything to do with the concept of firewalls.

        But since you've called Windows "Winblows" and labelled te firewall useless it's obvious you're lacking sufficient knowledge to know why the problem occured.
        • Re:By its nature... (Score:3, Interesting)

          by wcdw (179126)
          <snort> The FACTs are that when SP2 was installed, it altered the system configuration, and installed a perfectly useless product. (Actively dangerous, as noted by the bug which enables file/printer sharing across ALL connections if you have it on any!)

          As for not knowing what happened, it took me about 10 seconds to solve the problem. And, in fact, DID require a reboot, but then again, that's Winblows.

          As for lacking sufficient knowledge of firewalls, you're welcome to try and hack mine. It's bee
          • As for lacking sufficient knowledge of firewalls, you're welcome to try and hack mine. It's been up for 7 years now without an intrusion. And not for trying, according to my logs.

            Put your money where your mouth is and post your IP on /. then (;
            • What - you think you can hack my firewall, but you can't even find the IP from which I'm posting? Sorry, no cardboard cookies for you!
      • SS1 is weak in many ways. are you SSH2 only?
        Also, how good is your w32 software on picking session keys? host keys?
        Not saying you're insecure, just that you didn't mention basic 101 stuff about it. And ssh implementations on w32 are rumored to be all weak. :-/
        • Actually that's a finger slip (trying to hard to remember the name of the SSH Sentinel product ;) - actual implementation is IPSec VPNs. However, I do have all my SSH clients and servers set up for SSH2 only, and use SSH/SCP exclusively for remote access. Even across the VPN. ;)
          • by Alejo (69447)
            still missing: session keys and host keys. :)
            Plus how good is your OS at getting entropy? What symmetric encryption algorithm? What key exchange algorithm?
            And about ssh over vpn... a friend (known player @ crypto) told me once that you should never assume that re-encrypting would improve security, unless you are using a well known and tested method of mixing both encryption systems.
            Intention of this post is not bitching, but to try to make ppl aware it's not just "i use XXX, so im safe", but a very co
            • Re:By its nature... (Score:3, Interesting)

              by wcdw (179126)
              All good points, from a security point of view. I should point out that I do stay current on security patches, including randomness issues, and that ALL of the connections in these networks involve at least one Linux box.

              Regarding SSH over VPN, I don't do it for added security, and am familiar with at least some of the dangers multiple encryption layers can present. I do it because when the laptop is wireless, it CAN'T talk to anything without the VPN -- and there is no command line access to any of my b
        • Re:By its nature... (Score:1, Informative)

          by KingPunk (800195)
          just generate a key from /dev/urandom on nix. doesn't get any more random than that.

          and im fairly certian it won't be compromised any time in the near future
          ;)
          --kingpunk
          • > just generate a key from /dev/urandom on nix. doesn't get any more random than that

            Maybe you are talking about a specific implementation here (Linux I bet) and detaisl are sightly different between different unix like systems... /dev/urandom is not random at all, it is pseudo-random at best.

            The basic issue is that as soon as you think up a process that generates numbers in a way that you can describe mathematically, you also end up with a process uncapable of generating real randomness.

            You can get m
            • Re:By its nature... (Score:3, Informative)

              by peter (3389)
              > /dev/urandom is not random at all, it is pseudo-random at best.

              On Linux, that's wrong. /dev/urandom returns very high quality pseudo-random at _worst_. /dev/random never resorts to mere pseudo randomness, and read(2)s on it block until the kernel has accumulated enough entropy in its pool. (yes, Linux maintains an entropy pool which it seeds from random events so there is some true randomness waiting for programs like gnupg or statistical simulations that need it.)

              You're correct about everything
              • > On Linux, that's wrong. /dev/urandom returns very high quality pseudo-random at _worst_. /dev/random never resorts to mere pseudo randomness, and read(2)s on it block until the kernel has accumulated enough entropy in its pool. (yes, Linux maintains an entropy pool which it seeds from random events so there is some true randomness waiting for programs like gnupg or statistical simulations that need it.)

                Blahblahblah.

                1. the point of my post was to point out that you should verify that your random gener
                • > 2. You ensure randomness in the entropy pool, and thereby in the state of the
                  > random generator. The generator itself however is still pseudo random.

