Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Wireless Networking Security Hardware

Security evaluation of 802.11i 179

Posted by CmdrTaco from the segessem-terces-ylotot dept.
Uberhacker.Com writes "Server Pipeline features an interesting report on the security viability of 802.11i. As most observers of the WLAN industry are aware, the security features found in the original standard were woefully inadequate. To a certain degree, these deficiencies reflected the perception that security services are normally implemented at layer 3 and above. 802.11i's privacy services are built on top of AES, a strong encryption standard that passes muster with even the most paranoid security administrators."
This discussion has been archived. No new comments can be posted.

Security evaluation of 802.11i More

Security evaluation of 802.11i

Comments Filter:

  • Except of course... (Score:4, Funny)

    by Anonymous Coward on Tuesday July 13, 2004 @11:06AM (#9686312)
    ...if the backdoor password is 12345
  • The 'i' is for insecure of course. What else could it possibly stand for?
  • I line the interior of my house and roof with tin-foil, so I think my Wireless network should be pretty safe.

    (obligatory post, sorry)

  • Security? (Score:5, Interesting)

    by Quasar1999 ( 520073 ) on Tuesday July 13, 2004 @11:08AM (#9686342) Journal
    Why is it that applying security at a higher layer is a bad thing? The data is what needs to be secured, not the headers of the packets... I don't care if people know I'm sending data to my credit card company, I do care if they know what my login and password is though... Am I missing something? Why is it so important to apply security to the lowest layer?

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Tuesday July 13, 2004 @11:12AM (#9686387)
      Comment removed based on user account deletion

      • Re:Security? (Score:4, Informative)

        by Soko ( 17987 ) on Tuesday July 13, 2004 @11:24AM (#9686531) Homepage
        That's security through obsurity, really, isn't it?

        AES et. al. means that noone can eavesdrop on your conversation - It's encrypted form end to end. That means if your talk to your bank via https over an AES secured connection, your connection is secured to thier web server at layer 2, while your passwords etc. - session data - are encrypted at layer 4.

        That way, if someone does somehow break into your converstaion, the session data is still protected.

        AES secures the physical layer, the other systems secure the actual conversation.

        Soko

        • Re: (Score:2, Troll)

          by account_deleted ( 4530225 )
          Comment removed based on user account deletion
          • In most situations (where the admins and programmers aren't perfect), if you know what applications on what OSs are communicating to each other (in other words, you can just see the server and port information, along with a little more header info), then you can go find a vulnerability that affects one of those OS/application combinations that they haven't fixed/patched yet and crack into the system.

            So broadcasting that info in the clear over the airwaves isn't the best idea for security.
            • umm, so are you agreeing with the parent post that obscurity isn't a bad thing as long as it's not the only form of security? or are you saying something different? I'm not sure I get it...

        • Re:Security? (Score:2, Insightful)

          by realnowhereman ( 263389 )
          • Security through obsucrity - bad.
          • Security and obscurity - good. /ul

            Who'd a thought it?

        • Re:Security? (Score:5, Insightful)

          by silas_moeckel ( 234313 ) <silas@@@dsminc-corp...com> on Tuesday July 13, 2004 @11:42AM (#9686717) Homepage
          It's not realy security through obscurity. The encryption stops attackers from joining a wifi network besides protecting all data passing through it. Thats a big deal because passive sniffing is one thing active attacking is another. Once they can inject packets onto your network depending on design they have breached a layer of security (then there are those that treat there wifi like the inetnet and trust none of it)

          Yup your L2 is secured and your L4 is as well when we get ipsec in place your l3 will also be secured.

          It's all breakable it's just a question of time vs computing power. There is only one known unbreakable encryption method the one time pad (quantom encrypt is realy just pad generation and distribution with the added benifit of being tamper evident)

          AES secures Layer 2, the physical layer might be secured via fairiday(sp?) cages, directional anetena's guys, guys with guns etc. But only the realy paranoid worry about that to much.

