ALERT: WPA can be less secure than WEP


Unfortunately, WPA-PSK is vulnerable attack. See
Weakness in Passphrase Choice in WPA Interface
By Glenn Fleishman
By Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of TruSecure Corp

...
The offline PSK dictionary attack
...
Just about any 8-character string a user may select will be in the
dictionary. As the standard states, passphrases longer than 20 characters
are needed to start deterring attacks. This is considerably longer than
most people will be willing to use.
This offline attack should be easier to execute than the WEP attacks.
...
Using Random values for the PSK
The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large
number for human entry; 20 character passphrases are considered too long
for entry. Given the nature of the attack against the 4-Way Handshake, a
PSK with only 128 bits of security is really sufficient, and in fact
against current brute-strength attacks, 96 bits SHOULD be adequate. This is
still larger than a large passphrase ...
...
Summary
...
Pre-Shared Keying is provided in the standard to simplify deployments in
small, low risk, networks. The risk of using PSKs against internal attacks
is almost as bad as WEP. The risk of using passphrase based PSKs against
external attacks is greater than using WEP. Thus the only value PSK has is
if only truly random keys are used, or for deploy testing of basic WPA or
802.11i functions. PSK should ONLY be used if this is fully understood by
the deployers.
See also:
Passphrase Flaw Exposed in WPA Wireless Security

Wi-Fi Protected Access. Security in pre-shared key mode

Cracking Wi-Fi Protected Access (WPA)


