Slashdot Mirror
Researchers Claim to Crack 802.1x WiFi
satsujin writes: "Researchers from the University of Maryland have released a paper on the weaknesses found in the 802.11x protocol. It looks like it might not be as strong as Cisco has contended."
← Back to Stories (view on slashdot.org)
will ownjo in only a matter of time.
once upon a time, i fucked a bear, it wasnt a real bear it was a faggio who called himself a bear. tat is my tale of forest porn.
Propz to all dead Joanie, blahblahblah, happy days krew, of course, i am donny most, tv's beloved ralph malph alpha of happy DAYS FAME.
_________________
EBAY SAFETY TIPZ!
With time, everything gets broken. The world's hackers (and even our crackers) are just too good. There are too many smart minds out there trying to solve the million puzzles like this that someone WILL find a way.
...has alot more info on the security issues concerning this protocol.
The Unofficial 802.11 Security Web Page
Hey, I have a lot of respect for all you guys who like to eat pussy because there are too few of you out there. And I'm not the only woman who says this. Furthermore, some of you guys who are giving it the old college try are not doing too well, so maybe this little lesson will help you out. When a woman finds a man who gives good head, she's found a treasure she's not going to let go of him too quickly. This is one rare customer and she knows it. She won't even tell her girlfriends about it or that guy will become the most popular man in town. So, remember, most guys can fuck, and those who can usually do it satisfactorily, but the guy who gives good head, he's got it made.
Most women are shy about their bodies. Even if you've got the world's most gorgeous woman in bed with you, she's going to worry about how you like her body. Tell her it's beautiful, tell her which parts you like best, tell her anything, but get her to trust you enough to let you down between her legs. Now stop and look at what you see.
Beautiful, isn't it?
There is nothing that makes a woman more unique than her pussy.
I know. I've seen plenty of them. They come in all different sizes, colors and shapes; some are tucked inside like a little girl's cunnie and some have thick luscious lips that come out to greet you. Some are nested in brushes of fur and others are covered with transparent fuzz. Appreciate your woman's unique qualities and tell her what makes her special. Women are a good deal more verbal than men, especially during love-making. They also respond more to verbal love, which means, the more you talk to her, the easier it will be to get her off. So all the time you're petting and stroking her beautiful pussy, talk to her about it.
Now look at it again.
Gently pull the lips apart and look at her inner lips, even lick them if you want to. Now spread the tops of her pussy up until you can find her clit. Women have clits in all different sizes, just like you guys have different sized cocks. It doesn't mean a thing as far as her capacity for orgasm. All it means is more of her is hidden underneath her foreskin.
Whenever you touch a woman's pussy, make sure your finger is wet. You can lick it or moisten it with juices from inside her. Be sure, by all means, to wet it before you touch her clit because it doesn't have any juices of its own and it's extremely sensitive. Your finger will stick to it if it's dry and that hurts. But you don't want to touch her clit anyway. You have to work up to that. Before she becomes aroused, her clit is too delicate to be handled.
Approach her pussy slowly. Women, even more so than men, love to be teased. The inner part of her thigh is her most tender spot. Lick it, kiss it, make designs on it with the tip of your tongue. Come dangerously close to her pussy, then float away. Make her anticipate it.
Now lick the crease where her leg joins her pussy. Nuzzle your face into her bush. Brush your lips over her slit without pressing down on it to further excite her. After you've done this to the point where your lady is bucking up from her seat and she's straining to get more of you closer to her, then put your lips right on top of her slit.
Kiss her, gently, then harder. Now use your tongue to separate her pussy lips and when she opens up, run your tongue up and down between the layers of pussy flesh. Gently spread her legs more with your hands. Everything you do with a woman you're about to eat must be done gently.
Tongue-fuck her. This feels divine. It also teases the hell out of her because by now she wants some attention given to her clit. Check it out. See if her clit has gotten hard enough to peek out of its covering. If so, lick it. If you can't see it, it might still be waiting for you underneath. So bring your tongue up to the top of her slit and feel for her clit. You may barely experience its presence. But even if you can't feel the tiny pearl, you can make it rise by licking the skin that covers it. Lick hard now and press into her skin.
