ALERT: WPA isn't necessarily secure

SUMMARY:

WPA-PSK is vulnerable to offline attack.

TO AVOID THE PROBLEM:

USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples: BAD: "vintage wine" GOOD: "floor hiking dirt ocean" (pick your own words, even longer is better) FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS.

BACKGROUND:

Weakness in Passphrase Choice in WPA Interface By Glenn Fleishman By Robert Moskowitz Senior Technical Director ICSA Labs, a division of TruSecure Corp

... The offline PSK dictionary attack ... Just about any 8-character string a user may select will be in the dictionary. As the standard states, passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use.

This offline attack should be easier to execute than the WEP attacks. ... Using Random values for the PSK

The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large number for human entry; 20 character passphrases are considered too long for entry. Given the nature of the attack against the 4-Way Handshake, a PSK with only 128 bits of security is really sufficient, and in fact against current brute-strength attacks, 96 bits SHOULD be adequate. This is still larger than a large passphrase ... ... Summary ... Pre-Shared Keying is provided in the standard to simplify deployments in small, low risk, networks. The risk of using PSKs against internal attacks is almost as bad as WEP. The risk of using passphrase based PSKs against external attacks is greater than using WEP. Thus the only value PSK has is if only truly random keys are used, or for deploy testing of basic WPA or 802.11i functions. PSK should ONLY be used if this is fully understood by the deployers.

See also: Passphrase Flaw Exposed in WPA Wireless Security

Wi-Fi Protected Access. Security in pre-shared key mode

Cracking Wi-Fi Protected Access (WPA)

WPA Cracker

Reply to
John Navas
Loading thread data ...

FWIW:

I know some here are not thrilled with Steve Gibson, but he has a password generating function on his site that might be useful:

formatting link

It gives you somthing like this:

63 random printable ASCII characters:

$lH`aw

Reply to
Peabody

On Mon, 04 Dec 2006 23:59:11 -0600, Peabody wrote in :

Really, really bad idea. Steve Gibson (aka GRC) is a shameless snake oil salesman with no real expertise in security who has been discredited numerous times (e.g., ), and the password generator on the GRC site is of dubious quality, value and real security.

Instead use:

  • Diceware words
  • Good open source, peer-reviewed software like Password Safe, originally created by noted cryptographer Bruce Schneier
Reply to
John Navas

What do you think of Paris Hilton?

Reply to
Axel Hammerschmidt

On Wed, 6 Dec 2006 00:46:57 +0100, snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in :

Slut? ;)

Reply to
John Navas

So what? Snakeoil salesmen can still tell truths, you just have to be careful. Plus Navas J aint exactly innocent of oleaginosity.

rrrrrrrrrrr.

Reply to
Mark McIntyre

On Wed, 06 Dec 2006 11:31:42 +0000, Mark McIntyre wrote in :

"Even a stopped clock is right twice a day?" But of course not terribly useful. ;) Especially in a critical area like security. There's no way to be careful about the GRC password generator other than not using it.

Reply to
John Navas

This is bull shit.

Reply to
Axel Hammerschmidt

Despite your disdain for Steve Gipson, using WPA-PSK (AES) or WPA2, how long would it take a hacker to wirelessly hack into a network using the passphrase listed by the previous poster? I believe the passphrase is:

$lH`aw

Reply to
Doug Jamal

On Wed, 6 Dec 2006 19:39:41 +0100, snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in :

Oh really? Has it been independently certified? (No.) Have you personally verified the code, and know for sure it hasn't been hacked or otherwise compromised? (No.) In other words, what I wrote is correct.

From a prior post:

------------------------------------------------------------------------ Because it's only as secure as the trustworthiness of the website, which is completely unknown. Even if GRC is trustworthy (including every last person with access, something impossible to ascertain), you have no way of knowing if the site itself has been compromised. Notwithstanding that, Steve uses lots of wild and misleading hyperbole (as usual):

"Ultra High Security"

"totally random"

"perfect and safe"

"Every one is completely random (maximum entropy) without any pattern, and the cryptographically-strong pseudo random number generator we use guarantees that no similar strings will ever be produced again."

"Also, because this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection, and it is marked as having expired back in 1999, this page which was custom generated just now for you will not be cached or visible to anyone else."

"... derived from the highest quality mathematical pseudo-random algorithms known. In other words, these password strings are as random as anything non-random can be."

"Since the passwords used to generate pre-shared keys are configured into the network only once, and do not need to be entered by their users every time, the best practice is to use the longest possible password and never worry about your password security again."

These things are either unknowable or outright false, often self-contradictory, so he's either a charlatan or an idiot, take your pick.

That last part ("never worry about your password security again") sends shudders down my spine.

