WPA Weak Key Cracker Posted 168
Glenn Fleishman writes "The folks at TinyPEAP released a cracking tool to break Wi-Fi Protected Access (WPA) keys. WPA is the replacement for weak WEP keys in the original 802.11b specification. Robert Moskowitz of ICSA Labs released a paper almost exactly a year ago documenting how WPA keys that were short and lacked randomnness could be subject to cracks. This tool automates the process. Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits. Some tools exist to produce better keys, including chipmaker Broadcom's SecureEZSetup (in selected hardware) and Buffalo Technologies' hardware-based AOSS for automatic key generation and propagation. Enterprise-based WPA with 802.1X doesn't have this weakness: each user gets a long WPA key that's randomly generated and uniquely assigned--and can be frequently changed during a session."
By its nature... (Score:2, Insightful)
Odds of implementation? (Score:4, Insightful)
Re:What Morons (Score:5, Insightful)
Re:By its nature... (Score:2, Insightful)
Re:What Morons (Score:3, Insightful)
Re:By its nature... (Score:5, Insightful)
When it becomes possible to conveniently crack SSH tunnels, I'll start to worry. By then, I'm sure there will be something better available. Meanwhile, you can sniff those ESP packets to your heart's content.
This is trivial under Linux, and not much more difficult under Winblows (clients), and I'm surprised more people don't suggest it as an alternative to WEP/WPA.
(My girlfriend uses Winblows w/ SSH Sentinel, and has only had one problem that rebooting wouldn't fix - in over 3 years. That one? Installing XP / SP2 turns on the [useless] firewall, which blocks the ports needed by the VPN.)
http://www.theboyz.biz/ [theboyz.biz]Computers, parts, electronics, small appliances and more!
don't blame WPA (Score:5, Insightful)
Btw: The Tips and Tricks section of this newsletter [slashdot.org] is a good ressource if you want to create passes which are harder to guess.
Re:By its nature... (Score:5, Insightful)
I guess that's an understandable misconception about security. But security has by nature nothing to do with wireless or wired.
Good security is based on the principle that other people WILL have access to your encrypted data.
Unfortunately, the people that implemented security in the wireless protocols did a piss-poor job and left it vulnerable to (known!) attacks.
However, if you just ran IPSec or something over your wireless connection, you'd be fine.
Comment removed (Score:2, Insightful)
Re:By its nature... (Score:1, Insightful)
Installing XP / SP2 turns on the [useless] firewall, which blocks the ports needed by the VPN.)
That's what firewalls do...they block ports. Be they SP2 or some other variation this has nothing to do with the design of Microsoft's firewall and everything to do with the concept of firewalls.
But since you've called Windows "Winblows" and labelled te firewall useless it's obvious you're lacking sufficient knowledge to know why the problem occured.
Re:By its nature... (Score:1, Insightful)
Real security makes it really hard to use the captured data without the key, which should never be transmitted cleartext.
Re:By its nature... (Score:3, Insightful)
Your wired network can't be too secure either. All that you need to do is attach a listening device to a wire somewhere. Or just compromise a machine.
See the sibling post about how the basis of cryptography is asuming that someone has access to your encrypted data and the encryption algorithm. All security rests in the key. Cryptographic algorithms exist that can make it infeasable to decrypt a block of cyphertext without the key.
Re:Just name all your specific MAC addresses (Score:5, Insightful)
Asside: WEP = Wired Equivalency Protocol (Score:5, Insightful)
Re:Just name all your specific MAC addresses (Score:5, Insightful)
How many home users know what a MAC address is?
Re:Just name all your specific MAC addresses (Score:5, Insightful)
Re:Suggestion (Score:5, Insightful)
Well, there are different schools of thought when it comes to SoHo/low bandwidth WAN access security.
You are attempting to lock your network down so that a potential attacker cannot use your connection. The other approach lock your network down just enough to make a cracker not want to bother and to move on to the next, easier target (ie. your neighbors' access points).
The former approach generally works just fine if your goal is to deny a potential attacker access to your network bandwidth. It won't really stop a determined attacker who isn't just in it for a free-ride but who wants to steal specific data. If that's part of your threat model, chances are wireless isn't really for you. The downside is that this is pretty inconvenient. And since convenience is the big selling point when it comes to wireless networking, most people just won't take that route.