Gently pull the pussy lips away and flick your tongue against the clit, hood covered or not. Do this quickly. This should cause her legs to shudder. When you sense she's getting up there toward orgasm, make your lips into an O and take the clit into your mouth. Start to suck gently and watch your lady's face for her reaction. If she can handle it, begin to suck harder. If she digs it, suck even harder. Go with her. If she lifts her pelvis into the air with the tension of her rising orgasm, move with her, don't fight her. Hang on, and keep your hot mouth on her clit. Don't let go. That's what she'll be saying too: 'Don't stop. Don't ever stop!'
There's a reason for that - most men stop too soon. Just like with cock sucking, this is something worth learning about and worth learning to do well. I know a man who's a lousy fuck, simply lousy, but he can eat pussy like nobody I know and he never has trouble getting a date. Girls are falling all over him.
But back to your pussy eating session...There's another thing you can do to intensify your woman's pleasure. You can finger-fuck her while she's enjoying your clit-licking talents. Before, during or after. She'll really like it. In addition to the erogenous zones surrounding her clit, a woman has another extremely sensitive area at the roof of her vagina. This is what you rub up against when you're fucking her. Well, since your cock is pretty far away from your mouth, your fingers will have to do the fucking.
Take two fingers. One is too skinny and three is too wide and therefore can't get deep enough. Make sure they're wet so you don't irritate her skin. Slide them inside, slowly at first, then a little faster. Fuck her with them rhythmically. Speed up only when she does. Listen to her breathing.
She'll let you know what to do. If you're sucking her clit and finger-fucking her at the same time, you're giving her far more stimulation than you would be giving her with your cock alone. So you can count on it that she's getting high on this. If there's any doubt, check her out for symptoms. Each woman is unique. You may have one whose nipples get hard when she's excited or only when she's having an orgasm. Your girl might flush red or begin to tremble. Get to know her symptoms and you'll be a more sensitive lover.
When she starts to have an orgasm, for heaven's sakes, don't let go of that clit. Hang in there for the duration. When she starts to come down from the first orgasm, press your tongue along the underside of the clit, leaving your lips covering the top. Move your tongue in and out of her cunt. If your fingers are inside, move them a little too, gently though, things are extremely sensitive just now.
If you play your cards right, you'll get some multiple orgasms this way. A woman stays excited for a full hour after she's had an orgasm. Do you realize the full impact of that information? The potential? One woman was clocked at 56 orgasms at one sitting. Do you know what effect you would have on a woman you gave 56 orgasms to? She'd be yours as long as you wanted her.
The last advice I have for you is this: After you've made her come, made her your slave by giving her the best head she's ever had, don't leave her alone just yet. Talk to her, stroke her body, caress her breasts. Keep making love to her quietly until she's come all the way down. A man can get off and go to sleep in the same breath and feel no remorse, no sense of loss. But a woman by nature requires some sensitivity from her lover in those first few moments after sex.
Oral sex can be the most exciting sexual experiences you can have. But it's what you make it. Take your time, practice often, pay attention to your lover's signals, and most of all, enjoy yourself.
The G-Spot
This does exist. And in over half of the women out there, it works better than anything else you can do to cause a strong, prolonged orgasm. The original name is the Grafenberg spot, after a doctor, Earnest Grafenberg, who documented the area (which may have been known by people here and there throughout history) in the fifties.
This "spot" is a small "mound" of tissue inside the vagina, between a penny and quarter in size, which responds to being pressed upon. It's almost certainly not the skenes glands, (which are located around the urethra, which is behind the G-spot area), as has been suggested by a few people. In fact, the G-Spot is the tissue in that raised area of the vagina, which has a higher concentration of sexual nerves, and produces hormones similar to those made by the male's prostate gland.
A sort of map to the area -- Imagine your lover lying on her back, legs spread. Your position is between her legs. You would slide a finger inside her vagina, palm up. With your finger straight back, middle finger is best, you would curve it toward yourself, gently, as if you were gesturing to someone to "come here". In doing so, the area you press on should be pretty near her "G-Spot" area. If you know enough to follow the urethra (the tube that leads from the bladder to where the pee comes out), along the inside of her vagina, you may feel a slight swelling (if she's excited) at the point where the g-spot is.
She must be excited, especially if either you or she is new to the g-spot, for the g-spot to have any real effect at all. It's not the ideal area for getting your lover aroused.
But when she is excited, this area (more often than not) is the best way to bring her to orgasm. You work your way back to it gradually, teasing her (typically, this works best) with your fingers, slowly and gently. It's easier to hit the right area with two fingers, but this may not be comfortable for her, depending on how "tight" she is at that moment. When you have your fingers around the right area, try gently pressing, not too quickly. The movement should be fairly rhythmic. It's typically best if you're licking her clitoris (or near it, depending on the woman) at the same time...don't make a big deal out of the "quest", this will often make her feel self-conscious, or distracted. The licking should seem to be the primary activity.