                  I think a pseudo-random generator continuously re-seeded with true randomness will produce truly random output, not pseudo-random output. Running true randomness through a good mixing function shouldn't destroy it, and neither should taking hashes of parts of the entropy pool.

                  Cryptographic strength is all about predictability, but for simulations
      • Do you have an alternative link for SSH Sentinel? ssh.com no longer has it available.

        LK
        • Interesting; I didn't realize they'd dropped that product. I didn't find a copy locally, but the original download is probably still on my girlfriend's laptop - although I'd have to check redistribution licensing.

          It's a shame; it makes it MUCH easier to do IPSec than the built-in XP VPN feature. (Their connector product looks comparable, but I really don't know anything about it.)
          • Re:By its nature... (Score:5, Informative)

            by Fweeky (41046) on Saturday November 06, 2004 @12:11AM (#10740251) Homepage
            Looked at OpenVPN [sourceforge.net]? Seems a lot easier to configure than a VPN.
            • Er, s/a VPN/IPSec/. *cough*
            • Re:By its nature... (Score:2, Interesting)

              by RandomJoe (814420)
              It is a WHOLE lot easier! Reading the discussions, I was wondering if anyone else had comments on it. I was originally trying to set up IPSec for home, but had the dual problem of figuring out how to get my work (Win2K) laptop using it (while not messing up the VPN client my company had set up), and just plain figuring IPSec out in the first place. What a mess... I could get there, but next time I needed to do it (very seldom) I was learning all over again. (Yeah, take notes, I'm bad about that...)

              I t
        • There are alternatives [openswan.org].
    • by slashdot.org (321932) on Friday November 05, 2004 @10:37PM (#10739983) Homepage Journal
      When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.

      I guess that's an understandable misconception about security. But security has by nature nothing to do with wireless or wired.

      Good security is based on the principle that other people WILL have access to your encrypted data.

      Unfortunately, the people that implemented security in the wireless protocols did a piss-poor job and left it vulnerable to (known!) attacks.

      However, if you just ran IPSec or something over your wireless connection, you'd be fine.
    • by Anonymous Coward
      Who modded this insightful? Of course proper security always assumes that everything you transmit is captured inbetween.

      Real security makes it really hard to use the captured data without the key, which should never be transmitted cleartext.
    • This will also help secure your network.

      How many home networks really need to allow random MAC addresses access?

      • by hsidhu (184286) on Friday November 05, 2004 @11:39PM (#10740162) Homepage
        ummmm how hard is it to sniff the traffic, and get the MAC addess that is allowed and then spoof it?
      • by zakezuke (229119) on Saturday November 06, 2004 @12:47AM (#10740361)
        How many home networks really need to allow random MAC addresses access?

        How many home users know what a MAC address is?

        • by Anonymous Coward
          How many home users know what a MAC address is?

          Let me guess...

          A: The street address of an Apple Macintosh?

          B: The serial number of an Apple Macintosh?
          C: Address of the closest MacDonald's?
          D: Something that can be changed under Network Device Settings?
      • by IHateSlashDot (823890) on Saturday November 06, 2004 @01:45AM (#10740501)
        You're kidding right? MAC filtering provides absolutely no added security. Once the encryption is broken, spoofing a MAC address is trivial.
        • You're kidding right? MAC filtering provides absolutely no added security. Once the encryption is broken, spoofing a MAC address is trivial.

          You're assuming your adversary is a determined attacker, not your neighbor who's too lazy/clueless to choose his access point in his laptop's configuration utility. MAC filtering works perfectly well in this case.
      • ...but I live out in the burbs.

        Point taken - I won't put anything important on my wireless access, but then again, I am about as likely to have someone out here care about spoofing me as I am to have some gang-bangers drive the 50 miles to my "hood" and rough me up.

        Computers are becoming more like regular life - assume someone will someday see what is on your computer, just like your are probably being watched by security/traffic cameras all the time.

        heh, "play nice", even when you think no one is wat

    • by KillerCow (213458)
      When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.

      Your wired network can't be too secure either. All that you need to do is attach a listening device to a wire somewhere. Or just compromise a machine.