Those people who have WEP and MAC address filtering enabled, basically want to protect themselves against random, unsophisticated wardriving. It won't help defend against a determined attacker and probably won't even scare off the teenager next door with too much time on his hands. The point isn't really to have good access security. It's just to raise the bar enough to be unatractive enough of a target. Think of it as a "I don't have to outrun the bear, I just have to outrun you" scenario.
What are "short" WPA keys supposed to be? (Score:5, Insightful)
- He writes: "WPA is the replacement for weak WEP keys in the original 802.11b specification". This is wrong. "weak key" ist a crypographic term for - wonder - weak keys, like 128 bit, consisting of 1's only (1111111111111...). For like 30 years, even WEP, has taken measures to prevent this kind of keys during use. WEP's problem in fact is the deterministic generation of IV's of the keystream, not weak keys.
-
"Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits." That's also misunderstood. The PSK (pre shared key) even when not using 802.1X is always 256-bit. It's generated -from- a passphrase that you type in. A passphrase like "abc" e.g. contains less than 16 bits of security. So a WPA key generated from the passphrase "abc", although still being 256-bit, can be cracked within the time of a 16 bit brute force attack. This is done by simply generating WPA keys from all passphrases between "aaa" and "zzz". So you always use 256 bit keys (PSK's), but they can be generated from much smaller passphrases.
- "each user gets a long WPA key". See above. The keys are always the same size of 256 bit. When using 802.1X there is only maximum "randomness". That's the difference. It think the poster still thinks that WPA works like WEP where you actually use different key lengths.
One could think that I'm very picky about his words. I think not. Especially in cryptography it is important to know exactly what part of a cryptographic chain you're talking about, when talking about weaknesses. TinyPEAP seems to be just a tool for people like the original poster and script kiddies, who are in fact NOT knowing what they are talking about. It's just a bruteforce tool to try out WPA passphrases. This is supposingly faster for people using short passphrases than bruteforcing keys directly.Re:By its nature... (Score:1, Insightful)
- TEMPEST attacks (measuring the electromagnetic field around the wires to find out what information is going trhough)
- unprotected switches allowing an external laptop to plug into the company network (and to arp-spoof you)
To be secure, you sometimes have to be paranoied... for instance, I take for granted that all the packets on my network can be seen, either by a war-driver or by someone using the wired network.
The only response is: encryption.
You want to secure the trafic between your wireless laptops and your servers? Use IPSEC! Better yet, L2TP/IPSEC (compatible with the MS VPN client).
You want to provide secure services? Force the use of HTTPS (when relevant) and POPS/IMAPS. Use the SASL/TLS capabilities of your MTA (who said postfix?).
And always remember: the level of security for a network shall always be directly linked with the sensitivity of the data going trough.
Re:By its nature... (Score:3, Insightful)
Plus how good is your OS at getting entropy? What symmetric encryption algorithm? What key exchange algorithm?
And about ssh over vpn... a friend (known player @ crypto) told me once that you should never assume that re-encrypting would improve security, unless you are using a well known and tested method of mixing both encryption systems.
Intention of this post is not bitching, but to try to make ppl aware it's not just "i use XXX, so im safe", but a very complex subject.
Re:What are "short" WPA keys supposed to be? (Score:3, Insightful)
1. All WEP keys are susceptible to nearly the same degree of being broken by collecting enough data passively. Thus, they are all weak. From a definition of weak keys at an online dictionary: "In the extreme, a poor cipher design is simply one with a very large number of weak keys."
2. No, you're misreading this, too. Moskowitz (see his paper) is talking about the seed data, not the resulting way in which it's represented. The lack of randomness in seed data is the problem. So if you take 16 bits of data and turn them into a hex WPA key, it doesn't matter whether it's represented as 256 bits. The whole problem is the algorithm by which it's processed. You need to start with at least 128 bits of data (into hex) that are non-dictionary, non-weak. (In this sense, weak is much more limited.)
3. Sigh. Each user gets a key that has a full 256 bits of randomness.
You are being picky about your words incorrectly.