Slashdot Mirror
Apple's Airport Upgraded To 128-bit Encryption
ElecMoHwk writes: "Another fine upgrade from Mad Science Research Labs ... Apple's wireless
Airport base station for 802.11 ethernet can be upgraded to 128-bit RC4
encryption. It's an easy fix, but priceless for the paranoid." This is really cool news. I never knew it was just a wireless card in a pretty box. Either way, it's still a cool way to do it. Where would I be without hardware hackers? Thanks, people! I look forward to more of Mad Science Research Labs' stuff in the future.
We only ever bothered with encrypted traffic (unless we had specific instructions to monitor other channels), because our working assumption was that anyone involved in global espionage would be using at least 64-bit RSA and often we found sophisticated multi-level encryption, using stegography, noise-injection techniques, masking, one-time-pads, DES, rot-13 etc etc etc.
Its interesting to note that although we had cracking technology the average Slashdotter would kill for (teradata servers, beowulf clusters, crays, etc), one of our main problems was not the de-cryption per-se, but the interpretation of the data post-hoc. As you can imagine 70% of what we read was not in English (even where it was the natural language of the communicating targets). Which meant that the large burden of translation was on us. For us, that was the real bottleneck, since cracking cyphers is just a matter of time for us with the computing firepower at our disposal.
What Slashdotters might be more interested in is that Echelon is REAL, and that it specifically targets Slashdot . I know for a fact that this supposedly secret 0-day warez trading link was flagged as 'subversive', since a colleague pointed out it had been "noticed" that I was contributing to this forum. The warez issue is interesting since the trade poses a threat to WTO interests.
The so-called trolls are also of particular interest, since there is some evidence to suggest that many of them are in the pay of large US corporations. From a trade perspective, identifing these astroturfers allows other special govt departments to compromise them if need be.
obviously I must remain anonymous.
fascinating thing about this is that once all the data is filtered through a wireless lan, no matter what the encryption is (128 bit) or lower, is that you have wasted 10 seconds reading this post. I have nothing to say.
IF I EVER SEE YOU I MAY OPT TO SHOVEL YOUR DRIVEWAY
Fine, if you have an old 386, an ISA ethernet card. Lucent make an ISA version of their card too, which I spotted on the web for $60.
However, at $299 the Airport is fairly cheap and requires little in the way of setting up. It also comes in a tiny quiet package - few 386s did that - and it's very quiet too.
I for one think it's a pretty cool thing. Nice to see that Apple have pulled themselves together of late.
-- Michael
Of course key testing is going to take a while. It's going to take too bloody long. But it IS feasible to do (with enough hardware, processing time etc).
The card is a No Wires Needed Swallow 550/1100. Is 802.11 compliant, and also supports their own encryption technique (Airlock (TM), uses a public key encryption technique, witht he public key based on the cards MAC-address). I can get at the ESSID's with a simple command I send to the card.
I wrote the Linux driver for it, you can find that on my homepage. The companies page is http://www.nwn.com.
I have a card here that does most of that by itself. I get near a basestation, and it will tell me what essid's I can join. Scrap the recovering essid part. Then I can use my driver, and try out all 2^128 keys. (You were right about the nr. of keys, I made a brainfart in that) Since I have access to the driver (you normally do under Linux), it isn't exactly infeasible to get the key. I never said it was going to be easy... :) I'd still have to attack the wep-key (with either brute-force or otherwise, I'm not a cryptographer), but with the equipment I have here the first two steps are a no-brainer.
Yes, that affects the level of security. If you use a 56 bit key, you only get 56 bit encryption.
A 128 bit key will definately help, but unless you change your key once in a while, it won't help you that much. Afaik the algorithm doesn't change the key itself.
How about just doing a brute-force attack using a couple of laptops with WaveLAN cards? Of course it'll take some time, but unless you change your key every other day/week or so, it won't buy you anything. All the hardware is compatible (Long Live 802.11 :), and does work together... Just find out the session (ESSID), and try all 128^2 keys out on it. When you're in, you're in, untill the next time they change the WEP key.
