Slashdot Mirror
New Wireless Security Standard Has Old Problem?
eggboard writes "Wireless security expert Robert Moskowitz, who sits on IEEE and IETF committees on that subject, sent me a short paper on a glaring weakness in the Wi-Fi Protected Access (WPA) protocol that's replacing the weak and broken WEP system well discussed here at Slashdot. His paper, which I've posted here, proves definitively that while WPA itself remains robust and secure, the interface for choosing consumer passwords makes it simple to snarf a tiny bit of network traffic and perform an offline dictionary attack. For Slashdot readers, this probably seems trivial, but because Linksys, Apple, and others are letting users enter My Dog Has Fleas as their passphrase, WPA might be less secure for home users than WEP."
Way to tell everybody my password.
Man, now I have to change it.
My Dog Has Fleas is a positively fantasic password compared to the usual choice of a middle name, spouse's name, child's name or birthdate.
Or, of course, the infamous "password."
If all it took were a dictionary attack to sniff a password, at least it took that much.
This isn't some simple passthrough that can be gotten through by knowing a couple backdoor passwords, it's a real live algorithm.
But in the end, it's up to the user to enter a password and as long as humans remain humans easy to remember passwords will always be chosen over #HrS2sWmNw/()LggDwMn.
It doesn't matter how easy to break a new system is, it's better than having no security.
I recently took my laptop on a trip across Toronto and in a couple of hours spotted around 60 wireless networks. Around 80% had NO encryption enabled at all. And yes, the most common SSIDs are 'default' and 'linksys'.
So make a system more complex and people won't use it - which defeats the whole object of it.
Jolyon
Please read my Canon EOS tech blog at http://www.everyothershot.com
The important thing here is that this allows for actual security for users smart enough to use good passwords. Even in hex users can enter dumb passwords ("AA AA AA AA AA...").
Only long passwords and encouraging the users to use good quality passwords/phrases really helps.
Ultimately though, these passphrases are flawed anyway- they are a form of shared password. History has shown this to be a thoroughly bad idea, one passphrase per user/machine is a far better idea; and even the user shouldn't know what it is (that way it can't get beaten out of them- black cosh crytography works pretty darn well.) These standards organisations aren't even trying.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"yeah, but #HrS2sWmNw/()LggDwMn.
is easier to crack than
"I bought 2 bags of frozen peas at the store"
which is much easier to remember
/bin/fortune | slashdotsig.sh
but my dog DOES have fleas...
MARIJUANA, SHROOMS, X: ONLINE?! - E
Hold it, someone correct me if I'm wrong, but doesn't this mean that instead of collecting thousands of weak packets in RFMon you just need to collect one packet from each network and brute force it?
Which method is harder to crack? I'd take WEP. Simply because its takes longer to collect the necessary packets; especially on a smaller network. On a larger network it may work out to be better from a security standpoint for the cracker to start a brute force attack on the packet on a spare computer and let it sit for a few days instead of having him hide a pocket PC with a wifi card in range of the AP for a few days.
I've just bought my first wireless kit (DLink 802.11b wireless router plus card for $60).
I did some reading on WEP and it sounds pretty frightening. Today I'm going over to set up the same kit for a friend who's NOT a slashdot type. I'm pretty-well used to data protection issues, and I take reasonable precautions and would also not freak out if something Bad happened. But I'm wondering what I should tell my non-techie friend.
Practically speaking, just how vulnerable is WEP? If my friend has a good non-dictionary password and uses "256 bit" encryption, is he reasonably safe from casual hijacking?
That's certainly what the manufacturers would have us believe, and the low prices and ubiquitous Starbucks access points seem to be causing a lot of folks to adopt wireless, at least out here in silicon valley.
Having read up on the security problems, I'm now hoping some of you can provide or point to real-world scenarios.
Hope this isn't too off-topic...
This Like That - fun with words!
This and many other security concerns were voiced years ago in the IEEE. Unfortunately, the buffoons who pushed the standard through were not interested in hearing about them.
Misdirected karma: they screw up, consumers get hit.
Thought i would put up a mirror as it looks like the site is really slowing down and might die soon.
1..2..3. Hey that is the same combination I use on my luggage!