          Overall is a good idea to secure each and every layer as it just adds to the ammount of computation required to decrypt what you want.

        • Re:Security? (Score:4, Informative)

          by Jahf ( 21968 ) on Tuesday July 13, 2004 @12:06PM (#9687110) Journal
          There is definite advantage to hiding what packets are going where.

          Extreme Example: I may check mail from a corporate mail server. My mail session is encrypted via SSL but you can still tell which server I am communicating with. Let us say someone knew that an employee of my company lives in my town, and they wanted to find out which house that employee (me) lived in so that they could start monitoring their physical mailbox for some important letter.

          If they came to my town, which uses 802.11b WISPs which 1/2 of don't use encryption because WEP is so breakable (I wish they'd turn it on to protect from casual tapping, but oh well, at least my email is sent over SSL), they could drive around for a few minutes sniffing until they triangulated the signal that was sending packets to that corporate mail server.

          Am I worried about this happening? Not so much, because I have a P.O. box :) and because I rarely get postal mail, but it is possible.

          Additionally, many people don't have the ability to tunnel their unencrypted data (like port 80 web traffic) to obtain ubiqitous encryption over wireless. I personally think that is the next evolution of wireless routers (including easy but secure VPN services on the router itself which can be used in conjuction or in place of lower level encryption). But until it becomes easy for the masses having a strong, common low level encryption technology is key.

        • Re:Security? (Score:5, Informative)

          by Bishop ( 4500 ) on Tuesday July 13, 2004 @12:30PM (#9687467)
          That's security through obsurity

          Please stop abuseing the phrase "security through obscurity." The catch phrase was meant to apply to one and only one case: The practive of obscuring encryption algorithms. Bruce Schneier's thesis was that an encryption system that relied on a secret or hidden algorithm was not secure. The phrase "security through obscurity" does not apply to anything else.

          Some forms off security relies on obscurity. Encryption is just a fancy word for data obscurity. Passwords, secure tokens, and RSA private keys should all be kept hidden or obscured. It should not be to hard to think of many forms of physical and data security that include some form of obscurity.

          One of the advantages to using encryption at the link layer is that it is harder to perform traffic analysis if an attacker can't determine the destination of the packet. Another advantage is access control. Only hosts that know the secret key can join the network. Both of these advantages are forms of security.

          • Since we're talking about wireless, and the fact that a random sniffer can't determine where the packets are going, how does a legitimate computer on the network determine where the packets are going?

            Does my handheld have to decrypt everything it receives, whether or not it's destined for the handheld, in order to see which address it is to, and then discard it?

            • Does my handheld have to decrypt everything it receives

              In theory yes. It is not nearly as hard as it sounds. The device only has to decrypt enough to get the destination hardware address. A hardware crypto coprocessor does all the work. In practice 802.11 only encrypts the frame body. The source and destination hardware addresses and some other control fields are sent in the clear.

        • Re:Security? (Score:5, Informative)

          by John Whitley ( 6067 ) on Tuesday July 13, 2004 @01:28PM (#9688217) Homepage
          That's security through obsurity, really, isn't it?

          You fail to understand the security community's use of "security through obscurity." In its proper context, this phrase means that one attempts to secure (for example) an implementation of a security protocol by not disseminating information about how that system works. For example, if someone creates a new asymmetric encryption algorithm, and does not subject it to publication and the scrutiny of peer review... then that's security through obscurity. Security through obscurity, for topics like encryption algos, is heavily frowned upon. Historically, peer review has proven best able to create robust protocols and implementations.

          Locking down multiple layers in the network stack has another phrase that is very applicable: "defense in depth". I.e. if one of your security measures fails, you are wholly or partially protected by one or more other security measures. Defense in depth is generally considered to be a good technique to employ.