      See the sibling post about how the basis of cryptography is asuming that someone has access to your encrypted data and the encryption algorithm. All security rests in the key. Crypt
      • by KillerCow (213458) on Friday November 05, 2004 @11:48PM (#10740187)
        As an aside to the above point, the original "WEP" stood for "Wired Equivalency Protocol." They chose that because it acknowledged that wires weren't inherently secure either. It's name didn't claim security at all... just that it was equivalent to a wire. The inside joke was that that didn't mean anything from a security standpoint either.
      • The big difference is current popular wireless networks are a lot easier to jam than current popular wired networks.

        And that's good enough reason to not use it for anything important.
  • Better colours (Score:3, Interesting)

    by Anonymous Coward on Friday November 05, 2004 @10:11PM (#10739862)
  • by IamGarageGuy 2 (687655) on Friday November 05, 2004 @10:13PM (#10739870) Journal
    The odds of Joe sixpack going the extra step of making a 20 character key is not good. WiFi setups are all the rage and now can all be broken into even after you spend an hour telling someone that they have to use WEP.
  • What's the big deal? Kismac has had this feature for a while. I hope i'm missing something.
  • by Anonymous Coward on Friday November 05, 2004 @10:16PM (#10739889)
    Leaving my WAP wide open all the time allows experienced crackers to access all the best pr0n sites with ease via my connection. All I then have to do is check the logs and Voila! There they are! Saves me looking for them and having to wade thru the pop-ups and bogus sites!
  • no good excuse (Score:3, Interesting)

    by Misanthropy (31291) on Friday November 05, 2004 @10:17PM (#10739896)
    there's not really any good excuse for a weak wpa key. My router will generate a random 128bit key.
    Kind of funny. I have our wireless router locked down with a 128bit key and only accepting connections from mine and my roommates' MAC addresses. But one of my neighbors has a wide open access point that I can connect to whenever I wan't.
    I don't really want to, but I could.

    No real point to this post except that you should attempt even minimal security (Unlike my neighbor).
    • by Anonymous Coward
      You should never access a neighbor's access point... ...except at night, to download porn, till dawn. Oh and with their permission.

      "Pardon me, mind if I use your wireless connection so I can download porn and masturbate all night long?"
  • by slashdot.org (321932) on Friday November 05, 2004 @10:18PM (#10739904) Homepage Journal
    I would have liked to see a tool that will verify if your chosen key is 'secure' or not.

    Would have made the crack software look a little less black-hat, to the uninitiated.

    Just an idea.
    • Just to clarify, before I'm getting wise-ass responses; I realize the crack software may be the ideal tool to confirm your key is A-OK. BUT, that software is not for the faint-of-heart.

      Getting raw packets etc, is not something everybody knows how to do, but it would be great if they could verify their key was fine.

      (and then that software could send the key back to the original web-site, so they can keep a list of fine keys that are now known, so they are not fine anymore. Yeah yeah, I know... ;-D)
  • don't blame WPA (Score:5, Insightful)

    by nbert (785663) on Friday November 05, 2004 @10:27PM (#10739942) Homepage Journal
    ...if your key is asdf - the attack is based on a dictionary. This weakness relies on human nature after all.

    Btw: The Tips and Tricks section of this newsletter [slashdot.org] is a good ressource if you want to create passes which are harder to guess.
    • Re:don't blame WPA (Score:3, Informative)

      by nbert (785663)
      arghh - let's blame my caffeine consumption...

      Here's the a correct link [gentoo.org]
    • ...if your key is asdf - the attack is based on a dictionary. This weakness relies on human nature after all. So, write a generator to make a random key so that it's not just ASDF...just make sure to memorize it...ya know, just in case... ...or, if you're like my not-so-bright friend, write it on a stickynote and leave it in a book labeled "passwords & stuff"...
      • If an attcker has physical access he's already won. Having your wireless password written down isn'y gonna make it easier for some kid looking for a free ride.
      • I like the semi-bright approach:

        My passes (coming from /dev/urandom) are stored in my encrypted home dir on my box. So if I need one of them 'on the road' I just ssh in and look it up (having putty on a stick helps a lot if you have to deal with Windows btw).

        IMO that's a convenient tradeoff between remembering them all (impossible) and having them on notes (insecure).
  • Ho hum (Score:3, Interesting)

    by Realistic_Dragon (655151) on Friday November 05, 2004 @10:33PM (#10739963) Homepage
    Guess it's not time to abandon treating all wireless hosts as bastions and using SSH to tunnel/authenticate just yet then.