There's a growing sense that even if The Future comes,
most of us won't be able to afford it.
-- Lemmy
Basically they are claiming that this protocol is insecure becase users choose bad passwords. Duh. Why not just let the user enter as pass phrase, then make an MD5 from the user supllied passphrase, then use the sum as the wireless passphrase. It's difficult to do a dictionary attack, and the user gets to stick with his chosen easy to remember pass phrase.
...my wireless router has a first name
it's l-i-n-k-s-y-s
my router has a SSID
it's l-i-n-k-s-y-s
RE: password security -- what about the old technique of using an acronym for something that wouldn't be hit by a dictionary attack? Um, like:
My Dog Has Fleas And Your Mom Does Too would create a password of "mdhfaymdt" ? Secure enough...and probably not in someone's best interest to share with anyone else.
The idea here (I know, I was there when we voted it into the standard) is that the PBKDF2 is computationally significant.
Thus when you perform your offline dictionary attack, for each lookup in the dictionary, you must perform 4096 HMAC_SHA1s and this might take some time if you are looking up a large number of dictionary entries.
The basic conflict is the wide disparity between the power of processors in low end 802.11 transceivers and high end computers. The time to compute the 4096 HMAC-SHA1s is significant on say a slow ARM7TDMI and the 4096 value is a compromise to limit the delay in computing this. This delay affects the time from pressing return on the keyboard, to the time the PTK can be known and communications can begin.
However the attacker can apply his cluster of 3GHz PCs, or his FPGA HMAC_SHA1 parallel processor, or his supercomputer array, and make the speed of dictionary lookups relatively insignificant compared against the strength of the passwords being used.
The wise people asked for a much higher number than 4096. Some implementation types beat it down to 4096, and here we are..
Evil people are out to get you.
I think this problem is present in *any* system that relies on user passwords. according to the article, each character in a password is equivalent to about 2.5 "bits" of encryption (since you can't use the entire ascii bitspace and some words/letters are more common, etc). this is a higher number than I saw referenced in one of bruce schneier's books (he said 1.3 bits of entropy per char I think.).
so, if your 128 bit or 256 bit or bit security system is ultimately based from a human-rememberable (and thus probably short) password, is there ANYTHING that can be done short of requiring 30 character passwords?
256bit PSK is used directly as the PMK. When the PSK is a passphrase, the PMK is derived from the passphrase as follows:
PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)
---------
Now I see where the problem is. Easily solvable...
alias passphrase = write "enter you MSG" \
read $MSG \
echo "$MSG" | rot13 | rot13 |mail -s Passphrase luzer@name.com
That wasn't so hard now was it?
wget -qO - kungfunix.net/fatality|sed -n '1!G;h;$p'
MoFscker
"Poorly choosen passwords lead to insecurity."
Well, duh. I didn't need three pages of dense, TLA-obscured claptrap to tell me that.
really, I have to re-install windows about once every omnth or month and a half (maybe I could stretch it out a little bit longer, but with increasing issues and difficulties) I have long since abandoned my PC as a platform for any kind of critical information. If someone wants to use it, fine, go ahead. I prefer it if no one were malicious, but hey, i'd just be re-installing anyway. What about my bandwidth you say? have at that too. I'm not using it all anyway. I might be a little peeved when I am playing games, but its not going to kill me (well it might when I am in a game, but not in real life) These are the reasons I love knoppix... a nice clean start every time!
After reading the article (gasp!), this guy is saying that if you (the user) choose a passphrase that is susceptible to a dictionary attack, your passphrase could be compromised by someone using a dictionary attack. No kidding? I would have thought that choosing a passphrase of common words would make it HARDER for a brute-force program using a dictionary of common words to crack! Slow news day, or what?
He also points out that WPA is perfectly secure with a good shared key (such as generating 256 bits of random characters) or using the built-in 802.1X authentication system. So....what's the point here?
Try not being a fat linux loving asshole.
She was bored, get over it.
perform an offline dictionary attack
What, you sneak up behind the sysadmin and brain him with a copy of Webster's?
Dark Helmet: So the combination is 1,2,3,4,5 ... That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage.
President Skroob: . . . 1,2,3,4,5. That's amazing I've got the same combination on my luggage.