        • Re:Security? (Score:5, Insightful)

          by Mr Guy ( 547690 ) on Tuesday July 13, 2004 @03:10PM (#9689521) Journal
          Security through obscurity isn't intrinsically bad. That's essentially how I keep people both out of my car and my home. How many tumbler combinations are there for the typical doorknob anyway?
          • Well, the algorithm for the door is fairly well known, and an adequately skilled locksmith (or thief) knows the algorithm and knows how to iterate over the various keys, so you could argue that it's not really security by obscurity, but rather a well-known algorithm which is easily brute-forced. :-/
          • A typical door tumbler has between 5 and 6 "cuts", with each one of those cuts having some 30 different sized tumblers. One key could potentially open more than just the lock it was intended, but why go through the hassle, most door frames cant stand up to a swift kick anyway.

    • Re:Security? (Score:5, Insightful)

      by surreal-maitland ( 711954 ) on Tuesday July 13, 2004 @11:17AM (#9686442) Journal
      what you're missing is the fact that there's no such thing as perfect security. anything is hackable, though some things are very very extremely hard. thus, bearing this in mind, and wearing our tinfoil hats like good little children, we would like to secure the headers as well. if mr. malicious knows you're sending data to your credit card company, he'll be willing to work hard to find out what's inside. if he has to work hard to find out where you're sending the data, that's one more deterrent.

      you don't have to be totally hack-proof, just moreso than any other potential target. :)

    • Interesting Traffic... (Score:2, Interesting)

      by csmacd ( 221163 )
      If I'm looking at your traffic, and your headers are not encrypted, then I can determine which packets may be interesting (the ones to credit card company, commercial sites, etc) and which packets aren't interesting (web surfing, MUDing, email). Makes the job of the hacker much easier, only needing to break the encryption on packets that have a much higher probability of containing good information

    • Re:Security? (Score:3, Insightful)

      by Frennzy ( 730093 )
      It's not just a matter of data. It's a matter of Authentication, Accounting, and Authorization.

      The real problem with WEP was with the init vector. It was trivially easy to crack, given enough packets. From that point forward, Joe Pr0n and Suzi Spammer were using YOUR bandwidth to do their nefarious deeds. Would you be happy when the FBI came to your door with a search warrant for kiddiepr0n?

      What about those death threats to the prez that came from your IP? With your email address?

    • Re:Security? (Score:3, Insightful)

      by jaraco ( 215575 )
      It has to do with applicability.

      If you insist that security be applied at the application layer, you are insisting that all application programmers include security provisions in their software. And then, the security routines must go through peer review and analysis for at least a cursory inspection for vulnerabilities.

      If you apply the security at the link layer, then you're securing a different thing. You're securing all communication across that link. There is an overwhelming desire to accomplish th

    • Corporations (Score:3, Informative)

      by mrnick ( 108356 )
      As a person working in the network security arena for nearly 15 years the problem is divulging your internal topology. Now this might not bother you at home for corporations that deal with real data (see $$$) are very concerned about this.

      I have worked with the air fortress and it encrypts at the layer 2 level so no network topology can be determined.

      Very nice but it would be even better is it didn't require a client or that the client was ubiquitous with the driver.

      Nick Powers

    • Re:Security? (Score:4, Insightful)

      by beegle ( 9689 ) * on Tuesday July 13, 2004 @11:33AM (#9686617) Homepage
      Actually, some kinds of data are -more- secure when they're only encrypted at a higher layer. If you know certain things about the encrypted data (like port numbers or hostnames or timestamps or the like), it's easier to do traffic analysis: you have some known plaintext to search for. If nothing else, you're providing more data for a brute-force attack.

      Crypto 101: don't encrypt any redundant or easy-to-guess data. That's why PGP compresses data before encrypting it.In World War 2, the allies searched for the phrase "Heil Hitler" in encrypted German messages. It worked with surprising frequency. Many of the attacks against Kerberos 4 rely on excessive encryption: if you're sending a request from a specific host, it's kind of silly to encrypt the name of the host that's requesting a ticket. It's just one more bit of plaintext to search for. That's why Kerberos 5 moved more information to plaintext.
      • Crypto 101: don't encrypt any redundant or easy-to-guess data.