When you find the right area, she should respond by getting more excited. Most of the vagina's inside surface isn't really that sexually sensitive, believe it or not...most of the excitement of randomly inserting fingers is more psychological than from the actual stimulation.
While more complicated techniques work with some women, some of the time, the best basic technique, upon finding the g-spot, is to continue to slowly, rhythmically press on it, while licking her clitoris (for a few women, the labia (lips) are sensitive to licking, too).
This should cause her to build up to an orgasm.
A G-Spot orgasm is different (always, when it works at all) than any other kind women have. It is possible, with some women, to have different qualities and kinds of orgasms from vaginal, clitoral, anal, and even breast stimulation...but with other women, those kinds of orgasms are all pretty much the same. But the G-Spot orgasm not only feels different; it also causes her body to react in a different way.
First, it often causes a "push out" orgasm. The area around, or "above" (farther inside, that is) your fingers seems to swell up or to contract toward the opening of her vagina.
If you find the right combination of pushing back when this happens, and slacking off to let it push out, you can cause (in perhaps half of the women) her orgasm to continue happening, long after normal ones would have subsided. In some women you can even keep her at a "plateau" (raised level) of sexual excitement, like a prolonged orgasm (or a little less than one) afterward, building up to an even bigger climax.
That brings me to another important point; G-Spot orgasms sometimes causes a huge amount (relatively speaking) of lubrication (juices, wetness)...far more than even the most excited woman gets from "conventional" stimulation.
When that extra wetness combines with the push-out orgasm, you get actual ejaculation...like a guy, but much better tasting. The built up juices can shoot out in such volume that you, or she, may be afraid that she lost control of her bladder. That is (almost always) not what happened. The fear that she peed can be enhanced by the fact that the urethra is behind the g-spot, so that in rare cases the woman can sometimes get the feeling that she needs to pee, even though she does not.
In reality, in both men and women, enough sexual excitement prevents peeing, unless you try really hard. This is a built-in reflex, because urine is something of a spermicide. The "pee hard-on" that men get in the morning is partially his body taking advantage of this reflex, to keep him from accidentally wetting the bed with the urine that built up while he was sleeping.
Taste
Anyone who likes, say, coffee or beer should have no room to complain about the way most women taste. No, I don't mean it tastes like coffee or beer, genius...I mean that beer and coffee are, at best, acquired tastes...they are not naturally pleasant to a human being, no matter how much your addiction to one or both has convinced you otherwise. Most people, whether they remember it or not, had to learn to like the taste of beer/coffee, and had the desire to be Like the Adults to help them along. Well, I'd list taking pleasure in cunnilingus above drinking addictive beverages on the list of things that prove maturity. Aside from that, there's the fact that many people who give it an honest try genuinely enjoy the taste/smell.
The articles states this clearly. There is a differnce in meaning, I believe.
Show me something that powerful on your linux piece box. I dont think so.
Now go cry into your stupid backwood kernel compiling command line terminal. Jackasses.
Well, wasn't it obvious that without the Dynamic WEP key you could hijack the connection? But with the WEP things are a lot different than they describe as the man-in-the-middle doesn't know a thing about the session key and the protocol to negotiate those are mutual authentication based.
Except that those DOS attack are still present.
(a) An encryption cracking project
or(b) Sex with a mare
???Can anyone really say that they DIDN'T see this comming?
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Dont make fun of the dirty GNU hippies, after all, they got picked on enough in High School, mmmmkay?
IMHO, it's on its way out anyway.
spacefem.com
I have a wireless setup at home and absolutely love it. I also assume that everything I do on the network is transparent and so take appropriate steps when the situation is called for. Props to all the developers of GPG and OpenSSH.
And - this type of thing will only eventually lead to us having a more secure wireless networking protocol. Aren't you glad that these guys have the freedom to this kind of research?
http://staging.infoworld.com/articles/hn/xml/02/02 /14/020214hnwifispec.xml?Template=/storypages/prin tfriendly.html
~shiny
WILL HACK FOR $$$
Is it just me, or have the many weaknesses in 802.1x security already been beaten to death?
It is clearly a broken and insecure technology. Workarounds are possible, but don't fix the underlying problem.