Nope, I guess some people don't realize there's delays on the net. (BTW, first post from Ontario I hope )
I don't know how Apple managed to screw up something as simple as an auto software update, but they managed. VersionTracker has a link to a SMI of the update. So it is out. I notice no change, but it is out.
Insert wit here.
puhleeze, in my day we had to walk 40 miles uphill in the snow just to scrounge the landfill for the very parts to make our home-made oscilloscope. =)
Intercarve Networks, LLC
Is there a way of changing the algorithm itself? Like say, IDEA or Blowfish?
(Unfortunately the client cards, only US$99, are not usable except in iBooks and bronze-keyboard Powerbooks, which have an antenna integrated into the chassis.)
Actually, all currently shipping Macs support the AirPort card, including the iMac (Slot Loading) and Power Mac G4 (AGP Graphics) models.
Apple has a Tech Info Library Article on using third-party wireless cards (such as the Lucent WaveLAN or Farallon SkyLINE) with older Macs on the AirPort system. This article also clarifies which Macs work with the AirPort card and what third-party wireless cards will be compatible with the AirPort system on Macs and PCs.
For more info about AirPort, check out Apple's AirPort Site or go to their Tech Info Library and search on "AirPort".
I have a question... If the encryption is 128bit but the key is only 56bit does that affect the level of security? Can someone fill me in a little on this one.
Nathaniel P. Wilkerson
NPS Internet Solutions, LLC
www.npsis.com
Nathaniel P. Wilkerson
www.haidacarver.com
Apple sponsors world terrorism? disgraceful. steve jobs should be arrested for being anti-american.
...or be working on really hush-hush stuff at home that you expect to have someone "sniffing" for industrial espionage reasons...
BlackNova Traders
This is the just the scarry thing that W.A.V.E article was about, anybody doing anything not regarded as 'normal' is a suspect.
Grtz, Jeroen
Secure messaging: http://quickmsg.vreeken.net/
But go ahead, let the nsa monitor you 24/7 and give away every right you have if you want to feel save......
Grtz, Jeroen
Secure messaging: http://quickmsg.vreeken.net/
Grtz, Jeroen
Secure messaging: http://quickmsg.vreeken.net/
Yes it is possible to use just two cards. Place them in "ad hoc demo mode" and they will chat to each other quite happily.
C.Burgess - email:colvinb@airnet.com.au
Data encryption in this world just keeps moving onto more and more battles. Is there acutally an encryption algorithm that is impossible to be broken and actually prevents hacks from extracting the encryped data? Why do we need enryption, everyone asks? We need encryption on everything! Encryption guards people's personal data on financial information, encryption makes data transmission more reliable, it distinguishes received data for propper verification from fragmentation and corruption, and probabley its most needed use, to prevent the illegal circulation of copyrighted material. Is there an unhackable encryption method? I have seen SSL broken. I, however, have not seen PGP broken. A good story behind PGP is that a man in China created it. It was said to be so security-tight that he was endited by the United States Government under many lawsuites. His crime? The United States Government could not scan the encrypted messages of the people whose eMail messages it was screening for information. Data encryption is needed most in our world. Noone should leave slashdot thinking that only bad people use it becausee they have something to hide. It is for the good and the bad. It is like a gun. It can be used for good and evil. Yet, all it does is conceal data that the user may deem sensitive. Many encryptions aree being created today for the sole puprose of being broken into. Nowadays, if the authorities want to know moree information about you, they can find out what your are using to encrypt the data, go to the creator of the encryption algorithm, reequest documention or a special screening program, and wham. You have been broken into. Data theft has occurred. It is mainly a conspiracy to get your data. For example, do you have a Yahoo or Hotmail eMail address? In general, do you have any eMail content being stored? Well, such organizations and companies scan your eMail for information on you. They figure out how to advertize to you based upon your interests, anticipate whether you will close your account with them, and help law officials track you for anarchist and illegal activity. If know friends who have typed the following and have had an FBI agent at their door the next moring, questioning their activities... Kill assassinate pot tequilla dogknitting shit Bill Clinton needle factory children atomic Polish Handgrenade nitro tnt works hate Bill Clinton President rueger NRA glock ammendment Not only do we need to preserve our right of privacy, but we must understand that the same people who enforce laws and build encryption algorithms will steal our data. The internet was the government's biggest deception to us. They knew that the private sector would take it over and improve it. They just didn't know, until today, how easy it is to steal our information and how good a creation they have. Good luck to you all in your concealments. May you have many countless hours of monitored activity at the hands of the twisted and perverse.
