WPA Weak Key Cracker Posted 168
Glenn Fleishman writes "The folks at TinyPEAP released a cracking tool to break Wi-Fi Protected Access (WPA) keys. WPA is the replacement for weak WEP keys in the original 802.11b specification. Robert Moskowitz of ICSA Labs released a paper almost exactly a year ago documenting how WPA keys that were short and lacked randomnness could be subject to cracks. This tool automates the process. Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits. Some tools exist to produce better keys, including chipmaker Broadcom's SecureEZSetup (in selected hardware) and Buffalo Technologies' hardware-based AOSS for automatic key generation and propagation. Enterprise-based WPA with 802.1X doesn't have this weakness: each user gets a long WPA key that's randomly generated and uniquely assigned--and can be frequently changed during a session."
Better colours (Score:3, Interesting)
no good excuse (Score:3, Interesting)
Kind of funny. I have our wireless router locked down with a 128bit key and only accepting connections from mine and my roommates' MAC addresses. But one of my neighbors has a wide open access point that I can connect to whenever I wan't.
I don't really want to, but I could.
No real point to this post except that you should attempt even minimal security (Unlike my neighbor).
In addition to a cracker (Score:5, Interesting)
Would have made the crack software look a little less black-hat, to the uninitiated.
Just an idea.
Ho hum (Score:3, Interesting)
Treat wireless just like you do a student network and everything will be fine.
Re:By its nature... (Score:3, Interesting)
As for not knowing what happened, it took me about 10 seconds to solve the problem. And, in fact, DID require a reboot, but then again, that's Winblows.
As for lacking sufficient knowledge of firewalls, you're welcome to try and hack mine. It's been up for 7 years now without an intrusion. And not for trying, according to my logs.
Suggestion (Score:3, Interesting)
So, I know it's not foolproof, but does anyone have suggestions on how to increase wireless security?
1. Regularly change WEP keys?
2. Use a proxy server to access internet, and disable direct access via access point?
3. Turn off router and computers when you're not using them?
Any others?
Re:Odds of implementation? (Score:3, Interesting)
Sadly, who needs to break into anything when so many leave their front doors wide open? I just moved into a new appartment complex. While waiting for my cable to get turned on, I thought I'd scan for networks, just for the hell of it. F'ing amazing: five APs detected, one WEP (not WAP) secured, four open. Of the open ones, three hadn't even changed the defaults.
Re:What are "short" WPA keys supposed to be? (Score:2, Interesting)
WEPs main problem is that the space from which IVs can be chosen is much too small. That, combined with a user supplied key which is directly used for encryption instead of just securing the exchange of random keys, means that you can't avoid reusing the same key. The RC4 algorithm used by WEP becomes vulnerable when the same key is used twice.
Due to the nonexistent defense against replay, attackers can create arbitrary amounts of traffic on encrypted networks. That means they can provoke IV reuse. Sequential IVs can be used to reject frames which are encrypted with IVs that the recipient has seen before, thereby foiling replay attacks.
Re:By its nature... (Score:2, Interesting)
I then tried OpenVPN, and without much difficulty at all have set up connections for both wireless access at home, and remote from work to the house, on both my Linux laptop and the work Win2K laptop. The connections on the work laptop were set up probably 2 months after the Linux one, and it only took me a few minutes to remember how to do it. (Using RSA keys, not preshared keys.)
I'm no security expert, so I have to rely on what is said on the OpenVPN site and elsewhere. Is this pretty trustworthy? I now have it setup so NOTHING happens over wireless unless you VPN somewhere. Either OpenVPN to my home network, or the work laptop can VPN (Cisco client) to the corporate office. Remote access is the same way, and limited to certain IPs that I'm likely to be at.
Having done this, I also don't bother with WEP/WPA, but do put the MACs in the AP. Yes, they can be spoofed, but then they hit a blank, unresponsive wall, except for the OpenVPN port. My firewall is not "standards compliant" - I just DROP undesired packets from WLAN or Inet. Fun to see those "test your IP" sites asking if I'm sure the computer is on!
Re:By its nature... (Score:3, Interesting)
Regarding SSH over VPN, I don't do it for added security, and am familiar with at least some of the dangers multiple encryption layers can present. I do it because when the laptop is wireless, it CAN'T talk to anything without the VPN -- and there is no command line access to any of my boxes save SSH, even through the wired network.
And actually, the nature of the root post should make it clear that 'just because I use [WPA] I'm safe' is a fallacy. It's entirely possible to make SSH and/or IPSec relatively insecure.
For example, using a pre-shared key that is the name of your dog, and e-mailing it to the receipient on the other end, well...
But as far as making people aware, as far as I know, no one has even been able to get across the concept of strong passwords, never mind creating memorable ones that don't need to be written down anywhere.
It's unlikely that people are going to change, meaning that encryption needs to be make stronger IN SPITE OF the user. It wouldn't be that hard, for example, to add a routine to new WPA boxes that refused to accept weak passwords.
Re:By its nature... (Score:1, Interesting)
Re:By its nature... (Score:2, Interesting)
Blahblahblah.
1. the point of my post was to point out that you should verify that your random generator has a good enough entropy source, and if you had bothered to read my post a bit more carefully, you would have seen that I am aware of the fact that Linux does a decent job at this.
2. You ensure randomness in the entropy pool, and thereby in the state of the random generator. The generator itself however is still pseudo random.
3. Sorry if I sound annoyed here, but what was the point of your post other then trying to push a specific system?