There. Now you don't need to read this and you can go look at userfriendly.
D
ELITISM: It's always lonely at the top. Uninvited company is rarely welcome.
Sure, I know the article only says "802.1x" but slashdot says 802.11x so they MUST have broken 802.11x instead!!!!
Here's the UMD Professor's 802.11 Research page
Because of this, a security administrator, or even a home user, has to assume that every packet sent over a wireless connection is intercepted. Until there is reliable encryption that takes prohibitively long periods to break (remember, WEP is broken, and the break is a relatively quick one), this technology is simply unsecure, particularly for corporate use.
Would authentication using Mac Addresses take care of this problem? Or at least mac-address checking... Each wireless client has a Mac Address, after all....
Your post scored in the top 10th percentile in Dirty GNU hippiness. Please take appropriate action to avoid this unfortunate situation in the future.
At least these guys are open to correcting the problem, unlike the goons who sat on Felten et. al.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Go Terps!
Maybe this is a question of understanding, if some corporation was sponsering or developed these standards could they sue these dudes under the DMC?
http://monkeyserver.com --- weeeeee
I'm trying to design a secure wireless architecture for a multi-site, multi-floor deployment (with roaming). I have to deploy soon: within a month or so, and can't afford to wait until IEEE fixes the standards.
I see possible 2 ways to attempt this (with 802.11b or 802.11a when it's available):
- VPN over wireless
- 802.1x authentication with TKIP
Both have their pros and cons.
I demoed Bluesocket (VPN concentrator/firewall for building wireless DMZ networks), which works. I found it difficult to administer, lacking reporting, and wonder how many VPN tunnels it will handle.
I'd prefer to go with the new industry standard (TKIP and 802.1x auth), and segregate wireless traffic onto DMZs, protected by a custom machine running iptables/sport, to provide firewalling, routing, IDS, arpwatch, etc.
I can't use 802.1x if it's insecure, and I'm having a difficult time determing how insecure 802.1x is based on the articles I've read.
Assuming I used 128 bit WEP, TKIP with fast key rotation, EAP auth via 802.1x, and segregate traffic on a WDMZ with a firewall and IDS, what vulnerabilities are left to exploit?
If it's the MiM attack, VPN over wireless may have the same issue, unless I roll out strong mutual authentication via certificates. Doable, but very unwieldy.
I'd appreciate anyone's throughts on this matter.
- Eric
This standard has been extended for wireless use. The problem described in the paper is quite different from the problem of cracking WEP. 802.1x uses a similar method of authentication and encryption that SSL does. It also provides for the possibility of changing WEP keys periodically. Although WEP is quite flawed, that problem can be avoided by changing the key on a per client basis with greater frequency than is required to determine what the key is.
The problems described by the paper could only happen in an exceptionally poorly configured wireless deployment. For these exploits to work you would have to be using 802.1x with WEP encryption disabled. This would be a strange thing to do since one of the main purposes of using 802.1x is to get effective WEP key rotation. For the man in the middle attack, you would need to have an imporperly configured authentication server (usually RADIUS).
I don't want free as in beer. I just want free beer.
itz been said, man.
_________________
EBAY SAFETY TIPZ!
Dork, you made me cry.
_________________
EBAY SAFETY TIPZ!
We regret to inform you that your post scored in the top 10th percentile in Dirty GNU hippiness. Please take appropriate action to avoid this unfortunate situation in the future.
Corrective action will be taken if you do not take the necessary steps to remedy this situation
Sincerely,
A/C
Slashdot journalists on cack!
OH DOCTOR! You can take that one to the bank, baby!
Will 802.11x WiFi be able to survive in the onion ring of death with CowboyNeal? Find out next on the Power Rangers.
I don't know, but I've been told; "The Eskimo pussy is mighty cold!"
Welcome to our world...welcome to our world... welcome to our world of (gay)toys.
Come here often?
Slashdot.org: to be journalists in a place where no journalist has journaled before!
What next crusty pun will the slashdot journalists be digging up from the grave?