        Completely wrong. Crypto 101: don't try and work around unknown flaws in the crypto at higher protocol levels - you're doomed to be chasing your tail forever. Use a secure protocol, and rely on it. AES in EAX mode will be secure no matter how redundant or easy-to-guess your data is.

        I'm pretty sure your information about Kerberos is wrong - the Kerberos people had better cryptographers than to make a mistake like that. There were other cry
      • I love slashdot. After I made this post, I was worried that someone'd call me out on my use of the phrase "traffic analysis". Most people use "traffic analysis" to refer to a sort of meta-analysis: that is, looking at where messages are going and their characteristics rather than the contents of the messages. I was thinking of the routine "scan the traffic looking for known plaintext".

        Instead, I got an angry follow-up that was just plain wrong, missed the point, and pulled the "I think you might be wron
    • The problem is that many networks and networking applications assume a reasonably secure LAN - i.e. - that someone can't arbitrarily walk up w/ a computer and plug in. That's not necessarily a good assumption, but it's one that is made.

      It also forces anyone who wants to hack to be in the building - i.e. forces you to get through physical security. If you can work on hacking from a parking lot, you're pretty screwed.

      In addition, many networks assume that the interior is trusted - that good guys are on th

    • Re:Security? (Score:5, Insightful)

      by Cecil ( 37810 ) on Tuesday July 13, 2004 @11:52AM (#9686860) Homepage
      Some pretty substantial information can be gleaned from headers. You may not care that people know you're sending data to your credit card company. But some people do care. Any theoretical thief now knows what bank you use, for one thing. Someone with some amount of authority or social-engineering skills could go to the bank directly and corellate their logs with your traffic and find out exactly who you are. A physical thief could notice that you're visiting porn sites and decide that since you're probably not paying much attention to outside, now would be a good time to steal your car. These are contrived examples I admit, but given time, privacy is eroded greatly by such small loopholes.

      To compare it to its non-internet equivalent, it is the difference between allowing everyone to see your phone records (anyone can look at where your packets are headed), and requiring a subpoena to disclose them to a court of law (subpoena the ISP or destination sites' logs). In neither case can they see or hear exactly what you said to the other end, but obviously the latter is much preferable for anyone interested in privacy.
    • Also, if you can gain ethernet communications with a machine you can hack it. Even if you implement security at onther level (i.e. using a VPN over the wireless link) someone can hack into your machine and gain access to your machine and to the VPN through it. Security of wireless networks is quite important.
    • I am a firm believer in "end-to-end" security models based on IPSec. With this said and done, there are a lot reason's why datalink layer security is desirable. Most notably, if I am relying solely on network layer or application layer security then by definition, I need to grant datalink layer access to my network before I can use the network layer to authenticate. Many folks consider this problematic.

      Equally significant, suppose that I do exacly as you say and only encrypt application layer data while
    • I don't care if people know I'm sending data to my credit card company

      Maybe you don't, but there are plently of us who would perfer not to broadcast with the world information about everyone with whom we communicate.

  • AES, buzzword of the moment (Score:5, Insightful)

    by Anonymous Coward on Tuesday July 13, 2004 @11:08AM (#9686343)
    AES!=SECURE! It's how you implement it and use it that makes you secure!

    AES is the buzzword of the moment. The real question: is 802.11i implemented in such a way that it is secure from the get-go (even at the expense of usability), and implemented in such a way that it can be upgraded quickly and easily should exploits be found.

    Well?? I don't give a damn what algorithm it uses, I just want it to use the algorithm CORRECTLY.

  • AES really secure? (Score:3, Interesting)

    by Anonymous Coward on Tuesday July 13, 2004 @11:10AM (#9686370)
    "AES, a strong encryption standard that passes muster with even the most paranoid security administrators."

    If it's really secure, why does our favourite tree-letter-agency allow it for normal citizens? So much for paranoia...