without prejudice
Why is apple's 802.11 products cheaper(basestation/cards)??? Is it a different implementation of 802.11 (frequency-hopping???)
Emmet, what the HELL are you doing awake?? Go to bed!!
-
Wasn't really trying to be funny, just letting my mind wander whilst I wiped the coffee off my laptop :)
:)
I know the recent Macs have shipped with various 9.0.x builds, it's just the recent 9.0.4 is out, no it isn't, I downloaded it, my software update doesn't see it, mine does, what update?, it's up,no it ain't, I've been having nothing but positive thoughs about that OS upgrade all day, confusion
Troc
Troc's dubious podcast and blog: http://www.trocnet.net
I love it when I can spend $150 on geek toys and have my wife appreciate it!
---
Key testing is going to take a while too over 1Mb/s which is the speed at which the WLAN authentication is done. :) Unless you capture a packet and try to decode it brute force. Either way, hope you have a few hundred years or a very large supercomputer.
I am curious to know what brand card you have. I haven't seen one that lists ESSID's! Please let me know. Thanks,
~GoRK
Well actually, what you have just described is three (maybe four) seperate attacks. First, you need the ESSID to talk on the WLAN before you can even authenticate. The ESSID is not too difficult to discover if you have physical access to another piece of equipment on the network (especially with the apple stuff), but if you have to crack it, it's similar to a password attack. Then you need the WEP keys for auth. The WEP keys are usually password protected in the configuration software, so unless you desolder the EEPROM and read the contents out, you will have yet another password to crack. Finally, after you are authenticated with WEP then you will have to break the stream cypher. Oh, and by the way, it's 2^128 keys not 128^2. Your number of keys falls short by about 3.4 x 10^38. And brute-forcing WEP is going to be a pair of 56 bit keys if you have to do that. Needless to say, your'e going to spend quite a while breaking into this one. And this is why wireless is more secure than wireline, even without stream encryption. Funny how banks seem to get really paranoid when we tell them that stream crypto isnt really necessary on their wireless links when they aren't requiring wireline crypto on their leased lines. Of course, explaining the whole mess to them usually gets me a nice sale of some 3DES routers :)
The $60 is just for an PCMCIA controller that attaches to the ISA bus. You place a (separately purchased) WaveLAN PCMCIA card on there. You can find cheaper PCMCIA controllers that give you two or more slots, for instance the PC-700 (I forget the company name, but just search on buy.com) works great with Linux and a WaveLAN card for $50.
/ \
\ / ASCII ribbon campaign for peace
x
/ \
that the recent upgrade to MacOS 9.0.4 is to avoid hassles with the OS-9
I know you're trying to be funny, but my G4 shipped with 9.0.2, so it's a moot point.
Pope
It doesn't mean much now, it's built for the future.
I'm pretty sure this will not thwart the NSA, but if you want to secure your SMB traffic from the other %99.9 of the population, you might just slap a cheap Linux box next to your Windows system, connect them via Ethernet, and install sslproxy. Then you can tunnel your Samba traffic with SSH
Actually, choosing a long random ESSID will probably thwart better 99.9% of the population, since without the ESSID you need to set up special receiver hardware and software to monitor all frequencies in the band simultaneously. Because of this, wireless is more secure in most environments than wired networks. I use OpenSSH over my cable modem connection because any idiot can set up packet sniffing software on a wire. However without the ESSID, you can't sniff packets off 802.11 just by having a compatible card. I doubt you could even sniff a single 802.11 packet without special hardware.
