New Wireless Security Standard Has Old Problem? 249
eggboard writes "Wireless security expert Robert Moskowitz, who sits on IEEE and IETF committees on that subject, sent me a short paper on a glaring weakness in the Wi-Fi Protected Access (WPA) protocol that's replacing the weak and broken WEP system well discussed here at Slashdot. His paper, which I've posted here, proves definitively that while WPA itself remains robust and secure, the interface for choosing consumer passwords makes it simple to snarf a tiny bit of network traffic and perform an offline dictionary attack. For Slashdot readers, this probably seems trivial, but because Linksys, Apple, and others are letting users enter My Dog Has Fleas as their passphrase, WPA might be less secure for home users than WEP."
Oh, thanks. (Score:5, Funny)
Man, now I have to change it.
Re:Oh, thanks. (Score:3, Funny)
Two! (two)
Three! (three)
Four! (four)
Five! (five)
That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage.
Re:Oh, thanks. (Score:2)
"Now I Have Fleas" dohh! sorry if I gave out your new password....
My Dog Has Fleas? (Score:5, Interesting)
My Dog Has Fleas is a positively fantasic password compared to the usual choice of a middle name, spouse's name, child's name or birthdate.
Or, of course, the infamous "password."
Re:My Dog Has Fleas? (Score:5, Funny)
Re:My Dog Has Fleas? (Score:2, Funny)
What is this infamous "password?"
Everyone's always talking about it, but noone will ever tell me!
Re:My Dog Has Fleas? (Score:3, Funny)
Re:My Dog Has Fleas? (Score:2)
A study a year or so back indicated that the most popular choice for a password is, in fact, the word password.
Hey, wat'sa matter? You no understand English? (Score:2)
one for the crypto/math freaks (Score:3, Interesting)
so, if your 128 bit or 256 bit or bit security system is ultimately based from a human-rememberable (and thu
Re:one for the crypto/math freaks (Score:2)
Re:one for the crypto/math freaks (Score:3, Informative)
Re:one for the crypto/math freaks (Score:3, Insightful)
We do that in corporations where we are forced to change the password every 3-6 months, but we gripe about it and avoid doing it elsewhere. How many of us really take that extra measure of security. Remember, security is a process, not a destination.
Re:one for the crypto/math freaks (Score:4, Interesting)
Your chance of winning the lottery is exactly the same if they change the winning numbers, or if they don't change them.
Making users change passwords does the following:
1) Annoys the users.
2) Users are likely to pick easy passwords to remember, rather than memorizing a really good password just once. Or worse, they will write the password down.
3) Does all that for no increase in security. Yay!
Re:My Dog Has Fleas? (Score:4, Interesting)
It refused to let me use a password longer than 8 characters.
I am talking about a release of IRIX that was pressed to CD in the year 2002.
Re:My Dog Has Fleas? (Score:3, Interesting)
Similiar problem with a Windows 2000 server using Services for Macintosh. Microsoft uses an old authentication model which doesn't support long passwords... unless you install Microsoft's client-side authentication model, which is too buggy to use (i.e. authentication windows pop up BELOW everything else).
Re:My Dog Has Fleas? (Score:3, Interesting)
Tell me about it. I practically orgasmed... (Score:3, Interesting)
And in typical Sun style, they created a new plugin architecture to support it. There are all of two useful plugins (the standard crypt is built into libc)...
Re:My Dog Has Fleas? (Score:5, Funny)
Well, not really.
Using your child's name for a password is a million times more secure then posting it on Slashdot
And with the Slasdot crowd, maybe someone really does have a kid named "j3Nn!f3r". What could be more secure then that? It's so secure that those poor kindergarteners can't even pronounce it!!!
how about my password? (Score:3, Funny)
Re:My Dog Has Fleas? (Score:4, Funny)
Re:My Dog Has Fleas? (Score:5, Funny)
He laughed and said, "Yeah, but who would think that the administrator account wouldn't have a password?"
I gave up and said no more.
Re:My Dog Has Fleas? (Score:2)
Maybe it sets off alarm bells if you type it in wrong the first time...
-a
Re:My Dog Has Fleas? (Score:2)
Re:My Dog Has Fleas? (Score:2)
You've reached new heights (or lows?) of laziness. :)
Some security is better than no security (Score:5, Insightful)
This isn't some simple passthrough that can be gotten through by knowing a couple backdoor passwords, it's a real live algorithm.