(Clerck
Cisco uses LEAP for its secure wireless. Cisco supports WEP only for non-cisco product support. LEAP provides unique authentication to prevent session hijacking and man-in-the-middle. You also get to pay at least three times as much for Cisco. If you really don't care about security that much then you can go buy Linksys or some other commodity brand. This article was pretty crappy anyway. Some guy said he found some weaknesses in wireless security. Some other guy said he was not surprised. If you are using wireless in a hotspot, you should be using a VPN client to encrypt your data, just like if you were connecting from your hotel room. One time passwords and digital certs prevent highjacking of corporate data. Obviously this ass clown never thought of that. Here is an article on LEAP http://www.nwfusion.com/reviews/2001/1217revside3. html
Concerning Speed: the Rijndael AES proposal gives 70.5 Mbits/s for a VisualC++ Implemetation of Rijndael on a P200. This should be fast enough for the clients. Can anyone provide accurate figures, e.g. for the current implementation used in gpg?
Above all: AES is a symmetric block cipher, so this has nothing to do with the security problems adressed, as these seem to be flaws in the protocol. (session hijacking, man in the middle, etc.) These are questions of key managment, not of the block cipher used.
Seems that the chairman is not exactly an expert in crypto...sig intentionally left blank
Quit polluting this site with your GNU hippy sex fantasies. Furthermore, karma whoring has grown tiresome.
So basically the person trying to steal my info would have to be hiding in my closet to even see the signal, nevermind cracked.
Sounds more like the makings of a scary movie instead of a techno hacker thriller...
Until there is reliable encryption that takes prohibitively long periods to break (remember, WEP is broken, and the break is a relatively quick one), this technology is simply unsecure, particularly for corporate use.
You can two parties can use Diffie-Hellman key exchange to agree on a key even when all traffic is being watched.
Also, there is plenty of "reliable encryption that takes prohbitibitively long periods to break", such as triple DES (Data Encryption Standard), and any of the the Advanced Encryption Standard finalists, at least in the sense that a lot of very qualified people have tried hard to break them for a long time in a very open process and so far failed. (Rijndael won the AES endorsement, but, not to my knowledge, because of a vulnerability discovered in any of the other finalists.) Granted, these algorithms are not mathematically proven to require a substantial number of cycles to break or even to be as difficult as some other famous problem (like Michael Rabin's public key algorithm), but, if that is your standard of security, then you also should not be sending even your encrypted traffic over any internet backbone links that are not known to you to be physically secure.
I shall use the information to my advantage when finding a second kling-on woman at the StarTrek 2002 convention center. Do you have any information on women who desire analingus? She is quite the kling-on. I love my women and I desire a couple other ideas. I want to begin a '69 session with her. However, she does not want my face burried in her vagina and I do not want her mouth impaled by my penismula:
She wants me to burry MY FACE in HER ANUS and she wants to burry HER FACE in MY ANUS.
Do you have any information on such matter as make to female '69 dual analingus? Thankyou. Warhf out.
Cisco needs to DMCA the professor and his student. Only that way the balance can be held.
I have seen a report of suspected 802.1x security-weaknessess before. I guess they are as strong as the open source business-model. To bad, it just sucks to be forced to use VPN software and other higher-level security when the protocol itself should be good enough.
It's a painful but (IMO) irrefutable fact: Much of the computer technology we're seeing introduced currently hasn't been thoroughly thought out and/or tested. In particular, anything new having to do with networking (or MS software) is likely to carry security risks that won't be immediately obvious. If you're willing to take that chance, then by all means, jump on the bandwagon and be an early adopter, but don't be surprised when you wind up paying a higher than expected price for being a trail blazer.
More important... WHat isn't breakable now, may be tomorrow. So while you may be "secure" in the knowledge that what you transmit today is indeed not being read, tomorrow there may be a crack and all that data is cach'd n compromis'd...
fslg503-985-8686503-985-8686503-985-8686503-985-8
Provocative question: how is this different from "wired" IP across several routers? That's why you need strong endpoint-to-endpoint encryption, e.g. SSL/TLS.
One additional problem seems to be that a simple way of session hijacking would enable a nasty Denial of Service Attack, but the other points are inherent problems in IP4 without IPsec (i.e. probably 99% of internet traffic) as well.
sig intentionally left blank
Seems these people goofed in both tasks! First they did not do two-way authentication. So everybody can claim to be the non-authenticated party. Then they used a form of authentication that allows a succesful imposter to now pose as the authenticated party. And third they did not prevent session hijacking, i.e. do not keep up the authentication!
Very, very incompetent. Obviously these people did not have a good crypto lecture or did not understand what they where supposed to learn there.
