ALERT: WPA can be less secure than WEP


SUMMARY:
WPA-PSK is vulnerable to attack, and can be even worse than WEP!
TO AVOID THE PROBLEM:
USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples:
BAD: "vintage wine"
GOOD: "floor hiking dirt ocean"
(pick your own words, even longer is better)
BACKGROUND:
Weakness in Passphrase Choice in WPA Interface
By Glenn Fleishman
By Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of TruSecure Corp

...
The offline PSK dictionary attack
...
Just about any 8-character string a user may select will be in the
dictionary. As the standard states, passphrases longer than 20 characters
are needed to start deterring attacks. This is considerably longer than
most people will be willing to use.
This offline attack should be easier to execute than the WEP attacks.
...
Using Random values for the PSK
The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large
number for human entry; 20 character passphrases are considered too long
for entry. Given the nature of the attack against the 4-Way Handshake, a
PSK with only 128 bits of security is really sufficient, and in fact
against current brute-strength attacks, 96 bits SHOULD be adequate. This is
still larger than a large passphrase ...
...
Summary
...
Pre-Shared Keying is provided in the standard to simplify deployments in
small, low risk, networks. The risk of using PSKs against internal attacks
is almost as bad as WEP. The risk of using passphrase based PSKs against
external attacks is greater than using WEP. Thus the only value PSK has is
if only truly random keys are used, or for deploy testing of basic WPA or
802.11i functions. PSK should ONLY be used if this is fully understood by
the deployers.
See also:
Passphrase Flaw Exposed in WPA Wireless Security

Wi-Fi Protected Access. Security in pre-shared key mode

Cracking Wi-Fi Protected Access (WPA)


WPA Cracker

Reply to
John Navas
Loading thread data ...
Even better would be: reoieut v3406#$%*%%FDHF)_+!#RH FHR7FDHJEIDF
Reply to
Richard Blaine
On Fri, 21 Jul 2006 17:51:32 -0400, "Richard Blaine" wrote in :
Yes and no:
Yes in that it a random passphrase is more secure for a given passphrase length, although a long word-based passphrase (32+ characters) is sufficiently secure to be uncrackable in our lifetimes.
No in that it's very hard to transcribe random characters to different devices, increasing errors and frustration, and making it more likely that the user will either write it down or not bother, making matters worse.
That's why I personally use and recommend long diceware word passphrases (32+ characters).
Reply to
John Navas
| On Fri, 21 Jul 2006 17:51:32 -0400, "Richard Blaine" | wrote in | : |
|>> SUMMARY: |>> |>> WPA-PSK is vulnerable to attack, and can be even worse than WEP! |>> |>> TO AVOID THE PROBLEM: |>> |>> USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples: |>> BAD: "vintage wine" |>> GOOD: "floor hiking dirt ocean" |>> (pick your own words, even longer is better) | |>Even better would be: reoieut v3406#$%*%%FDHF)_+!#RH FHR7FDHJEIDF | | Yes and no: | | Yes in that it a random passphrase is more secure for a given passphrase | length, although a long word-based passphrase (32+ characters) is | sufficiently secure to be uncrackable in our lifetimes. | | No in that it's very hard to transcribe random characters to different | devices, increasing errors and frustration, and making it more likely | that the user will either write it down or not bother, making matters | worse. | | That's why I personally use and recommend long diceware word passphrases | (32+ characters).
How about extra long phrases with words chopped to get it down to some size with a bit more entropy?
Example: a wel reg mil bei nec to the sec of a fre sta the rig of the peo to kee and bea arm sha not be inf
OK, well, I ruined one prefectly good phase by posting it :-) OTOH, the source of this one is probably already used by a lot of people.
Reply to
phil-news-nospam
What's wrong with using copy-paste? Steve Gibson's site has a passphrase/hex generator:
formatting link
(I know you don't like Steve, but he is an internet institution).
Vista is reported to come with a password manager. Of course Mac OS has had one for years, since OS 9.
Reply to
Axel Hammerschmidt
On Sat, 22 Jul 2006 14:18:41 +0200, snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in :
Takes more than that to configure multiple network devices.
One of my favorite boondoggles was a client that used a USB drive to configure its networks, and then the key came up missing.
Secure diceware word passphrases are much easier to remember and use.
Snake oil doesn't work no matter how much it's hyped; much of the hype is clearly baloney; there's no peer review or any other validation; and truly good alternatives are readily available.
Password Safe. Originally created by noted cryptographer Bruce Schneier of Counterpane Labs, it's open source and free, and has been subjected to extensive peer review.
Reply to
John Navas
: SUMMARY: : : WPA-PSK is vulnerable to attack, and can be even worse than WEP! : : TO AVOID THE PROBLEM: : : USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples: : BAD: "vintage wine" : GOOD: "floor hiking dirt ocean" : (pick your own words, even longer is better) : etc.
This is just a hysterical way of restating the old adage that you shouldn't choose a passphrase that's easily guessed. The preamble to the U.S. Constitution is plenty long, but isn't a good passphrase. But if the phrase is both long and nonsensical, it will be plenty good enough. (Example: "George W. Bush, one of the most intelligent presidents in American history, is renowned for his willingness to listen to the advice of others.")
I recently read an article (maybe it's one of the ones John cites) that breathlessly explained that if you choose a WPA passphrase that's merely long but not truly random, you reduce the computing time needed to crack it by a factor of ONE MILLION!! But it turned out that the reduction was from 100,000,000,000,000,000,000,000 times the age of the known universe to merely 100,000,000,000,000,000 times. Duh.
Reply to
Robert Coe

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.