The remaining modicum of security you get by encrypting packet would only make sense if you were concerned about a determined enemy with considerable technical resources. In that case, you'd better have some pretty good physical security against black bag jobs too.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
http://dailynews.yahoo.com/h/cn/20000406/tc/200004 06121.html
Intel's HomeRF standard only handles 2 Mbs, though they do make a business product that supports 802.11B. Article points out that this makes no sense for notebook users that would have to have seperate cards for work and home.
Work for Change & GET PAID!
I also have an extensive Aviator 2.4 setup at home.
;-)
If I were trying to hide my SMB traffic from the NSA, then I'd be out of luck without WEP, though
You can tunnel SMB over SSH between two Linux boxen. I understand your Windows system mounts the SMB shares directly from the Linux box, and since there are no SSH SMB clients for Windows easily available, you're right. In my setup, I have a Windows box upstairs which needs to access the Linux box downstairs, but there also happens to be a Linux box upstairs too. The Linux boxes are connected with a wireless link, and all SMB traffic is tunneled over SSH, with sslproxy. The connection between the Linux and Windows boxes is plain Ethernet, so no unencrypted SMB traffic goes over the wireless line.
I'm pretty sure this will not thwart the NSA, but if you want to secure your SMB traffic from the other %99.9 of the population, you might just slap a cheap Linux box next to your Windows system, connect them via Ethernet, and install sslproxy. Then you can tunnel your Samba traffic with SSH.
--
BluetoothCentral.com
A site for everything Bluetooth. Coming soon.
Zigbee Central: A Zigbee weblog
Is it possible to just get two cards, put them in two computers, and link the two machines? In other words is the base unit needed for anything other than connection to the main network?
After all, I already have a Linux firewall machine on my network: adding a wireless NIC to it would be child's play.
www.eFax.com are spammers
There is a wireless network how-to that shows you how to hack Proxim Symphonys for a better antenna and higher power.
Well I assume it uses rolling codes, so unless you intercept the data, save it and decrypt it later on using your supercomputer, cluster or pet distributed client etc, the data will change too quickly for you to crack it (using current technology)
Encryption works as long as the data expires before the meantime to decrypt - i.e. if your data is sensitive for 10 years, make sure you use a key that'll take a minimum of >10 years to crack.
Troc
Troc's dubious podcast and blog: http://www.trocnet.net
Cupertino, 5/4/00.
Apple today announced that despite the recent 'upgrade' by certain airlines, their Airport would still operate on the official 40bit system. Any systems attempting to land at the Airport with a 128bit airplane would be refused permission, even if they are painted a really cool pale blue colour.
"We are considering taking them to court over this one - after all, these new airlines look and feel just like our own so who is going to know which is the real one?" Steve Jobs was quoted as saying.
In other news, Apple have deniew rumours that the recent upgrade to MacOS 9.0.4 is to avoid hassles with the OS-9 trademark issue.
We also telephoned Steve Jobs to enquire about the recent Microsoft ruling but all we heard was insane giggling.
Troc's dubious podcast and blog: http://www.trocnet.net
it uses SNMP though so other software should be usable. The author mentions that the Karlbridge software for Windows does everything right.
Not quite. The Karlbridge firmware is what Apple installed in the AirPort Base Stations. However, the Windows KarlBridge configurator cannot completely provision an AirPort Base Station. You cannot set up NAT or DHCP with it, and you cannot control the encryption modes.
The reason for this is: Apple (and the folks who made the KarlBridge) did some nasty stuff with the configuration. Yes, the base station responds to SNMP. However, the MIB tree via which the BS is configured is a set of 64 256-byte strings with shecksumming. To make matters worse, people are having to reverse-engineer how Apple mapped out those strings, and how the checksumming's being done.