And they apperaently did not even read the specification of the infrastructure they are using. My favorite quote:
"If you look at the 802.1x, they tell you the 1x protocol is insecure when used in a shared medium environment unless a security association is established. Since 802.11 doesn't do that, so by IEEE's own words it is insecure," Arbaugh said.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
It doesn't have to be strong..within a few weeks of releasing their research they'll probably be arrested and executed, by order of the DMCA.
You can two parties can use Diffie-Hellman key exchange [swcp.com] to agree on a key even when all traffic is being watched.
As long as an attacker can only watch, this is true. An active attacker can mount a man in the middle attack (one of the attacks in the article was exactly this type) against a naive implementation. However, used correctly, DH can provide secure key agreement.
Also, there is plenty of "reliable encryption that takes prohbitibitively long periods to break", such as...
All of this is unnecessary. Why would we want to use a prohibitively slow block cipher like 3DES, or even a moderately slow block cipher like any of the AES finalists, when the stream cipher already used in WEP is perfectly adequate? RC4 is a well-respected cipher and can accomodate ridiculously large key sizes. WEP's problems aren't related to the algorithm, but to the misuse of the algorithm (it's a well-known fact that with RC4 you *must* discard the first few bytes of the keystream to permit the state table to be adequately mixed).
The article commented that they're considering AES for the next generation of wireless security, which makes it clear to me that they still don't get it. The problem *isn't* that RC4 is insecure, in which case using AES would be a nice fix, the problem is that *any* cipher applied in a foolish way by people who don't understand cryptographic protocol design will be weak, no matter how good that underlying cipher is.
I only hope that they're smart enough to publish the new protocol and solicit reviews and comments from people who do know what they're doing. Of course that only helps if they listen to the responses. As Arbaugh and Mishra point out "If anybody breaks [the encryption], they not only break the confidentiality but they also break the access control and the authentication so one break breaks everything. That is not good design. Each security mechanism should stand on its own." What they need is a fundamental redesign, not a new cipher, and they may not want to hear that.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Actually assuming that a wireless network is similar to an old style bus topology ethernet is a good approach. There everybody can read everything.
Unfortunately some people don't understand this and do stupid things like having a switched network for security and then connecting some users via wireless.
With Unix the solution (even for coperate use) is simple: Only allow ssh, sftp, and scp and ban (and scan ports to be sure it is not used) telnet, rsh, ftp,... for internal use. You don't even need to do a possibly difficult IPSec setup. Insecure services can be tunneled through ssh.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
This is old news. IEEE 802.1x is EAP, which has been used for dialup connections with PPP for years. The problems are well known.
You can run Protected EAP on top of EAP/802.1x and protect the connection from the problems, see:
PEAP draft
Of course, you'd need the WEP fix to solve the privacy and integrity problems of the connection as well.
http://www.cisco.com/univercd/cc/td/doc/product
Plus - with Cisco products, if you want LEAP authentication, you now HAVE to use WEP. Before, WEP was optional.
The real problem is the fundamental way in which Wi-Fi works, according to Arbaugh. Although rapid rekeying of WEP keys, for example, which will be implemented in the next security standard called TKIP [Temporal Key Integrity Protocol], makes it more difficult to crack, Arbaugh said the entire design is just not good security.
"You are relying on a confidentiality mechanism, and in general that is considered bad design," he said.
The next generation of security is TKIP and is backward-compatible with current Wi-FI products and upgradeable with software. TKIP is a rapid re-keying protocol that changes the encryption key about every 10,000 packets, according to Dennis Eaton, WECA chairman.
First they burn books, then they burn people.
They didn't say if their attack gets around MIC, which is a part of what 802.11 group i is wokring on.
I'm not convinced this is a real crack.
-- dieman - Scott Dier
True, you should consider every packet of -encrypted- data as intercepted,
however: this isn't a problem, this has been a standard scenario for cryptology ever
since radio transmissions were first broadcast a hundred years ago..
The problems are inherent to the encryption algorithm, not the mode of communication.
SSH sure seems strong enough, we should be able to expect the same level of security in wireless networks.
Why on earth use a symetric cipher (rc4), and publish the private key?. Why not simply an asymetric system (rsa/dh/dsa)?
Isn't this all rather over the top? all the hard work has beem done already, why don't we learn?
All the popular operating systems now have built in public key, proved/tested technologies.
This all seems like madness, re-inventing the wheel.