WPA Cracker

Reply to
John Navas
Loading thread data ...
Even deliberate misspellings, invented acronyms, and assemblies? How about made-up, non-dictionary words?
When are SOHO routers going to include RADUIS or 802.1x? Isn't that coming RSN...
Reply to
William P. N. Smith
If you limit yourself to 8 character maximum passwords, a brute force attack of all possible hex combinations will take 53710 days. See:
formatting link
the limitations. However, if any of the word are in the dictionary, are devoid of non-text characters, are all lower case, or follow well known keyboard patterns, then chances are high that it will be recovered in considerably less time.
Once upon a time, I used to run the Unix Crack 4.5 program on /etc/password or /etc/shadow to see how many trivial passwords can be extracted. This is basic Hacker 101 type of password cracking that uses a dictionary attack. Despite warnings from management and threats of violence by myself, numerous users consistently and regularly assigned themselves unsafe password. I fear that I'm still guilty of that practice myself as I always seem to have a creativity failure when it comes time to assign passwords and pass phrases. At least I rarely reuse a password, which is another big time security screwup.
There's already one that I found: |
formatting link
's also no reason that a company could not setup a RADIUS-like authentication system on the internet and sell accounts. Microsloth IAS will do this now. |
formatting link
for RADIUS/AAA service providers. Many of the "virual ISP's" use such services for admin and accounting. I've been tempted to setup such a scheme in my office and provide authentication services for my customers via the internet.
Reply to
Jeff Liebermann
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
A typical attack, which can be done offline, will be a dictionary attack (including common misspellings), followed by a brute force attack if that fails.
ZyXEL 2000 Plus
formatting link
Or for less money, tinyPEAP on the WRT54G/GS
Reply to
John Navas
...
A wonderful program. I rewrote that years ago into a networked form, so could run on about 50 workstations or so overnight. Always put detected passwords back into the dictionary, so incremental pwd changes wouldn't sneak past so easily. Used to grab up to maybe 10 passwords (out of ~1000 in the NIS) overnight - the accounts were then disabled by the networking staff pending user "education". Fine until we got the MD's. It was amazing how the MD's convenience outweighed security of entire company computer network :-) Knuckles well rapped for doing the job.
Sorry, couldn't resist.
Reply to
Mike Scott
I did the same thing but manually. The reason was that I just hated to get a phone call at 7AM demanding to know why their login was disabled. I generally set up the lockout for during lunch break and then only a few at a time.
That must have been before HIPAA. The confidentiality requirement put me in partially in charge of security at one medical conglomeration with about 30 doctors and 60 assorted staff members. I got fed up with the password issue so I arranged to have everyone get a security dongle with an X.509 certificate. It also requires a password, but that was just in case someone lost their dongle (which happened literally the first day it was implimented). I tried to go with a OTP (one time password) S/Key systems, but the requirement that it had to be a very fast login killed that plan. The X.509 dongle also had side benifits in that it eliminated the common forgetting to logout security hassle, was also used for 802.1x wireless authentication and single signon for Microsloth and Unix servers, and acts as part of the PKI pretzel for PGP encryption and email authentication.
The secret to long life and staying sane in this business is to never waste energy resisting temptation.
Reply to
Jeff Liebermann
Oooh. I didn't know that was in Windoze 2000. Yep: |
formatting link
like some "issues" were fixed: |
formatting link
|
formatting link
Reply to
Jeff Liebermann
Not sure about earlier MS solutions but IAS in Windows 2000 Server will already happily do EAP-TLS authentications so they have been doing it for a while.
Sander
Reply to
Sander
Well, it _was_, but now that you've published the algorythm, it's practically trivial, isn't it? Well, assuming access to the same 'random seed' anyway. 8*)
Reply to
William P.N. Smith
To generate my passphrases I use an old church hymn book, taking the page number followed by the first letters of the words of one of the verses, followed by the hymn number. This is easy to remember, and I think it would be very hard for anyone to crack.
Reply to
Gordon
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
It can be shown mathematically that any reproducible pattern is bad. There are other ways to remember passphrases. My own method is to keep generating pseudo-random passphrases until I get a memorable acronym.
Reply to
John Navas
Now, we only need to figure out _which_ hymn book :-)
Reply to
Derek Broughton
I think people are a tad overly worried. Should a business be cautious of course, but in your neighborhood in typical America, come on. How many neighbors with Windows computers have any idea how to set up Linux, unpack a couple of tarballs and get one of these cracker programs going (on a laptop with a wireless card supported by the kernal). You people under estimate the hassle of getting set up to do this. Can it be done, yes, but get real why is anyone going to go to these lengths just to leach a little bandwidth off your home network?
fundamentalism, fundamentally wrong.
Reply to
Rico
Which old hymnal? Methodist, Whiskeypalean, Baptist?
fundamentalism, fundamentally wrong.
Reply to
Rico
"Paranoia strikes deep Into your life it will creep It starts when you're always afraid"
(Stepehn Stills)
fundamentalism, fundamentally wrong.
Reply to
Rico
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
"The road to security hell is paved with invalid assumptions." "Overconfidence and complacency are alternate routes to the same destination."
Reply to
John Navas
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
I think you are a tad naive.
Lots of kids.
It's actually trivial, and there are lots of people doing it.
Reply to
John Navas
Well, really, it's pretty darn simple. You could probably find a Live CD that does the whole thing for you. However, most people would probably take advantage of a situation where an available connection simply popped up in Windows, but wouldn't actively seek out such a connection. From posts on this newsgroup, it's obvious that many people actually think such connections _should_ appear when they buy a computer with "wireless Internet"
Reply to
Derek Broughton
Can you provide examples of resendential wireless networks with even WEP much less WPA being cracked? Otheriwse, repeat what you said so I can start laughing.
Can you provide examples of resendential wireless networks with even WEP much less WPA being cracked? Otheriwse, repeat what you said so I can start laughing.
Can you provide examples of resendential wireless networks with even WEP much less WPA being cracked? Otheriwse, repeat what you said so I can start laughing. Should be easy if "there are lots of people doing it."
fundamentalism, fundamentally wrong.
Reply to
Rico
I await you regailling me with actual examples of surburn home wireless home networks being hacked when even the most basic and simplest of security tools have been employed (even a short WEP key maybe the son's first name).
fundamentalism, fundamentally wrong.
Reply to
Rico

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.