But in the end, it's up to the user to enter a password and as long as humans remain humans easy to remember passwords will always be chosen over #HrS2sWmNw/()LggDwMn.
passphrases kick password ass (Score:2)
is easier to crack than
"I bought 2 bags of frozen peas at the store"
which is much easier to remember
Re:passphrases kick password ass (Score:3, Insightful)
but your 20 character password has a huge entropy. you have 26 lowercase letters, 26 uppercase letters, 10 numbers and about 10 punctuation marks. that's 66 possibilities per charact
Cryptography is not for the math-impared (Score:2, Informative)
assuming there are about 10K words in common vocabulary, and you use 10 words, that's about 10,000^10. pretty large, but only about 23 bits.
10,000^10 ~ (2^13.3)^10 = 2^133 = 133 bits of encryption.
but your 20 character password has a huge entropy. you have 26 lowercase letters, 26 uppercase letters, 10 numbers and about 10 punctuation marks. that's 66 possibilities per character. now 72^20 is a lot. that's about 26 bits.
66 possibilities * 20 chars ~ (2^6)^20 = 2^1
Re:Cryptography is not for the math-impared (Score:4, Informative)
Re:Some security is better than no security (Score:3, Interesting)
(1) From running dictionary attacks against three sets of passwords.
Computer science students: 75%
Public forum #1: 65%
Public forum #2: 75%
Re:Some security is better than no security (Score:3, Insightful)
Occasionally in the lose college environment like that, you find students leaving text files on other people harddrives, things like "Hey I like your MP3s, where do you live? I'm in Kenmore 402!", because they find shares but have no knowledge of the owner.
PS. What I don't believe is the number of administrators at your scho
At least use WEP! (Score:5, Insightful)
I recently took my laptop on a trip across Toronto and in a couple of hours spotted around 60 wireless networks. Around 80% had NO encryption enabled at all. And yes, the most common SSIDs are 'default' and 'linksys'.
So make a system more complex and people won't use it - which defeats the whole object of it.
Jolyon
Re:At least use WEP! (Score:3, Insightful)
How many of those were open intentionally? Probably quite a few. I don't leave the default SSID on, just so they can get an idea where they are connecting to, but I leave my access point open. It's on a different network segment, and I figure if someone has an 802.11 card I'll help out wi
open waps... (Score:2)
Seriously though, is there any reprecussion if some stranger comes up, enters your WAP, and downloads kiddie porn or *gasp* illegal mp3's?
-Eyston
Re:open waps... (Score:2)
Re:open waps... (Score:3, Interesting)
Wait a minute. Person A has an open WAP. Person B downloads kiddie porn using person A's WAP. Assuming person A doesn't have a caching web proxy how does person A posess anything that person B downloaded? It isn't on his WAP (granted it was in his WAP's RAM for a few milliseconds), it isn't on his laptops, it isn't on his desktops, it isn't printed out in his house, it isn't hiding in his car.
Wouldn't that be like charging person A for kidnapping if person B drove a
Re:open waps... (Score:3, Interesting)
Jolyon
Re:At least use WEP! (Score:3, Insightful)
A classic case of altruism meets real-world. Contributing your bandwidth is all fine and dandy until some jerk uses it to send bomb threats to the president. Or send all kinds of incriminating pseudo-spam that makes you look very bad.
Perhaps a picture of some guy's backside [goatse.cx] with the w
Re:At least use WEP! (Score:3, Insightful)
First, it's not anything related to nerdfarm. Second, what makes you think I don't have any security in place on top of that? Such as filtering port 25, and only allowing ssh and http, https?
It's not altruism, it's just not being a dick.
Re:At least use WEP! (Score:2)
Re:At least use WEP! (Score:3, Interesting)
Re:At least use WEP! (Score:5, Informative)
Instead, we've segregated all of the WAPs onto a dead-end network where the users have to VPN into our LAN through a border server. (Basically treating them as if they were outside the office and coming in from an external ISP.)
Works pretty well, other then having to remember to VPN into the network. The traffic ends up encrypted (inside of the VPN tunnel), so it's not possible to sniff passwords.
Re:At least use WEP! (Score:2, Insightful)
Re:At least use WEP! (Score:2, Interesting)
Most people who are just out casually wardriving are going to drive right by a locked network and hit one of the other 15 that are open.
And if your firmware allows it...
Re:At least use WEP! (Score:3, Interesting)
That's not really great advice. If you can use WPA w/EAPOL, then use WPA w/EAPOL. If you can't be bothered to run an authorization server (or you don't know what that is), then use WPA w/PSK (pre-shared key).