VPN's to everywhere, hub and spoke, meshed, sureley its not that hard! We run 1000+ users, on a mixed wireless/hardwire network. All users are authnticated using SecureID onetime passwords (yes I've read the L0pht stuff, utter fantasy), so we have Authentication and Accountability! ONE POINT.
Then guarantee (as best as possible) confidentiality! easy use public key encryption, built into IPSEC. TWO POINTS.
And the lucky winner of 3 points, and I'm not a french judge! is, well availbility, retrict who
can access the network/data/entity.
What what!, no hacks yet!, I don't trust anyone, users are the worst, second external attackers, and then me and my staff.
SCORE:3 Insightfull.
The world famous goatse.cx guy was recently declared deceased both on Slashdot and K5, but now a research team that prefers to remain nameless has found that our favourite anus stretching hero is indeed still alive here.
The news have been received with overwhelming relief and joy in the open source community the symbol of which the stretched anus had become. Richard M. Stallman, Linus Torvalds and Eric Raymond are preparing a joint statement and a press conference next week. Developing...
The owls are not what they seem
However, Netscape was smart enough to learn from this disaster and hire some qualified expert cryptographers. (I think Taher el Gamal was involved in the design of SSL-v2.)
Let's hope that some competent people will redesign this thing from the bottom up.
sig intentionally left blank
... www.sixgirls.org
That the security of your wired LAN depends on all the multihomed PCs attached to the Wireless network not having any remote root type exploits.
Read the following article for a quick summary, and follow the link to the actual research paper to read about how it works. It is quite interesting.8 1501.shtml
http://www.powerbookcentral.com/columns/knowles/0
I'm responsible for security for a 20 acre wireless net. The biggest problem I have is that I inherited the net and it's multivendor.
Cisco LEAP is great on 1/3 of it - and with WEP and 4 hour keys I feel it's as secure as I'd like it - running a VPN seems overkill and not user friendly. The Avaya (Lucent/Orinoco) bits are a pain because the client devices don't support any advanced security (they're cash registers) and on the Symbol bit the clients are handheld bar code scanners - which don't even support WEP.
The solution, firewalls - each wireless net is a VLAN which only has limited connectivity to the rest of the net. Some cracker can spend the time to get onto the LAN if they want to but they're not going to find anything interesting. The couple of servers that are available are hardened as if they were on the DMZ - I suspect this is the answer for alot of firms until multi-vendor wireless security is sorted out, which I think will be in a year when the clients/APs are replaced with 802.11a or 802.11g devices (we'll wait for 802.11g 'cos the range on 802.11a is unworkable)
If you bothered to read and understand the paper by Fluhrer, Mantin and Shamir that is linked to in the article you mention, you'd see that I know precisely what I'm talking about.
As the paper states:
And this paper was far from the first to note this weakness, although the authors did demonstrate a more effective method than had previously been known (which is what made it valuable research). The authors also presented a new and interesting weakness that can arise from one common approach to performing the key scheduling (XORins the IV with a fixed key, rather than hashing IV and key). Both points have an effect on WEP security. It's the two weaknesses when exploited together that lead to the "linear" time break of WEP.
However, as I said in the post you replied to: "it's a well-known fact that with RC4 you *must* discard the first few bytes of the keystream to permit the state table to be adequately mixed". Had the WEP protocol designers simply chosen to discard the first, say, 256 bytes of the RC4 keystream, the protocol would still be secure. The known-IV weakness might yet reveal another attack that could work even without the first few bytes of the keystream, which is why it is now recommended that a secure hash be used for mixing IV and key, but that attack has not been found as of yet.
My real point was not that RC4 was good enough (although it is). My real point was that clueless (yes, clueless, *everyone* knows you don't use RC4 that way!) designers misused it and created an insecure protocol. Now they're thinking that using AES will fix the problem. It won't. The problem was clueless designers, not a weak cipher. Giving the same clueless designers a new cipher will only give us yet another broken protocol.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Just curios here,
I have a lot of years experience doing C/C++ and am digging into some simple encryption.
An IV (Initalization Vector) should always be a fresh number for each encryptor/decryptor correct?
Jeremy
Often, but not necessarily. What is the purpose of your IV?
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Switched networks are generally no more secure than hubbed ones. Implementing mac layer security in the switch will help though.
How messed up is it that the THIRD post, and the first actual post from an intelligent life form is moderated as "redundant"?
I try to moderate while not completly wasted and I expect the same curtosy. This person deserves the same.
Moderation is dead! Long live the moderator!
Also Known As - Jack