ALERT: WPA isn't necessarily secure
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by John Navas on September 1, 2006, 11:26 am
Please log in for more thread options SUMMARY: WPA-PSK is vulnerable to offline attack. TO AVOID THE PROBLEM: USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples: BAD: "vintage wine" GOOD: "floor hiking dirt ocean" (pick your own words, even longer is better) FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS. BACKGROUND: Weakness in Passphrase Choice in WPA Interface By Glenn Fleishman By Robert Moskowitz Senior Technical Director ICSA Labs, a division of TruSecure Corp <http://wifinetnews.com/archives/002452.html>
... The offline PSK dictionary attack ... Just about any 8-character string a user may select will be in the dictionary. As the standard states, passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use. This offline attack should be easier to execute than the WEP attacks. ... Using Random values for the PSK The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large number for human entry; 20 character passphrases are considered too long for entry. Given the nature of the attack against the 4-Way Handshake, a PSK with only 128 bits of security is really sufficient, and in fact against current brute-strength attacks, 96 bits SHOULD be adequate. This is still larger than a large passphrase ... ... Summary ... Pre-Shared Keying is provided in the standard to simplify deployments in small, low risk, networks. The risk of using PSKs against internal attacks is almost as bad as WEP. The risk of using passphrase based PSKs against external attacks is greater than using WEP. Thus the only value PSK has is if only truly random keys are used, or for deploy testing of basic WPA or 802.11i functions. PSK should ONLY be used if this is fully understood by the deployers. See also: Passphrase Flaw Exposed in WPA Wireless Security <http://www.technewsworld.com/story/32070.html>
Wi-Fi Protected Access. Security in pre-shared key mode <http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access>
Cracking Wi-Fi Protected Access (WPA) <http://www.ciscopress.com/articles/article.asp?p=369221>
<http://www.ciscopress.com/articles/article.asp?p=370636&rl=1> WPA Cracker <http://www.tinypeap.com/html/wpa_cracker.html>
| ||||||||||||||||
|
Posted by Jerry Park on September 1, 2006, 4:32 pm
Please log in for more thread options Any security system which uses a passphrase is vulnerable to a poor choice of passphrase. Additionally, if the passphrase is not kept secret, the security can be breached. This is not a weakness in WPA, it is just that any such system is subject to breach is the passphrase is 'guessable'. Passphrases should contain non-dictionary constructions for better security. John Navas wrote: > SUMMARY:
> > WPA-PSK is vulnerable to offline attack. > > TO AVOID THE PROBLEM: > > USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples: > BAD: "vintage wine" > GOOD: "floor hiking dirt ocean" > (pick your own words, even longer is better) > FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS. > > BACKGROUND: > > Weakness in Passphrase Choice in WPA Interface > By Glenn Fleishman > By Robert Moskowitz > Senior Technical Director > ICSA Labs, a division of TruSecure Corp > <http://wifinetnews.com/archives/002452.html> > > ... > The offline PSK dictionary attack > ... > Just about any 8-character string a user may select will be in the > dictionary. As the standard states, passphrases longer than 20 characters > are needed to start deterring attacks. This is considerably longer than > most people will be willing to use. > > This offline attack should be easier to execute than the WEP attacks. > ... > Using Random values for the PSK > > The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large > number for human entry; 20 character passphrases are considered too long > for entry. Given the nature of the attack against the 4-Way Handshake, a > PSK with only 128 bits of security is really sufficient, and in fact > against current brute-strength attacks, 96 bits SHOULD be adequate. This is > still larger than a large passphrase ... > ... > Summary > ... > Pre-Shared Keying is provided in the standard to simplify deployments in > small, low risk, networks. The risk of using PSKs against internal attacks > is almost as bad as WEP. The risk of using passphrase based PSKs against > external attacks is greater than using WEP. Thus the only value PSK has is > if only truly random keys are used, or for deploy testing of basic WPA or > 802.11i functions. PSK should ONLY be used if this is fully understood by > the deployers. > > See also: > Passphrase Flaw Exposed in WPA Wireless Security > <http://www.technewsworld.com/story/32070.html> > > Wi-Fi Protected Access. Security in pre-shared key mode > <http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access> > > Cracking Wi-Fi Protected Access (WPA) > <http://www.ciscopress.com/articles/article.asp?p=369221> > <http://www.ciscopress.com/articles/article.asp?p=370636&rl=1> > > WPA Cracker > <http://www.tinypeap.com/html/wpa_cracker.html> > | ||||||||||||||||
|
Posted by John Navas on September 2, 2006, 1:43 am
Please log in for more thread options