Robert Moskowitz is telling us that securing a network with a poorly-chosen shared secret is a bad idea, because dictionary attacks are easy to mount. If your WEP key is an ASCII string of characters spelling out the word "PEANUT" then you're just as vulnerable (if not more) than
There will always be stupid users... (Score:4, Insightful)
Re:There will always be stupid users... (Score:2)
Big deal (Score:5, Informative)
Only long passwords and encouraging the users to use good quality passwords/phrases really helps.
Ultimately though, these passphrases are flawed anyway- they are a form of shared password. History has shown this to be a thoroughly bad idea, one passphrase per user/machine is a far better idea; and even the user shouldn't know what it is (that way it can't get beaten out of them- black cosh crytography works pretty darn well.) These standards organisations aren't even trying.
Re:Big deal (Score:3, Insightful)
Improvement over WEP?! (Score:4, Insightful)
Which method is harder to crack? I'd take WEP. Simply because its takes longer to collect the necessary packets; especially on a smaller network. On a larger network it may work out to be better from a security standpoint for the cracker to start a brute force attack on the packet on a spare computer and let it sit for a few days instead of having him hide a pocket PC with a wifi card in range of the AP for a few days.
Re:Improvement over WEP?! (Score:2)
If I understand correctly, WEP is vulnerable to this as well. You can capture one packet, decode it against a given passphrase, and then see if the IP header on the decoded packet has a correct checksum. Rinse, lather, repeat.
Lets just say that it takes a lot less time to find a set of weak ISV values.
YLFIRe:Improvement over WEP?! (Score:2)
Thats my experience anyways. If its a corporate wide network perhaps it could be owned far more easily by cracking WEP.
Re:Improvement over WEP?! (Score:2)
Heh, my experimental data might be hobbled by the fact that I wrote the cracker in Python while sitting utterly sleep deprived in a starbucks ;-)
LearnToSpells link looks interesting - will have to check it out!
YLFIWEP newbie question - how bad is it? (Score:3, Interesting)
I did some reading on WEP and it sounds pretty frightening. Today I'm going over to set up the same kit for a friend who's NOT a slashdot type. I'm pretty-well used to data protection issues, and I take reasonable precautions and would also not freak out if something Bad happened. But I'm wondering what I should tell my non-techie friend.
Practically speaking, just how vulnerable is WEP? If my friend has a good non-dictionary password and uses "256 bit" encryption, is he reasonably safe from casual hijacking?
That's certainly what the manufacturers would have us believe, and the low prices and ubiquitous Starbucks access points seem to be causing a lot of folks to adopt wireless, at least out here in silicon valley.
Having read up on the security problems, I'm now hoping some of you can provide or point to real-world scenarios.
Hope this isn't too off-topic...
Re:WEP newbie question - how bad is it? (Score:2)
He's save for about 6 million packets worth of traffic - a few hours. After that any kid with a laptop, a wireless card, and wepcrack 0wnz0rs his 455.
paper here [rice.edu]
Re:WEP newbie question - how bad is it? (Score:3, Informative)
And yes, this is from experience. I will neither confirm nor deny that I was given permission to try this...
Re:WEP newbie question - how bad is it? (Score:5, Informative)
Ars Technica has a good summary of what you can do with SSID's and WEP to improve your wireless network's security:-
Security Practicum: Essential Home Wireless Security Practices [arstechnica.com]Re: (Score:2)
Re: (Score:2)
Re:WEP newbie question - how bad is it? (Score:2)
It's wide open, but firewalled off all by it's lonesome. No bother even doing WEP, IMHO.
'Course, I'm way paranoid.
I'm still waiting for a serious scientific review of WPA, though this actually makes me feel a bit better. It just means I'll share keys via disk or something that will hold a 256 byte mostly random key.
Cheers,
Greg
Re:WEP newbie question - how bad is it? (Score:2)
Re: (Score:2)
Re:WEP newbie question - how bad is it? (Score:2)
Lots of people can bounce onto the LAN and check it out, but there's nothing much there - nothing to ping, etc. Worked well so far (and I make sure to keep SSL/SSH up to date).
Re: (Score:2)
Re:WEP newbie question - how bad is it? (Score:2, Insightful)
It's next to useless. It doesn't hurt, but it doesn't help. If somebody's cracking your WEP key, MAC addressing isn't even going to slow them down.