YOU'RE WINNER !
Another lame blog
hexdump -e "\"%04x%04x\n\"" -n 8 /dev/random
Pre shared key auth/keying is a bad idea. Public key based authentication with random session keys via integration with RADIUS or Kerberos is much more secure (and should be supported by any WPA capable AP)
Uh oh, looks like you should have posted AC
Speaking as a cryptographer and longtime security geek, this weakness is about as damning as... using a 128 bit cipher that only gives 120 bits of protection. Look at the big picture. Most people don't even use WEP, let alone limit access by MAC address. The average user is SO oblivious to security, sharing passwords, opening .EXE attachments... I'd hate to recall how many times I found things like .rhosts files with '++' in them among career Unix programmers who must have known better. WEP was a semi-broken protocol, TACACS+ was a totally broken protocol, there was no way one could use them without compromising security. Just as nobody can use a number of commercial software products without compromising security.
WPA, on the other hand, is a very well-designed protocol. It is only as weak as its users are careless. And one need not choose "h^Ne#b8SV@,4g%yP" as a password to avoid this attack, any semi-uncommon phrase of 4 or 5 words will do.
I will deal with this problem by threatening users with a nasty note in their personnel file if they choose a sh*t passphrase -- and terminate their wireless access. And yes, I will try cracking the passwords myself, just as I have done with operating system passwords for several years.
I sure wish all my security problems were so simple! At least WPA *can* be secure, unlike the steaming heap of offal that most folks call a desktop operating system.
Boy, some peole just want to find things to complain about. I just read another "you have to protect us from ourselves" article today, perhaps this should have been included in their list. Personally, I think if people want to hurt themsleves this way they should be allowed to do so. If they do it as part of their job then better qualified technical people should take their place.
I'm an American. I love this country and the freedoms that we used to have.
and always will be that computer security is a deturrent for script-kiddies. if someone wants your computer to be a smoldering pile of has-been, it will happen no matter how much money you "invest".
You are confusing me with someone who cares.
YOU
(IT)
I'd like to have seen this story. This happened live, right now, and I have friends that could have seen it. Liked the earlier /. on the sky meteor, and would have been way better if /. could have posted in advance to go look at it!!! The guy posted as a story and a OT thread, but that gets dumped to the dregs here, so we still don't hear about it.
/. has good filter people. Must be a better way to handle OT major announces. That Guy Fawks story today is fun, but I could have heard it tomorrow with no difference, and still have friends get to see the record breaking today.
umm yeah stfu, saying things like "ima not do anything about it cept complain" is useless
I KUT J00 M4NG!!!
Presentation - Tim Moore, Doug Whiting, Jesse Walker - doc 02/545r0 - Mapping Password to PSK
Standardize a method to generate a 256 bit PSK from an ASCII password.
PSK = PBKDF2(password, ssid, ssidlen, 4096, 256)
Jesse: Only do this if you have to. Security is bad.
Tim: Use hard to guess passwords. Also change SSID from default.
Jesse: I would suggest that every AP ship with a different SSID.
Comment: This forces the administrator to set them to a common value in order to roam.
Comment: Why so big (4096)
Doug: Increases the number of effective bits by that amount.
Comment: How long does this take?
Tim: 17ms on my machine.
Comment: There is a Unicode problem here with UTF8. Results will be different based on code page used.
Comment: Will a 1 byte SSID cause a problem with this?
Tim: This will work, but won't be very good.
Doug: Doc says don't use this in the corporate environment. Suggested for home use.
Comment: Apple had a concept of pass phrase. Is this the same?
Chair: I don't believe they ran it through a function.
Tim: How much time to people want to review the draft?
Chair: If we postpone a motion, will anybody look at it?
Jesse: Do you want it incorporated as normative?
Comment: It could be normative for optional.
Tim: Either we make it normative or WECA does.
Jesse: We could put it in an informative annex.
Motion by Russ Housley
Motion to incorporate document 02/545r0 as an informative annex.
Second: Jesse Walker
Discussion:
Comment: Request to change document to use passphrase instead of password.
Motion to amend by Donald Eastlake.
Change motion to be:
Motion to incorporate document 02/545r0 as an informative annex with password replaced by passphrase.
