Wireless LAN Encryption Standard Broken

doug13 writes: "A Rice University student cracks 802.11x encryption protocol in a week. Here is how he did it." We mentioned the cryptographic paper that underlies this attack a few days ago.

A week is too late

[cygnus]

as far as i know (and this comes from talking to Microsoft engineers about 802.11x implementations for an article) the whole point of 802.11x isn't to secure content, it's to secure access.

the standard wasn't engineered to protect passwords from eventual decryption, etc. instead, it's a way that a network access point can enforce a security policy so that no traffic can get through on the lowest network layers until a client has sufficently authenticated to the access point. so a wireless hub (or even a wired hub) can say "hey, identify yourself!" and the client can say "hey, this is me!" and the hub will go to a authentication server (in Microsoft's case, they say a RADIUS server) and say "hey, is this (so and so)?" and if the authentication server says yes, then the hub will let the client's traffic through.

coupled with that is a protocol where access points can enforce a policy where clients must refresh their encryption keys on a hourly basis. so a network intruder must be able to crack these keys on an hourly basis to gain access to the network. a week is a joke... these 802.11x access points will be through several iterations of keys by the time one is cracked.

(interestingly enough, the protocol also includes provisions for someone who is wandering between wireless access points where one hub can vouch for the user and cause the newer hub to forward their traffic until authentication by the server is achieved, allowing for roaming without the 3 or so second delay that would be necessary for all of this to happen).

the point of all this is that it's not there to secure your cleartext POP password.. 802.11x is there because access points (be they wireless or ethernet or whatever) are becoming more prevalent in our society in public, physically insecure places, so a protocol has to be developed so that network admins can be sure that the right people are using it.

the protocol even allows (given 802.11x aware hardware) that user levels be granted based on the authentication server, so a guest might be allowed restricted gateway access to the Internet but their traffic may be physically restricted from reaching the LAN fileserver, whereas the admin is given the red carpet.

pretty sweet, from an admin perspective.

might be a good thing

[unformed]

Stubblefield's attempt took just under a week, which included the time taken to deliver the card, set up the testbed, perform debug and then finally retrieve the key.

Ouch.
-----
In all honesty though, this -could- be a good thing for us regarding laws. Here's an American graduate student that showed an immense weakness in a standard encryption protocol. Furthermore, he did it for no profit, without violating any copyrights, and while working with AT&T.

This could be very good. People (as in general society) would be a bit leary of Dmitry Skylarov because he is Russian and becuase it was a for-profit venture.

This student, OTOH, broke this w/o profit and without breaking any copyrights.

Hopefully (though I doubt it) this can hit at least semi-mainstream news, or, at a minimum, the ears of lawmakers and security analysts.