You're missing the point. Read more carefully. The big issue with WPA is that it's subject to *offline* attack. >Any security system which uses a passphrase is vulnerable to a poor
>choice of passphrase. > >Additionally, if the passphrase is not kept secret, the security can be >breached. > >This is not a weakness in WPA, it is just that any such system is >subject to breach is the passphrase is 'guessable'. Passphrases should >contain non-dictionary constructions for better security. > >John Navas wrote: >> SUMMARY:
>> >> WPA-PSK is vulnerable to offline attack. >> >> TO AVOID THE PROBLEM: >> >> USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples: >> BAD: "vintage wine" >> GOOD: "floor hiking dirt ocean" >> (pick your own words, even longer is better) >> FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS. >> >> BACKGROUND: >> >> Weakness in Passphrase Choice in WPA Interface >> By Glenn Fleishman >> By Robert Moskowitz >> Senior Technical Director >> ICSA Labs, a division of TruSecure Corp >> <http://wifinetnews.com/archives/002452.html> >> >> ... >> The offline PSK dictionary attack >> ... >> Just about any 8-character string a user may select will be in the >> dictionary. As the standard states, passphrases longer than 20 characters >> are needed to start deterring attacks. This is considerably longer than >> most people will be willing to use. >> >> This offline attack should be easier to execute than the WEP attacks. >> ... >> Using Random values for the PSK >> >> The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large >> number for human entry; 20 character passphrases are considered too long >> for entry. Given the nature of the attack against the 4-Way Handshake, a >> PSK with only 128 bits of security is really sufficient, and in fact >> against current brute-strength attacks, 96 bits SHOULD be adequate. This is >> still larger than a large passphrase ... >> ... >> Summary >> ... >> Pre-Shared Keying is provided in the standard to simplify deployments in >> small, low risk, networks. The risk of using PSKs against internal attacks >> is almost as bad as WEP. The risk of using passphrase based PSKs against >> external attacks is greater than using WEP. Thus the only value PSK has is >> if only truly random keys are used, or for deploy testing of basic WPA or >> 802.11i functions. PSK should ONLY be used if this is fully understood by >> the deployers. >> >> See also: >> Passphrase Flaw Exposed in WPA Wireless Security >> <http://www.technewsworld.com/story/32070.html> >> >> Wi-Fi Protected Access. Security in pre-shared key mode >> <http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access> >> >> Cracking Wi-Fi Protected Access (WPA) >> <http://www.ciscopress.com/articles/article.asp?p=369221> >> <http://www.ciscopress.com/articles/article.asp?p=370636&rl=1> >> >> WPA Cracker >> <http://www.tinypeap.com/html/wpa_cracker.html> >> -- Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes> | ||||||||||||||||
|
Posted by Jerry Park on September 3, 2006, 9:43 pm
Please log in for more thread options
I don't think I missed the point. The point is that systems using passphrases are vulnerable when weak passphrases are used. Online/offline -- doesn't matter. WPA is not known to be breakable with a good choice of passphrase. WEP on the other hand is breakable regardless of passphrase due to the implementation of the algorithm. John Navas wrote: > You're missing the point. Read more carefully. The big issue with WPA
> is that it's subject to *offline* attack. > > > >> Any security system which uses a passphrase is vulnerable to a poor
>> choice of passphrase. >> >> Additionally, if the passphrase is not kept secret, the security can be >> breached. >> >> This is not a weakness in WPA, it is just that any such system is >> subject to breach is the passphrase is 'guessable'. Passphrases should >> contain non-dictionary constructions for better security. >> >> John Navas wrote: >> >>> SUMMARY:
is
>>> >>> WPA-PSK is vulnerable to offline attack. >>> >>> TO AVOID THE PROBLEM: >>> >>> USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples: >>> BAD: "vintage wine" >>> GOOD: "floor hiking dirt ocean" >>> (pick your own words, even longer is better) >>> FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS. >>> >>> BACKGROUND: >>> >>> Weakness in Passphrase Choice in WPA Interface >>> By Glenn Fleishman >>> By Robert Moskowitz >>> Senior Technical Director >>> ICSA Labs, a division of TruSecure Corp >>> <http://wifinetnews.com/archives/002452.html> >>> >>> ... >>> The offline PSK dictionary attack >>> ... >>> Just about any 8-character string a user may select will be in the >>> dictionary. As the standard states, passphrases longer than 20 characters >>> are needed to start deterring attacks. This is considerably longer than >>> most people will be willing to use. >>> >>> This offline attack should be easier to execute than the WEP attacks. >>> ... >>> Using Random values for the PSK >>> >>> The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large >>> number for human entry; 20 character passphrases are considered too long >>> for entry. Given the nature of the attack against the 4-Way Handshake, a >>> PSK with only 128 bits of security is really sufficient, and in fact >>> against current brute-strength attacks, 96 bits SHOULD be adequate. This >>> still larger than a large passphrase ...
