WPA Weak Key Cracker Posted

Glenn Fleishman writes "The folks at TinyPEAP released a cracking tool to break Wi-Fi Protected Access (WPA) keys. WPA is the replacement for weak WEP keys in the original 802.11b specification. Robert Moskowitz of ICSA Labs released a paper almost exactly a year ago documenting how WPA keys that were short and lacked randomnness could be subject to cracks. This tool automates the process. Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits. Some tools exist to produce better keys, including chipmaker Broadcom's SecureEZSetup (in selected hardware) and Buffalo Technologies' hardware-based AOSS for automatic key generation and propagation. Enterprise-based WPA with 802.1X doesn't have this weakness: each user gets a long WPA key that's randomly generated and uniquely assigned--and can be frequently changed during a session."

Better colours

[Anonymous Coward]

http://shit.slashdot.org/article.pl?sid=04/11/05/2 143226 [slashdot.org]

no good excuse

[Misanthropy]

there's not really any good excuse for a weak wpa key. My router will generate a random 128bit key.
Kind of funny. I have our wireless router locked down with a 128bit key and only accepting connections from mine and my roommates' MAC addresses. But one of my neighbors has a wide open access point that I can connect to whenever I wan't.
I don't really want to, but I could.

No real point to this post except that you should attempt even minimal security (Unlike my neighbor).

In addition to a cracker

[slashdot.org]

I would have liked to see a tool that will verify if your chosen key is 'secure' or not.

Would have made the crack software look a little less black-hat, to the uninitiated.

Just an idea.

Ho hum

[Realistic_Dragon]

Guess it's not time to abandon treating all wireless hosts as bastions and using SSH to tunnel/authenticate just yet then.

Treat wireless just like you do a student network and everything will be fine.

Re:By its nature...

[wcdw]

<snort> The FACTs are that when SP2 was installed, it altered the system configuration, and installed a perfectly useless product. (Actively dangerous, as noted by the bug which enables file/printer sharing across ALL connections if you have it on any!)

As for not knowing what happened, it took me about 10 seconds to solve the problem. And, in fact, DID require a reboot, but then again, that's Winblows.

As for lacking sufficient knowledge of firewalls, you're welcome to try and hack mine. It's been up for 7 years now without an intrusion. And not for trying, according to my logs.

Suggestion

[cuteseal]

From reading all the threads and flame wars going on here, it appears that WEP, WPA and even MAC address filtering is easy to crack, if someone was determined enough to do it.

So, I know it's not foolproof, but does anyone have suggestions on how to increase wireless security?

1. Regularly change WEP keys?
2. Use a proxy server to access internet, and disable direct access via access point?
3. Turn off router and computers when you're not using them?

Any others?

Re:Odds of implementation?

[fisgreen]

The odds of Joe sixpack going the extra step of making a 20 character key is not good. WiFi setups are all the rage and now can all be broken into even after you spend an hour telling someone that they have to use WEP.

Sadly, who needs to break into anything when so many leave their front doors wide open? I just moved into a new appartment complex. While waiting for my cable to get turned on, I thought I'd scan for networks, just for the hell of it. F'ing amazing: five APs detected, one WEP (not WAP) secured, four open. Of the open ones, three hadn't even changed the defaults.

Re:What are "short" WPA keys supposed to be?

[Anonymous Coward]

WEP has several problems. Deterministic IV generation is not one of them. To be precise, sequential IVs are preferable to random IVs because you can effectively avoid using the same IV twice. The IV is transmitted in the clear, so you don't need knowledge about IV generation to get the IV.

WEPs main problem is that the space from which IVs can be chosen is much too small. That, combined with a user supplied key which is directly used for encryption instead of just securing the exchange of random keys, means that you can't avoid reusing the same key. The RC4 algorithm used by WEP becomes vulnerable when the same key is used twice.

Due to the nonexistent defense against replay, attackers can create arbitrary amounts of traffic on encrypted networks. That means they can provoke IV reuse. Sequential IVs can be used to reject frames which are encrypted with IVs that the recipient has seen before, thereby foiling replay attacks.

Re:By its nature...

[RandomJoe]

It is a WHOLE lot easier! Reading the discussions, I was wondering if anyone else had comments on it. I was originally trying to set up IPSec for home, but had the dual problem of figuring out how to get my work (Win2K) laptop using it (while not messing up the VPN client my company had set up), and just plain figuring IPSec out in the first place. What a mess... I could get there, but next time I needed to do it (very seldom) I was learning all over again. (Yeah, take notes, I'm bad about that...)

I then tried OpenVPN, and without much difficulty at all have set up connections for both wireless access at home, and remote from work to the house, on both my Linux laptop and the work Win2K laptop. The connections on the work laptop were set up probably 2 months after the Linux one, and it only took me a few minutes to remember how to do it. (Using RSA keys, not preshared keys.)

I'm no security expert, so I have to rely on what is said on the OpenVPN site and elsewhere. Is this pretty trustworthy? I now have it setup so NOTHING happens over wireless unless you VPN somewhere. Either OpenVPN to my home network, or the work laptop can VPN (Cisco client) to the corporate office. Remote access is the same way, and limited to certain IPs that I'm likely to be at.

Having done this, I also don't bother with WEP/WPA, but do put the MACs in the AP. Yes, they can be spoofed, but then they hit a blank, unresponsive wall, except for the OpenVPN port. My firewall is not "standards compliant" - I just DROP undesired packets from WLAN or Inet. Fun to see those "test your IP" sites asking if I'm sure the computer is on! ;-)

Re:By its nature...

[wcdw]

All good points, from a security point of view. I should point out that I do stay current on security patches, including randomness issues, and that ALL of the connections in these networks involve at least one Linux box.

Regarding SSH over VPN, I don't do it for added security, and am familiar with at least some of the dangers multiple encryption layers can present. I do it because when the laptop is wireless, it CAN'T talk to anything without the VPN -- and there is no command line access to any of my boxes save SSH, even through the wired network.

And actually, the nature of the root post should make it clear that 'just because I use [WPA] I'm safe' is a fallacy. It's entirely possible to make SSH and/or IPSec relatively insecure.

For example, using a pre-shared key that is the name of your dog, and e-mailing it to the receipient on the other end, well...

But as far as making people aware, as far as I know, no one has even been able to get across the concept of strong passwords, never mind creating memorable ones that don't need to be written down anywhere.

It's unlikely that people are going to change, meaning that encryption needs to be make stronger IN SPITE OF the user. It wouldn't be that hard, for example, to add a routine to new WPA boxes that refused to accept weak passwords.

Re:By its nature...

[Anonymous Coward]

Apologies if this question has been discussed before, but how does someone set this up (IPSec over wireless) from the wireless card to the router? I have a Win2000 box so I can't use WPA (without paying money I mean).

Re:By its nature...

[SillyNickName4me]

> On Linux, that's wrong. /dev/urandom returns very high quality pseudo-random at _worst_. /dev/random never resorts to mere pseudo randomness, and read(2)s on it block until the kernel has accumulated enough entropy in its pool. (yes, Linux maintains an entropy pool which it seeds from random events so there is some true randomness waiting for programs like gnupg or statistical simulations that need it.)

Blahblahblah.

1. the point of my post was to point out that you should verify that your random generator has a good enough entropy source, and if you had bothered to read my post a bit more carefully, you would have seen that I am aware of the fact that Linux does a decent job at this.

2. You ensure randomness in the entropy pool, and thereby in the state of the random generator. The generator itself however is still pseudo random.

3. Sorry if I sound annoyed here, but what was the point of your post other then trying to push a specific system?