    • Re: (Score:3, Informative)

      by account_deleted ( 4530225 )
      Comment removed based on user account deletion
    • The AES process was designed with the help of the worldwide cryptographic community for maximum openness and public participation. The winning algorithm was designed by two Belgians; it's way too simple to hide any chicanery in. It has now seen more cryptanalysis than any other algorithm ever except DES - which, incidentally, IBM/the NSA secretly wired to make *more* secure - and held up well. There's not a reputable cryptographer anywhere in the world who thinks there's a serious chance of AES being bro
      • AES does not pass muster with the most paranoid. Not yet.

        There are attacks that have not been tested, and are undergoing some rigorous mathematical attacks now. I personally do not know the details, but it involves establishing a 1:1 mapping onto a finite field or reducing it to an algebraic cipher. One of my crypto friends is working on this right now.

        AES was accepted by NIST before it was fully tested. I do not trust it, and I'm not even the most paranoid.

        More info here. [cryptosystem.net]
        • I read the page you referenced. I have never seen such partisan writing from a professional cryptographer! In particular it's a bit off the way he cites Murphy and Robshaw as if to say that they believe the XSL attack is practical, where in fact they go to great lengths to state that they do not believe there is sufficient evidence to claim a break in AES.

          I don't think NIST left enough time for the AES process - especially since they asked for something so novel (there were very few 128-bit block ciphers
    • "The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths." [PDF [nstissc.gov]]

      Of course, in this context, "NSA-approved cryptography consists of an approved algorithm; an implementation that has been approved for the protection of classified information in a particular environment; and a supporting key management infrastructure." I suspect

  • ARGH! (Score:5, Insightful)

    by nuintari ( 47926 ) on Tuesday July 13, 2004 @11:13AM (#9686392) Homepage
    You can't throw pretty sounding state of the art encryption schemes at something and call it secure. WEP's failing was not a bad algorithem, RC4 isn't new by any means, but its nothing to turn your nose to. When used properly, it can do the job. But WEP used predictable session id's, a tiny key space, and a whole host of recomended but "optional" wep concepts that the manufacturers ignored because they were all harder to implement.

    Wep was designed with the model:

    1. pretty acronyms.
    2. mumnle mumble mumble
    3. SECURITY!!!

    You could use AES in wep and it would still be breakable, the key exchange was piss poor, making the entire system piss poor.

    I didn't read the article, this was just me bitching at the slashdot post, and people who believe fancy new encryption = security automagically.

    • Re:ARGH! (Score:3, Interesting)

      by Martin Blank ( 154261 )
      This is where 802.11i is a bit different, though, in that the new security features are mandatory. Missing small points, no matter how difficult, will fail the certification.
      • Its a start, but I still wager a good chunch of change that they fuck it up.

        STill doesn't change the fact that you can't throw AES at something and get the happy land of magical computer/network security.
    • Comment removed based on user account deletion
    • WEP was designed to be insecure. The whole process (and even the acronym!) was dictated by nervous governments who fear subversives and don't give a s**t about criminals making life hell for their citizens.

      802.11i appears to be a genuine attempt to create an open and secure system that is (mostly) free from the interference that crippled WEP.

    • Re:I wonder... (Score:2, Interesting)

      by theendlessnow ( 516149 )

      ...But WEP used predictable session id's, a tiny key space, and a whole host of recomended but "optional" wep concepts...

      The weak key problem has been addressed by all manufacturers via firmware updates. You are now forced to do dictionary attacks which require a large number of packets and resources. Still hackable, but not nearly as easy.

      I didn't read the article, this was just me bitching at the slashdot post, and people who believe fancy new encryption = security automagically.

      You need to r

      • The weak key problem has been addressed by all manufacturers via firmware updates. You are now forced to do dictionary attacks which require a large number of packets and resources. Still hackable, but not nearly as easy.

        I know.

        You need to read the article (which I didn't read). I don't need to read it since I know about the changes already. You'll find the key exchanges when combined with a true AAA provide a secure solution.