Second: Paul Lambert.
Discussion:
Comment: We have not properly defined "passphrase". Does the editor know this definition?
Jesse: I have seen it before.
Comment: Call the question
Chair: Any objection?
None
Vote on motion to amend: 22-1-2 Passes
New main motion:
Motion to incorporate document 02/545r0 as an informative annex with password replaced by passphrase.
Any discussion on new main motion?
None
Vote on new main motion: 24-0-1 Passes
Evil people are out to get you.
Where are you getting this stuff?!?
assuming there are about 10K words in common vocabulary, and you use 10 words, that's about 10,000^10. pretty large, but only about 23 bits.
10,000^10 ~ (2^13.3)^10 = 2^133 = 133 bits of encryption.
but your 20 character password has a huge entropy. you have 26 lowercase letters, 26 uppercase letters, 10 numbers and about 10 punctuation marks. that's 66 possibilities per character. now 72^20 is a lot. that's about 26 bits.
66 possibilities * 20 chars ~ (2^6)^20 = 2^120 = 120 bits of encryption.
Above is tubgirl link. why do they want us to see it?
When I try to enable WPA (Enterprise) with the latest Airport software it tells me, (a) it is not compatible with my 802.11b card, (b) it is not compatible with MAC address access lists, and, (c) it is not compatible with WDS. WDS is where you can chain Airport connectivity over the air, which I use, and (b) only occurs under WPA Enterprise as opposed to personal. I can see (a) being rationalized under needing better hardware for better encryption, and I was going to upgrade regardless, but (b) and (c)? Doh!
Maybe a year ago I read this great guide on choosing a password that went through all the mathematics of how long it would take to break a password with just regular words, one with mixed case letters, one with irregularly placed characters, etc. It gave some good practical advice for coming up with memorable passwords that were secure. Can anyone direct me to this document? I've tried googling but I haven't had any luck. Don't remember much more about it. Thanks!
Yes, but how would polite people know whether a site is open intentionally or not?
.here) to help with this sort of thing.
2 49 29/286/2
l dh ere-01.txt
That's one of the many reasons why I proposed the setting up of a reserved TLD (e.g.
That way Joe Schmoe can just do http://here/ or something like that and learn more about the WiFi service/area he is using, terms and conditions. And there's lots more you can do with this sort of thing.
http://www.warchalking.org/comments/2002/9/27/1
http://www.watersprings.org/pub/id/draft-yeoh-t
Many institutions unwittingly standardize on weak passwords. For example, a certain EE department at a certain university (that I might attend), has a password convention of six characters, letters and numbers, but no two letters or numbers are allowed next to each other. So all the passwords are number, letter, number, letter, etc or letter, number, letter, number. They don't even require mixed case letters.
====
Crudely Drawn Games
> yes, I will try cracking the passwords myself,
Are you sure that's not a DMCA violation?
Sorry to be the one to break this to you: She is a slut. If your story is true, then be glad she has made it easy for you to be rid of her. If you "patch things up" and act like things are all right or that nothing happened, then dude, welcome to her little finger. Watch Me, Myself and Irene if you want to see your future. You can't build a future with someone that has no morals or conscience.
On the other hand, if you just wanna get your rocks off, then go on into your roommates bedroom and join in and bang her while she is blowing him. Just remember, and this is very important: Do Not Kiss Her!
Oh, you may want to double wrap that rascle too.
Thanks & good thinking. Reason I posted under my own id is this is a great story, at least according to other more specialist forums. How many times on Slashdot do you get to hear about something as a main article BEFORE another site posts it? How many times do you get to see a world speed record broken over your own town? When I sent the original article I could find no mention of it. Did a lot of trawling, and now found some news on various special interest aviation boards.
Given there was a lot of interest in the Concorde mistaken for meteor article, I figured it would be excellent for some slashdotters to get the chance to see it with their own eyes. Not just some digital camera photo a week old. Luckily some people got to see it, and a happy co-incidence if a few of them were slashdotters.
Now if that kind of scoop gets rejected, and OT stories are automatically relegated to the dumpster, I know nothing important and happening now i find out about will ever get posted. Will be content to read and enjoy slashdot as an AC.
