WEP And PPTP Password Crackers Released 244
Jacco de Leeuw writes "SecurityFocus published an article by Michael Ossmann that discusses the new generation of WEP cracking tools for 802.11 wireless networks. These are much faster as they perform passive statistical analysis. In many cases, a WEP key can be determined in minutes or even seconds. For those who have switched to PPTP for securing their wireless nets: Joshua Wright released a new version of his Cisco LEAP cracker called Asleap which can now also recover weak PPTP passwords. Both LEAP and PPTP employ MS-CHAPv2 authentication." Update: 12/22 00:14 GMT by T : Michael Ossmann wrote to point out his last name has two Ns, rather than one.
Now who can we blame for downloading GB of stuff? (Score:2, Interesting)
Can we be blamed if the tenant runs a pot-growing facility in our basement? Is it the same?
Feasibility of dictionary attacks no protocol flaw (Score:3, Interesting)
End-to-End Security (Score:4, Interesting)
It's far better not to rely on wireless link encryption and encrypt your application-level protocols instead. SSL for web browsing, PGP or S/MIME for e-mail, ssh for login. Far better algorithms, far better key management.
Easier for travelers (Score:5, Interesting)
Seriously though, Wi/Fi has to be treated like an unsecure public network, and anyone wants to restrict access they should use a more secure protocol like IPSec in host-to-host mode. Do not count on Wi/Fi manufactures to protect you, for some reason they just simply refuse to provide secure products.
Security is an illusion ... (Score:5, Interesting)
Any encryption can be broken - given enough resources ... The trick is to make it so difficult that nobody finds out unless they are prepared to invest more than what you did (time, computing power, money, technology).
Interestingly in India, according to Department of Telecom [64.233.167.104] website - security means something differentRe:Feasibility of dictionary attacks no protocol f (Score:5, Interesting)
First, you will note that the attack on WEP (but not on PPTP) is not a dictionary attack and works with a computer-generated random 64- or 128-bit key. This is a protocol weakness.
Second, a good protocol does protect passwords. Either it establishes an encrypted session with the server, like SSH or SSL does, or it uses a secure password protocol like SRP. SRP in particular has the following properties:
1) The protocol is entirely public, and open-source implementations are available.
2) An eavesdropper on the wire does not get a dictionary attack on the password; without breaking the crypto behind the protocol, which nobody has been able to do yet, he gets no information. Of course, he can still do an online attack, but the server should prevent that.
3) Someone impersonating the server also does not get a dictionary attack on the password, even though the client does not need to memorize a key hash.
4) Someone who compromises the server database does get a dictionary attack on the password (this is inevitable), but they don't get the password for free. Furthermore, the password is salted, so they have some work to do.
Re:So how can I secure my connection? (Score:2, Interesting)
People still use WEP? (Score:3, Interesting)
Who still uses WEP? The weeknesses in WEP have been known for some time, and there have been more than a few working crackers in the wild for quite a while now.
WPA [tomsnetworking.com] is the money. It's far more secure than WEP in that it has key rotation, and some of the snazzier base stations already support AES as the cryptographic algorithm. Most older stations with dilligent vendors will at least support WPA with TKIP (RC4 with rotating keys), since it's a trivial addition from a compute-intensiveness point of view.
That said, if you do insist on sticking with WEP (some people prefer classic cars to modern ones as well, I guess), or even less (ie, run an open base station) at least ensure that your access point is configured to only allow your specific MAC (as well as those you trust) to peer with it. This will at least keep the bandwidth sucklers off your back.
Unless, of course, being suckled upon is what you like. At that point, do what you want. I'm Canadian, so my personal bandwidth is everyones bandwidth.
Ahhh... socialism. :)
As for PPTP, switch to using KAME, FreeS/WAN or your IPSec implementation of choice. You can, of course, even use IPSec to do transport level encryption for your wireless connection if your base station doesn't support WPA, though you would need additional boxen to do this, of course.
Both of these (WPA and IPSec) provide the same functionality as what they replace (WEP and PPTP) with additional security benefits. We moved to WPA for our corporate access points over a year ago and have been running a 100% IPSec (SonicWall, specifically [sonicwall.com]) VPN for just as long. They're functional, production tested and very secure.
Don't wait. Do it now.
Can something be done sort of like freenet? (Score:3, Interesting)
So, for each client there are four keys. One to encrypt information sent from client to server (residing only on client), one to decrypt this information (residing only on server), one to encrypt information sent from server to client (only on server), one to decrypt information sent from client to server (only on client). Plus the server has its own internal key so that even if the encryption for two clients between two computers is identical, the decryption is different. Same for the client. Ok ok- 6 keys.
Ignoring the complication, overhead, and excess noise produced by this, wouldn't it be better than say... WEP?
IPsec is great (Score:3, Interesting)
Re:Now who can we blame for downloading GB of stuf (Score:4, Interesting)
Welcome to post 911 America