        I was pointing out that magic acronyms do not equate with great security, in

    • Re:ARGH! (Score:3, Insightful)

      by Paul Crowley ( 837 )
      The attack on WEP depends critically on weak key scheduling in RC4. Substitute an algorithm with a sufficiently strong key schedule, such as AES, and you won't see the same problem.

      I agree that "AES" isn't a magic incantation to make things secure, but TBH it's a happy day when we're having to explain that, instead of having to explain why hand-rolling your algorithms isn't such a good plan. With WinZip, it even seems we're having to explain why using a secure encrypt-then-authenticate mode with secure p

  • Its about time!! (Score:4, Interesting)

    by supersam ( 466783 ) on Tuesday July 13, 2004 @11:13AM (#9686393) Homepage
    All through the time I spent developing WLAN software, security was always the bottleneck. We always had to keep one thing at the back of our minds - if security isn't improved, all this work is gonna get flushed down the drain!

    Fears about security have prevented WLAN from achieving all that it can potentially achieve. It was ridiculously easy for someone to break into a wireless LAN. 802.11i was seen to be the saviour, but the infighting among the various stakeholders always prevented the mechanisms defined under 802.11i from being accepted globally.

    I hope things will change for the better now!

  • To Little to Late (Score:5, Interesting)

    by batboy78 ( 255178 ) on Tuesday July 13, 2004 @11:14AM (#9686403) Homepage
    Is this new 802.11 product going to do well? With new technologies on the horizon such as WiMax will companies and businesses invest anymore money to upgrade or rollout an 802.11 product?

  • Getting There... (Score:5, Insightful)

    by diagnosis ( 38691 ) on Tuesday July 13, 2004 @11:15AM (#9686411) Homepage
    Here is the problem: Most people *still* aren't going to turn on encryption, and 802.11i doesn't address one of the biggest regions people don't turn on encryption:

    Encryption makes configuring your wireless network 10x harder for the average person.

    As the article recognizes, "the lack of a single, universally accepted standard will inevitably lead to implementation and interoperability challenges."

    Encrypted wlan communication needs to be so straightforward that end users can connect to *any* access point and be assured of privacy without any additional configuration.

    So what is the average user supposed to do? Just keep waiting, I guess...

    • And therein lies the problem (Score:5, Insightful)

      by Effugas ( 2378 ) on Tuesday July 13, 2004 @11:23AM (#9686518) Homepage
      Encrypted wlan communication needs to be so straightforward that end users can connect to *any* access point and be assured of privacy without any additional configuration.

      No.

      Because then you don't necessarily know if you're connecting to an attacker's access point or not. This is mostly why security doesn't belong at L2 -- you don't care or trust the next hop, you trust the endpoint (or at least some faraway gateway that gets you into the endpoint).

      --Dan
      • That is a fair point, but adding security at L2 at least limits the number of listeners to your conversation.

        Realistically, users are going to connect to whatever AP they can reach. I don't see how you deal with attacker APs other than by encrypting at higher levels, or adding L2 authentication/certs. The latter seems pretty undesirable.

        11i is the solution to not quite the right problem.

        • Limits passive listeners, not active.

          There are some very, very ugly active attacks that people haven't even begun to explore.

          That being said -- 11i solves the problem of, given a widely distributed network of corporate access points, how do you prevent people from rummaging around your internal network without going to a concentrator? Answer -- force them to check in w/ 11i.

          --Dan
    • Encryption makes configuring your wireless network 10x harder for the average person.

      And most people aren't up to average - the geeks throw the ratio all out of wack.

      In order to sell products the wifi manufacturers make it as easy as possible, but they DO include security options. I'm not going to argue about that.

      A) Free wireless access for me and my friends through people who don't care enough to secure their networks.
      B) Keeps me employeed securing networks of those who are interested.
    • Encryption makes configuring your wireless network 10x harder for the average person... So what is the average user supposed to do? Just keep waiting, I guess...
      Nah. The average user will continue to deploy unsecured WAPs with default admin passwords, and it won't be that big of a deal. The average user just does not care. He's about as worried about this as he is about someone coming over and using the BBQ grill on his porch.