>>> ... >>> Summary >>> ... >>> Pre-Shared Keying is provided in the standard to simplify deployments in >>> small, low risk, networks. The risk of using PSKs against internal attacks >>> is almost as bad as WEP. The risk of using passphrase based PSKs against >>> external attacks is greater than using WEP. Thus the only value PSK has is >>> if only truly random keys are used, or for deploy testing of basic WPA or >>> 802.11i functions. PSK should ONLY be used if this is fully understood by >>> the deployers. >>> >>> See also: >>> Passphrase Flaw Exposed in WPA Wireless Security >>> <http://www.technewsworld.com/story/32070.html> >>> >>> Wi-Fi Protected Access. Security in pre-shared key mode >>> <http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access> >>> >>> Cracking Wi-Fi Protected Access (WPA) >>> <http://www.ciscopress.com/articles/article.asp?p=369221> >>> <http://www.ciscopress.com/articles/article.asp?p=370636&rl=1> >>> >>> WPA Cracker >>> <http://www.tinypeap.com/html/wpa_cracker.html> >>> >>> >
> | ||||||||||||||||
|
Posted by on September 4, 2006, 4:17 pm
Please log in for more thread options
| I don't think I missed the point. The point is that systems using | passphrases are vulnerable when weak passphrases are used. | Online/offline -- doesn't matter. | | WPA is not known to be breakable with a good choice of passphrase. WEP | on the other hand is breakable regardless of passphrase due to the | implementation of the algorithm. Offline does matter. WPA ... as typically put into service ... is more vulnerable than WEP. And the reason is because of this offline attack that can be successful against weaker passphrases. It is tradeoff that a stronger passphrase can be used to scale up the required attack. But as the passphrase becomes longer, that creates a new weakness in the way it has to be handled because it may have to be written in more places, instead of just being memorized. Here's your new passphrase. Now walk over to the other side of the house and type it into a different computer over there: "ut eni ad min ven qui nos exe ull lab nis ut ali ex ea com con" ... without writing it down or carrying your laptop that displays it. Most people tend to choose shorter passwords and passphrases. Even those that know 8 characters is too weak might only use 12 or 16. WPA can be made reasonably secure only with a dramatic passphrase length. Or would you rather use a randomized string of characters you can't remember at all? phil@canopus:/home/phil 314> makepassword
o6wxqy44flif
phil@canopus:/home/phil 315> makepassword 16
jw3xgp83httpbx58
phil@canopus:/home/phil 316> makepassword 24
8zrvm1peppmno1wfqla474da
phil@canopus:/home/phil 317> makepassword 32
bb42b3fz1hpkrk2ngxxuizbyu07hkyju
phil@canopus:/home/phil 318> makepassword 48
uy1x85e1w5vsgo6y9q8e751mgx4jj1z1mu4rpxoucoc8zss2
phil@canopus:/home/phil 319> makepassword 63
ydwqa3eb7xhzm0lc8umqkieh1c9vmy29xo34vy9i06c6w1vv24v7av6rtc417xi
phil@canopus:/home/phil 320>
I'll admit to using a passphrase of only 13 characters. It's probably a bit harder than most to attack because it is the name of two cats we have that are not normal dictionary words. But it is still not really strong enough for confidential business work. You can probably enhance some passphrases by modifying them, not using whole words. But word chopping can still end up with something that's in the dictionary, anyway. Some other kind of twist, like rotating each word by the N digits of a number you can rememeber. 268435456 (2^28) the lord is my shepherd i shall not want het ordl si ym pherdshe i lshal otn antw It scales up a dictionary attack if that attack has to use every possible word rotation and every possible combination of rotations. If you have a number you can remember, you can rotate according to it. Rotation is just one possible twist, and not even the best (although relatively easy). -- |---------------------------------------/----------------------------------| | Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below | | first name lower case at ipal.net / spamtrap-2006-09-04-1454@ipal.net | |------------------------------------/-------------------------------------| | ||||||||||||||||
| Similar Threads | Posted |
| ALERT: WPA isn't necessarily secure | September 1, 2006, 11:26 am |
| ALERT: WPA isn't necessarily secure | September 18, 2006, 12:25 pm |
| ALERT: WPA isn't necessarily secure | October 3, 2006, 1:04 pm |
| ALERT: WPA isn't necessarily secure | October 16, 2006, 4:59 pm |
| ALERT: WPA isn't necessarily secure | November 6, 2006, 10:18 am |
| ALERT: WPA isn't necessarily secure | November 20, 2006, 11:47 am |
| ALERT: WPA isn't necessarily secure | December 4, 2006, 8:30 pm |
| ALERT: WPA isn't necessarily secure | December 20, 2006, 9:51 pm |
| ALERT: WPA isn't necessarily secure | January 2, 2007, 1:43 am |
| ALERT: WPA isn't necessarily secure | January 16, 2007, 12:53 am |
| ALERT: WPA isn't necessarily secure | February 5, 2007, 10:43 am |
| ALERT: WPA isn't necessarily secure | March 5, 2007, 9:23 am |
| ALERT: WPA isn't necessarily secure | March 19, 2007, 9:53 am |
| ALERT: WPA isn't necessarily secure | April 2, 2007, 8:29 pm |
| ALERT: WPA isn't necessarily secure | April 18, 2007, 3:07 pm |