    Treat wireless just like you do a student network and everything will be fine.
    • Re:Ho hum (Score:3, Informative)

      by Dr. Evil (3501)

      Note that WPA is just like WEP but with quickly rotating keys and more secure key exchange. Yeah, you can't crack it in real-time to get on the network... but if you listen to the vendors carefully, they'll even say it... "Authentication, Authorization.... " But never will they formally say "Secure encryption of data"

      You can decode everything but the key exchange off-line.

      VPN software is the only way to go. The wireless vendors are liars.

      Does anyone want to comment on WPA2? Does it require new har


  • D-Link's install software for the AirPlusXtremeG WiFi adapters generates a 60 digit random hexadecimal number for use as a pre-shared key.

    The Daily Mirror is one of the United Kingdom's largest newspapers. Here is their front page on the day after the election (PDF file): Daily Mirror Front Page: How could 59,054,087 people be so dumb? [icnetwork.co.uk].
  • Suggestion (Score:3, Interesting)

    by cuteseal (794590) on Friday November 05, 2004 @11:02PM (#10740064) Homepage
    From reading all the threads and flame wars going on here, it appears that WEP, WPA and even MAC address filtering is easy to crack, if someone was determined enough to do it.

    So, I know it's not foolproof, but does anyone have suggestions on how to increase wireless security?

    1. Regularly change WEP keys?
    2. Use a proxy server to access internet, and disable direct access via access point?
    3. Turn off router and computers when you're not using them?

    Any others?

    • The lesson learned here is to use multiple layer security. As I said in an earlier post, 1-layer security is always a bad idea. Use a good length WPA (or WEP) as well as Mac-Filtering. Encryption and Filtering both have their weaknesses but combined they are fairly effective.
    • Re:Suggestion (Score:3, Informative)

      by slashname3 (739398)
      The best thing you can do in addition to using WEP, changing keys, and locking down the MAC addresses allowed, is to use ssh or VPN software to encrypt your connections. If someone spends enough time to crack WEP and spoof a MAC address then the most they can get is access through your access point. They would have to break ssh or VPN to look at your data. Of course you would need to have tools in place to identify a man in the middle attack to prevent them from spoofing your connections.

      Of course if
    • Re:Suggestion (Score:5, Insightful)

      by igrp (732252) on Saturday November 06, 2004 @06:19AM (#10741041)
      From reading all the threads and flame wars going on here, it appears that WEP, WPA and even MAC address filtering is easy to crack, if someone was determined enough to do it.

      Well, there are different schools of thought when it comes to SoHo/low bandwidth WAN access security.

      You are attempting to lock your network down so that a potential attacker cannot use your connection. The other approach lock your network down just enough to make a cracker not want to bother and to move on to the next, easier target (ie. your neighbors' access points).

      The former approach generally works just fine if your goal is to deny a potential attacker access to your network bandwidth. It won't really stop a determined attacker who isn't just in it for a free-ride but who wants to steal specific data. If that's part of your threat model, chances are wireless isn't really for you. The downside is that this is pretty inconvenient. And since convenience is the big selling point when it comes to wireless networking, most people just won't take that route.

      Those people who have WEP and MAC address filtering enabled, basically want to protect themselves against random, unsophisticated wardriving. It won't help defend against a determined attacker and probably won't even scare off the teenager next door with too much time on his hands. The point isn't really to have good access security. It's just to raise the bar enough to be unatractive enough of a target. Think of it as a "I don't have to outrun the bear, I just have to outrun you" scenario.

    • WPA isn't easy to crack when you choose a good key. Just invent a passphrase like "My d0g!! has f6666%%&%__seas" and you're safe as houses.
    • So, I know it's not foolproof, but does anyone have suggestions on how to increase wireless security?

      My home firewall is an OpenBSD [openbsd.org] box that is my access point as well. I use IPSec [openbsd.org] to setup VPN [openbsd.org] to secure my wireless network. Only authenticated IPSec traffic is permitted, so all a war driver can do is to DoS my wireless network.

      If setting up IPSec is too much work, one can use OpenVPN [sourceforge.net] that has a Windows client as well.