  • 5 million packets and 1 minute... (Score:4, Informative)

    by tcopeland ( 32225 ) * <tom AT thomasleecopeland DOT com> on Tuesday July 13, 2004 @11:17AM (#9686450) Homepage
    ...to crack WEP, according to Airsnort [shmoo.com]. Whew!

  • Reverse Spelling Errors (Score:4, Funny)

    by Bishop923 ( 109840 ) on Tuesday July 13, 2004 @11:22AM (#9686503)
    from the segessem-terces-ylotot dept.
    Reversal:
    totoly-secret-messeges
  • "802.11i's privacy services are built on top of AES, a strong encryption standard that passes muster with even the most paranoid security administrators" No, not really. I would much rather use Serpent (the AES runner-up) than Rinjdael (the AES standard) for my encryption. As one of "the most paranoid security administrators," I'm rather annoyed that speed was chosen over security for the AES standard.
    • Correct. As I pointed out in this vitriolic posting [slashdot.org] last year, the security of AES is possibly weak. (See the citation).
      As a relatively new cipher, this is not unexpected. The conservative security choice would have been to choose 3DES, as the new DES.

      Although it's pure speculation, it's possible Rinjdael was chosen by interested parties and deemed 'strong enough for commerce' for reasons related to catching filthy cave dwelling scum.

      Reality is that which continues to exist after you stop believing in it.

      • AES is good enough for the most paranoid. (Score:5, Informative)

        by Paul Crowley ( 837 ) on Tuesday July 13, 2004 @12:46PM (#9687684) Homepage Journal
        Last I heard, it look like the Courtois and Pierpzyk attack wouldn't fly. And wasn't that attack *more* effective against Serpent than against Rijndael anyway?

        Even the designers of Serpent would say that they believe there are no practical attacks against AES. I voted for Serpent myself, but I still believe Rijndael is an excellent cipher the whole community can rally behind, and overwhelmingly that's what the crypto community is doing.
        • According to Don Coppersmith, the technique has merit. Considering the source, that's a strong statement.

          Yes, the attack is applicable to ciphers other than AES.

          No it's not a practical attack. A practical attack and an academic break are completely different things.

          For example, a theoretical attack that reduced key recovery time from 10^14 MIPS years to 10^6 MY is still probably impractical to break for most attackers. However, the loss of security in such a scenario would be considered serious.
          • The only writing from Coppersmith on the XSL attack I can find argues against its practicality, can you give me a cite?

            We do not know whether the attack is applicable against any ciphers. However, if it will fly, then Serpent falls harder than Rijndael does - a surprising result for everyone, and evidence against the lobby that says "NIST should have gone for Serpent for security, not Rijndael for speed".

            I confess at this point that, like Schneier, I'm not 100% certain that no academic attack on Rijndael
    • I'm glad they chose Rinjdael for speed.

      It means cheaper faster ASICS which means more encryption happening.

      If Serpent costs more to implement less AES will be happening.

      As AES approaches "free" encryption gets thrown in everywhere, leading to a more secure national infrastructure. If Rinjdael over Serpent accelerates this process by a year or two, that might be very significant. Of course, it could also be meaningless, but we just don't know.
  • We already have other and better options. Just disable WEP and use IPsec on your accesspoint.

    Yeah - it's a little bit slower when the en/de/cryption is done on the client but in most cases you won't notice. And on the AP you can use a crypto accelerator.

    If you don't want to use a PC as AP just use http://www.m0n0.ch/wall/ in combination with http://www.soekris.com/net4501.htm (they ship with cases too :) - that should do the trick.