And if they are stupid enough to hijack your MAC while you are using it (and to figure out the MAC they'd first have to break the WEP),
Not true. You can get the client MACs within seconds, without cracking anything.
you'd know pretty quickly that something was going on.
How?
Re:WEP newbie question - how bad is it? (Score:4, Informative)
Just enable the WEP, use secure applications for sensitive data, and quit worrying about it.
Re:WEP newbie question - how bad is it? (Score:2)
WEP hacks is even worse. Those that use WEP probably couldn't tell if they were hacked if BO was loaded on their machine, much less packet monitor and notice there was a new station on the network.
WEP may not get hacked often, but frankly, I like deterministic approaches, rather than "no one will hack me, it's just too much work."
I want to know, if I do things right, it's nearly impossible to hack me unless you're the NSA or
Re:WEP newbie question - how bad is it? (Score:3, Informative)
Now, if a bank or hospital was going to ins
Hey (Score:2)
My Dog Has Fleas (Score:2, Interesting)
it's l-i-n-k-s-y-s
my router has a SSID
it's l-i-n-k-s-y-s
RE: password security -- what about the old technique of using an acronym for something that wouldn't be hit by a dictionary attack? Um, like:
My Dog Has Fleas And Your Mom Does Too would create a password of "mdhfaymdt" ? Secure enough...and probably not in someone's best interest to share with anyone else.
Re:My Dog Has Fleas (Score:5, Informative)
The only pratical way to find that password is through brute force. In this scenario, the longer the password and more possible different characters (ie lowercase and uppercase, and spaces) makes it more difficult. Thus, 'My Dog has Fleas' would be more secure than 'mdhfaymdt' against a brute force attack. The latter could be broken in a matter of hours through brute force.
This is *Supposed* to be hard (Score:5, Informative)
Thus when you perform your offline dictionary attack, for each lookup in the dictionary, you must perform 4096 HMAC_SHA1s and this might take some time if you are looking up a large number of dictionary entries.
The basic conflict is the wide disparity between the power of processors in low end 802.11 transceivers and high end computers. The time to compute the 4096 HMAC-SHA1s is significant on say a slow ARM7TDMI and the 4096 value is a compromise to limit the delay in computing this. This delay affects the time from pressing return on the keyboard, to the time the PTK can be known and communications can begin.
However the attacker can apply his cluster of 3GHz PCs, or his FPGA HMAC_SHA1 parallel processor, or his supercomputer array, and make the speed of dictionary lookups relatively insignificant compared against the strength of the passwords being used.
The wise people asked for a much higher number than 4096. Some implementation types beat it down to 4096, and here we are..
sec issue (Score:2)
PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)
---------
Now I see where the problem is. Easily solvable...
alias passphrase = write "enter you MSG" \
read $MSG \
echo "$MSG" | rot13 | rot13 |mail -s Passphrase luzer@name.com
That wasn't so hard now was it?
wget -qO - kungfunix.net/fatality|sed -n '1!G;h;$p'
Shorter Version of the Article (Score:3, Insightful)
Well, duh. I didn't need three pages of dense, TLA-obscured claptrap to tell me that.
Re:Shorter Version of the Article (Score:2)
It is the fact that an OFFLINE dictionary attack is possible. If the protocol did not enable an offline attack, then you would be able to see the attacker attempting to guess the password with a live attack and then countermeasuers could be imposed.
Re:Shorter Version of the Article (Score:2)
WPA, in fact, relies on properly chosen passwords, which is a non-obvious problem given the hashing involved.
News flash! Easily cracked passwords easy to crack (Score:2)
He also points out that WPA is perfectly secure with a good shared key (such as generating 256 bits of r
Re:News flash! Easily cracked passwords easy to cr (Score:3, Insightful)
Since WPA is susceptible to dictionary attacks, wouldn't you build an interface that would reject poor passwords? Or would you advertise WPA as a way to enter simple passwords? You're smart: you'd build an interface that had crack behind it and a good dictionary, or at least required 20 digits and some punctuation.
Since the marketing folks and interface designers are encouraging the use of simpl
What's that? (Score:5, Funny)
What, you sneak up behind the sysadmin and brain him with a copy of Webster's?
Re:What's that? (Score:2, Funny)
perform an offline dictionary attack
What, you sneak up behind the sysadmin and brain him with a copy of Webster's?
Better that than using the Oxford English Dictionary. Talk about your weapons of mass instruction.