      If you just want to prevent unauthorized usage of your wireless network, you can au

  • How about technologies of the future that you can just wait around for. I am sure in 5 years the hardware then will be able to crack stuff now in a matter of seconds. So why not record now... be patient(5 year wait).. and then crack.
  • by Anonymous Coward
    I know traffic has been declining to this site but please have a little dignity left. Posting cracks on slashdot? What next, hosting the latest music, movies and software. I would hope the moderators would do a better job sifting through stories. Lots of good stories are getting rejected while dupes and stuff like this gets posted all the time. It's just a shame to see this site suffering from the same problems big media conglomerates have.
  • Just because you have a wired connection, doesn't mean you can assume no one is snooping on the wire.

    Anything confidential needs to be encrypted with VPN, SSL, or something similar. Period.

    Sure you can turn WEP or WAP on...but don't stake all your data on it. Use what's tested and trusted by the rest.

    • Scary thought. I look around my little room and the LAN cable running along the wall. Wonder... "Could someone be tapping into my connection right under my nose?" If they were in my house, why not just take the computers.

      I'm just messing with you, I know you meant larger enviroments.
  • by porkUpine (623110) on Saturday November 06, 2004 @02:35AM (#10740600)
    Until people start securing their wireless networks with SOMETHING, wireless will always have a bad reputation. As nice as it would be, we aren't allowed to use wireless in office... period. BTW, I'm surfing /. from my neighbors unsecured WAP. *Sigh*
  • by rpp3po (641313) on Saturday November 06, 2004 @06:24AM (#10741046)
    It is easy to see, that the original poster of this story has no clue about encryption. There are several misconceptions in his posting:
    1. He writes: "WPA is the replacement for weak WEP keys in the original 802.11b specification". This is wrong. "weak key" ist a crypographic term for - wonder - weak keys, like 128 bit, consisting of 1's only (1111111111111...). For like 30 years, even WEP, has taken measures to prevent this kind of keys during use. WEP's problem in fact is the deterministic generation of IV's of the keystream, not weak keys.
    2. "Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits." That's also misunderstood. The PSK (pre shared key) even when not using 802.1X is always 256-bit. It's generated -from- a passphrase that you type in. A passphrase like "abc" e.g. contains less than 16 bits of security. So a WPA key generated from the passphrase "abc", although still being 256-bit, can be cracked within the time of a 16 bit brute force attack. This is done by simply generating WPA keys from all passphrases between "aaa" and "zzz". So you always use 256 bit keys (PSK's), but they can be generated from much smaller passphrases.
    3. "each user gets a long WPA key". See above. The keys are always the same size of 256 bit. When using 802.1X there is only maximum "randomness". That's the difference. It think the poster still thinks that WPA works like WEP where you actually use different key lengths.
    One could think that I'm very picky about his words. I think not. Especially in cryptography it is important to know exactly what part of a cryptographic chain you're talking about, when talking about weaknesses. TinyPEAP seems to be just a tool for people like the original poster and script kiddies, who are in fact NOT knowing what they are talking about. It's just a bruteforce tool to try out WPA passphrases. This is supposingly faster for people using short passphrases than bruteforcing keys directly.
    • by Anonymous Coward
      WEP has several problems. Deterministic IV generation is not one of them. To be precise, sequential IVs are preferable to random IVs because you can effectively avoid using the same IV twice. The IV is transmitted in the clear, so you don't need knowledge about IV generation to get the IV.

      WEPs main problem is that the space from which IVs can be chosen is much too small. That, combined with a user supplied key which is directly used for encryption instead of just securing the exchange of random keys, means
    • I'm the original poster. You're reading what I wrote with the lack of knowledge necessary to comment on it.

      1. All WEP keys are susceptible to nearly the same degree of being broken by collecting enough data passively. Thus, they are all weak. From a definition of weak keys at an online dictionary: "In the extreme, a poor cipher design is simply one with a very large number of weak keys."

      2. No, you're misreading this, too. Moskowitz (see his paper) is talking about the seed data, not the resulting way in w
  • WPA er Old News! (Score:3, Informative)

    by fogez (635305) on Saturday November 06, 2004 @09:52AM (#10741378)
    KisMAC has had this function for a long time. Someone used it at Hope 2004 to their wifi key. In addition, Josh Wright has had a working copy available for linux for some time. The LiveCD from Remote-exploit.org (Auditor) has included this tool for about a month now. This is not new...

How many QA engineers does it take to screw in a lightbulb? 3: 1 to screw it in and 2 to say "I told you so" when it doesn't work.

Working...