-----------------------------------------------------------------------

Reply to
John Navas

On Wed, 06 Dec 2006 18:48:24 GMT, "Doug Jamal" wrote in :

Reply to
John Navas

Has: "floor hiking dirt ocean"? (No).

In other words, bull shit.

Reply to
Axel Hammerschmidt

Reply to
Doug Jamal

On Wed, 6 Dec 2006 21:44:50 +0100, snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in :

Actually yes -- diceware words have been peer reviewed.

You are obviously the best judge of your own posts.

Reply to
John Navas

On Wed, 06 Dec 2006 21:18:06 GMT, "Doug Jamal" wrote in :

Too long to matter. Your point?

Reply to
John Navas

You often advocate the use of dice words as a passphrases to ward off WPA attacks. Correct? The use of dice words are a great idea, in my opinion. Still, the poster, as I understood it, was basically offering a different means of creating passphrases using a passphrase generator and he mentioned the one from the GRC website as an example. You proceeded to attack the credibility of Steve Gibson as well as the passphrase generator used on the GRC website. I've stated many times in the past that I prefer long nonsense passphrases similar to the one that was posted in this thread. My Point? Password generators are fine for people who prefer to use them, even the one from the GRC website as long ad they are long and makes no sense. The typical home wireless user is concerned with freeloading neighbors and wardrivers. Unless Ithey have something specific and really important, the casual hacker is not going to waste his or her time trying to crack my long nonsense passphrase, whether it was generated using the GRC generator or not when he or she can quickly and easily find an available OPEN wireless networks. In reference to Steve Gibson, I know very little about the man and the same goes for the people who run the website,

formatting link

Reply to
Doug Jamal

Perhaps if he used an IEEE definition of security metrics.

If any hardware device generates it, its not random. An exception would be using the noise pulses off of a backward biased Zener diode as a code generator.

"pseudo random number" contradicts the above "totally random".

Snoop proof, huh? And what if the caching program ignores expiration dates?

Again..."random as anything non-random can be" is not totally random.

Warning...run away...run away!

---------------------

Always got a laugh about Steve's "nanoprobes"

formatting link

Reply to
decaturtxcowboy

You're a flea f****ng idiot.

Reply to
Axel Hammerschmidt

In one of his podcasts he said that he subscribes to a service provided by RSA Security, which I assume provides the values he uses in real time.

I'm the OP on the Gibson part of this, and I didn't intend to start a big argument. The idea was just to point out that you don't have to use recognizable words in the passphrase, or a passphrase that you can remember, but that instead it could be any sequence of printable characters. You can put that into a file which you burn to a CDR, and copy/paste from that to set up the other computers.

Those who don't trust Gibson's phrases could re-arrange them, or just make one up, or maybe let your cat walk around on the keyboard and select any 63 characters he/she produces.

In any event, 63 characters of un-intelligible non-rememberable garbage is gonna give you a pretty strong passphrase.

Well, unless the brute-force crack starts at or near the right place. I mean, the cracker could get lucky. But if he doesn't, then we could reserve a table at The Resaurant at the End of the Universe, and sip on some fine pinot noir until the crack completes. Ok, maybe not that long, but long enough.

Reply to
Peabody

On Thu, 07 Dec 2006 00:29:17 GMT, "Doug Jamal" wrote in :

Also way longer than necessary, or advisable.

For a truly random password drawn from all 96 printable ASCII characters, a length of 10 characters is more than sufficient to defeat attacks in the foreseeable future.

With a more usable 64 character set, a length of 12 characters is more than sufficient. (This is what I use.)

The use of significantly longer passwords tends to actually _decrease_ security -- see "Passwords Are Near the Breaking Point" :

Mitigating authentication weaknesses by increasing password length and complexity will reduce security if passwords are pushed beyond the peak of their effectiveness. They are approaching this point now.

Correct. Dice are a simple, cheap hardware generator of very random numbers, much better than the vast majority of computer algorithms, and words are much easier to use than random passwords, and thus tend to increase security.

Using a _good_ password generator is one thing; using GRC is something else entirely.

I strongly disagree. I've likewise stated many times in the past that it's better to use a good open source, peer reviewed password generator like Password Safe, originally created by noted cryptographer Bruce Schneier, than to rely on a unvalidated shameless huckster and charlatan like Steve Gibson, or on any web-based generator for that matter. Since true security is free and easy, and since security is so important and so often screwed up (as in the case of WEP), it makes no sense whatsoever to take chances.

With all due respect, that's dangerously naive. Regardless, do whatever you want for your own security, but don't presume to give out (bad) advice when you admittedly know so little about the subject.

Then you should actually be recommending _against_ GRC, at least until you can come up with something a lot more credible than Steve's shameless and patently wrong self-promotion. It makes no sense whatsoever to take security on faith.

Irrelevant. That's just a critique, not a competing resource, and there's lots of confirmation of that critique, including my own.

Reply to
John Navas

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.