I have been working on this for a while, as has a friend of mine (who I believe was linked to on the MSRL page against his wishes. That info is old and invalid -- people should not use it). There is working code that allows one to change most of the configuration options, but not NAT or DHCP, nor encryption. The reason for the problems with encryption is that Apple didn't follow the WEP standards, and has some unique algorithm for generating the WEP keys. They supposedly corrected this in v1.1 of the Base Station firmware, but I've yet to verify that.
.@.
I recently installed the Aviator 2.4 GHz card from WebGear. It's quite a bit slower (2 Mb/s signal rate, 1.5Mb/s) but has longer range (500 vs 100 ft) than WaveLAN. In any case it's cheaper than WaveLAN and very adequate for most purposes, especially Internet sharing.
;-)
The Aviator card is available in three different versions:
WebGear Aviator2.4
WebGear AviatorPRO
Raytheon Raylink
These are all the same card, but come with different drivers. I am using the Raytheon driver on my Windows laptop with the Aviator2.4 card. The Aviator 2.4 driver only supports peer to peer mode; The AviatorPRO and Raylink can talk to a wireless access point (basically an Ethernet to 802.11 bridge). Supposedly the AviatorPro is will do WEP, but since the Raylink driver doesn't support this yet, I doubt the AviatorPro does yet. The Linux driver does not support WEP IIRC. When it does, and the Windows version of the raytheon driver does, then you can have WEP too (the latest Linux WaveLAN driver DOES have WEP).
However, lack of driver level support is no big deal. First of all, it ain't easy to intercept spread spectrum communications unless you can guess the ESSID the stations are using, and even then it's not something for casual snoopers. Second, I personally use OpenSSH instead of telnet and you can forward your X using OpenSSH and get your choice of blowfish or triple DES. For windows boxes most of my sensitive web traffic goes over https if it isn't using SSH to a Unix box. If I were trying to hide my SMB traffic from the NSA, then I'd be out of luck without WEP, though
I set the cheap Aviator cards up with a linux box with IPChains and a new subnet and bingo -- I have a perfectly functional network that is highly secure when I need it to be. I got a pair of aviators with a ISA PC Cards for 169.95; this is the cheapest way to get a pair of them. Don't get your Linux drivers from WebGEAR, however. The driver is included in the latest pcmcia packages. I initially had a big headache getting this thing working with RH 6.1, but when I decided to upgrade to pcmcia-cs-3.0.14-22 the card configured itself cleanly and worked like a charm.
I suppose you could also set up your
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I'm using Lucent's Silver WaveLAN card with Apple's AirPort base on my FreeBSD laptop (IBM ThinkPad 600E). I don't know about the 3Com or Cisco cards, but the Silver WaveLAN was ~$150 from all the places I priced it. For $299 ($281 if you're at an .edu) and $150 for the card, it's a pretty good deal.
OK, so I want some wireless ethernet, but I don't have an Apple... the 3Com and Cisco wireless cards look pretty good, and not completely unreasonable at $250 each (see this article), but the "wireless hubs" cost over $1000 each!!! Does anyone know for sure if one of those swank Apple $300 Base Stations will work with a Cisco or 3Com wireless card?
- - - - -
- - - - -
automatictaxistopelectriccigarettelovebaby
The things really do work awfully well. Very handy when setting up new headless machines for me to telnet into the console server from a laptop over the wireless net and then be able to carry around the console terminal if I need to go back to fiddle with the hardware... without losing my console session and having to continually connect back in.
One thing the author didn't quite explain is that there are more reasons than the lack of an integrated antenna that the AirPort cards will not work in machines other than late model Apple machines. The bus is weird. The AirPort card actually sits on an ATA bus!
One final interesting AirPort hint is that if you have an older Mac and want to use the Lucent card with it under MacOS, you can use the AirPort 1.1 software with it instead of the drivers Lucent provides, which seem to be shoddy in our experience here (they really mess up the system on MacOS 9 since it somehow manages to install the 68k version of the driver by mistake).