  • Taking the load off the programmer (Score:4, Interesting)

    by lachlan76 ( 770870 ) on Tuesday July 13, 2004 @11:37AM (#9686665)
    To be realistic, if you (as a programmer) are sending data that you know at the design stage that you want to keep private, you should be ancrypting it at the APPLICATION layer. If you are going to send data that you want transmitted securely, you shouldn't depend on the lower levels to do something which may or not be present. However, if you are using it as a way to keep unautorised user out of the network, you could do something similar by signing the packets as they are sent. This would cost you speed though, and it is easier to just encrypt with whatever cipher is in style at the time and check if the packet is valid.
    • you could do something similar by signing the packets as they are sent...it is easier to just encrypt with whatever cipher is in style at the time and check if the packet is valid.

      I fail to see the difference between your two suggestions. Just tacking some sort of signature onto a packet (like a session id or something) would not work because it would be in the clear. There is no choice but encryption.
      • What I meant was just signing an MD5/SHA-1/etc checksum using a public key algorithm, like PGP/GPG does.

        Using a public key cryptosystem would help by authenticating users with the access point. And then perhaps encrypting it too, with a randomly generated session key pair, one from the AP, and one from the client, so that it is encrypted and signed to keep data private, and verify the sender. The drawback is that it is slower than using a symmetric algorithm (They can be smaller: When I look at RC*, I t

  • Layers (Score:2, Interesting)

    by ccoder ( 468480 ) *
    There have been a few interesting ideas if not brilliant, but not properly executed. I'm no encryption guru, but simple username and password based security isn't all that bad, as long as the medium they're transmitted over is secure. The problem, though is how to "make" them secure.

    At some point you have to start trusting the network, and stop worrying about how big your key is, or how long it takes to crack. Use a VPN for work. Use SSL for private email. Don't auto login to websites. If people start

  • Security out of the box (Score:3, Insightful)

    by chia_monkey ( 593501 ) on Tuesday July 13, 2004 @12:11PM (#9687174) Journal
    The main problem here isn't HOW secure you can make something, but IF you secure it or not. There are already many options available to make an 802.11b network nice and secure. Just do your homework and you can get it done.

    The problem is, all these devices are shipped for easy setup. Easy setup means "security off". People set up their networks and quit there. No wonder everyone thinks WiFi is insecure. It's a network, just like a wired network. Go through the steps to secure the wireless network too fellas. If we can get people to turn on the security features right away, or do as Apple does and ship stuff with all ports closed and security functions on, then we'll be in a better place. Sure, it may make setting up your WiFi network a bit more cumbersome or time-consuming in the beginning, but that extra five minutes is well worth it.
    • You're completely right. I just got my laptop yesterday (first experience with wireless) and right when my computer booted up it told me there was a wireless network I could connect to. Now, I knew this was unlikely since I turned my routers access point off, but sure enough someone who lives near me has an open wireless network. I took (minimal) security measures when I put my wireless network up , but it's still a lot more than these people... Free internet!

  • Perspective (Score:3, Insightful)

    by chill ( 34294 ) on Tuesday July 13, 2004 @01:04PM (#9687920) Journal
    I'll take the unpopular opinion here... WEP is a good thing and serves a vital function. By activating WEP, even with all the flaws, you are essentially "locking the door". Yes, it is a paper door with a crappy lock, but that isn't the point. The lock is there to tell you you're not supposed to be in as much as it is to keep you out.

    The point is by securing the network at all you are putting up the equivalent of a "private property" sign. Legally, it helps a great deal. I can see a defense argument for an unsecured AP that is shouting it's SSID into a 2 block radius. However, if you have to crack it, then there is no question about legality -- you are breaking the law.

    No, don't rely on WEP for security. Use and IPSec tunnel on top of it if you want security. But WEP *does* serve a great purpose in wifi -- covering your ass legally.

    -Charles
  • the security features found in the original standard were woefully inadequate

    I wouldn't necessarily say that WEP is woefully inadequate as much as it is extremely poorly implemented. It could have worked well but it had serious implementation issues.

    As all slashdotters probably already know about:

    The (in)security of WEP [berkeley.edu]

Slashdot Top Deals

Remember to say hello to your bank teller.

Close