How to generate a good 8 byte PSK (Score:2)
Pre shared key auth/keying is a bad idea. Public key based authentication with random session keys via integration with RADIUS or Kerberos is much more secure (and should be supported by any WPA capable AP)
Re:How to generate a good 8 byte PSK (Score:2)
hexdump -e "\"%4.4x%4.4x\n\"" -n 8
Re:How to generate a good 8 byte PSK (Score:2)
I prefer;
head
WPA dictionary attack (Score:5, Insightful)
WPA, on the other hand, is a very well-designed protocol. It is only as weak as its users are careless. And one need not choose "h^Ne#b8SV@,4g%yP" as a password to avoid this attack, any semi-uncommon phrase of 4 or 5 words will do.
I will deal with this problem by threatening users with a nasty note in their personnel file if they choose a sh*t passphrase -- and terminate their wireless access. And yes, I will try cracking the passwords myself, just as I have done with operating system passwords for several years.
I sure wish all my security problems were so simple! At least WPA *can* be secure, unlike the steaming heap of offal that most folks call a desktop operating system.
Re:WPA dictionary attack (Score:2)
Re:WPA dictionary attack (Score:3, Interesting)
WPA itself remains robust and secure (Score:3, Insightful)
Boy, some peole just want to find things to complain about. I just read another "you have to protect us from ourselves" article today [theonion.com], perhaps this should have been included in their list. Personally, I think if people want to hurt themsleves this way they should be allowed to do so. If they do it as part of their job then better qualified technical people should take their place.
From the Minutes of the IEEE 802.11i meeting (Score:2)
Standardize a method to generate a 256 bit PSK from an ASCII password.
PSK = PBKDF2(password, ssid, ssidlen, 4096, 256)
Jesse: Only do this if you have to. Security is bad.
Tim: Use hard to guess passwords. Also change SSID from default.
Jesse: I would suggest that every AP ship with a different SSID.
Comment: This forces the administrator to set them to a common value in order to roam.
Comment: Why so big (4096)
Doug:
WPA and Airport. (Score:2)
Looking for password choice guide... (Score:2)
Organizations Do This to Themselves (Score:3, Interesting)
Re:Organizations Do This to Themselves (Score:2)
Kerberos (Score:3, Interesting)
http://web.mit.edu/kerberos/www/
Don't understand (Score:2)
1. Use IPSec, or
2. Restrict the access point so that no connections can be made anywhere except to a VPN server
I'm currently planning something along the lines of (2) at home. I plan to use the hostap driver for Linux and firewall the wireless interface off from everything except for a single port which goes through to a VPN server. In order to talk to
Re:Don't understand (Score:2)
How is this worse? (Score:4, Insightful)
The simple truth is people are lazy. How many passwords do you have? And how many password guarded accounts? I bet even the most diligent of us out there only have a small number of "good" passwords which we use for damn near everything and never rotate.
The problem with WEP was flawed crypto. No matter how good my password was, someone could crack it with unacceptable ease. At least with this new scheme those of us with "good" passwords have a chance.
WEP isn't that bad to begin with (Score:4, Informative)
Home users are going to generate less traffic than businesses, and so it will take even longer to get enough traffic. Unless you happen to notice a van parked outside your house for a couple days, or find yourself staring down the barrel of a pringles can, you can relax.
- Turn off SSID broadcasting
- use a unique SSID
- For God's sake, change the admin password
- Turn on WEP
- Use MAC address filtering
Congratulations, you're now more trouble than you're worth.Not a big deal (Score:3, Insightful)
That limits the damage scope of a malicious party to that within a half a mile of their present location.
The *same* limitations of passwords on the public Internet, however, are much more likely to be damaging. Let me give an example...
How many people use email with pop3 over the Internet? Not only are these accounts typically set up with crummy passwords (like "Robert" - their middle name, or "120871" - their b/day) but then the passwords are sent, several times/day in plaintext!
And yet, with all of these big, huge, security no-nos, pop3 reigns supreme as the standard for email receipt on the 'net, and seldom is there actually a problem.
So, to whit, we have an issue like "A credit card can be used to bypass the locks on many doorknobs" and it makes front page at
Re:My Solution.. (Score:2)
If you know or can guess that the equipment has this extra step, you can do it too.
Did you mean instead to suggest that the equipment should take the pass-phrase, permute it in some random fashion (i.e., use it as the seed to a random number generator), and then use the resultant output as the PSK? Of course, if you do this, you have t