...promote terrorism!
Seriously though, is there any reprecussion if some stranger comes up, enters your WAP, and downloads kiddie porn or *gasp* illegal mp3's?
-Eyston
You can't come in here unless you say "swordfish". Now, I give you one more guess.
Comment removed based on user account deletion
Ha! What a fucking loser you are. You post the same thing as me but then point to my article which was posted 10 minutes earlier and say its a troll just to try and get mod points.
I also loved how you posted as an AC to try to back up your claim.
Fucking moron.
Don't listen to the idiot below who as AnnieCoulter copied and pasted this text 10 minutes after I did in an attempt to get mods points.
Yeah like anyone wouldn't figure out that AnnieCoulter who copied and pasted the above post and then posted as an AC saying this was troll wasn't the same person.
This is just a troll trying to get karma so that they can troll at +1. Dumb ass.
WiFi security basics:http://azwardriving.com/security/
for mod points. Lame.
Dude, join the club.
I've never hooked up with anyone and I've been depressed for like 6 years. I'm 21 and I've been on a single date and that relationship fizzled within days of that date. I'm socially incompetent, and messing up in my engineering classes.
You're doing better than I am. And hey, at least you get to see her topless!
Why don't these companies start implementing Kerberos? Or something similar. My understanding is that no passwords are ever sent out over the network.
http://web.mit.edu/kerberos/www/
1. Use IPSec, or
2. Restrict the access point so that no connections can be made anywhere except to a VPN server
I'm currently planning something along the lines of (2) at home. I plan to use the hostap driver for Linux and firewall the wireless interface off from everything except for a single port which goes through to a VPN server. In order to talk to ANYBODY the client will have to log in through the VPN.
This way if/when a weakness is discovered in the crypto I just upgrade the software on the server/client instead of blowing money on new hardware every time they standardize on something else.
The only problem is that users can still DOS each other wirelessly, but there's nothing that can be done about that.
6cea e4ca 6713 721c 4cbf 71a4 e1aa 8972 0a03 f9d0 47a9 8f3c 9ead 8fb4 35d9 38c0 0406 1f02 0c46 878f 42f8 5ec1 77c5 1a99 f64b 5ad3 bb82 2c93 7870 a725 ba29 dd2b c470 0e70 3bf4 9c50 01a3 31cd c717 0b68 afe0 d479 62b2 46c0 a0c6 af61 c8e0 1915 01f4 8df8 be64 7401 4ed7 1459 766c d888 e772 f41b b310 e958 ebf6 87a1 c0e7 7a60 99d1 38ff d009 4c65 7a5f dbb0 f347 7a65 1f34 254c 8167 d103 4e34 9fc7 c97b 9ac0 0575 12a5 4f0d 9c87 5015 a647 ab9d 0ff6 f940 c1e7 1699 bfef 9827 b19f 9bc9 8391 3985 ed5e 275d f2c0 d3cd d489 13d3 6d0c 9aba 85e2 221d 1990 2fc8 1584 f2cf f7a1 98de 819d 6d2f 954e 83f0 d4a6 b854 940b 6cec a490 f7ce f556 fff2 fc53 daee 7af2
By coincidence, I do plan to name my kids in hex. Leet-speak would make them look like wimps, while 6cea would certainly make my kid the coolest throughout school.
You can't judge a book by the way it wears its hair.
You're missing the point here: you're sophisticated and understand that poor password choice produces high risk.
Since WPA is susceptible to dictionary attacks, wouldn't you build an interface that would reject poor passwords? Or would you advertise WPA as a way to enter simple passwords? You're smart: you'd build an interface that had crack behind it and a good dictionary, or at least required 20 digits and some punctuation.
Since the marketing folks and interface designers are encouraging the use of simple passwords, this dramatically increases the risk to consumers that their networks aren't truly secure.
Freelance tech journalist for the Economist, MIT Technology Review, Macworld, and others
If she is, how can I get ahold of her? I want a peice of that!
Okay, so users might pick a password which is less than 20 characters and is dictionary based. Guess what? They always will... Security is a balancing act. If you make security too cumbersome, then users will find a shortcut and abuse it, making it worse than no security. If the spec enforced something like: "passphrases must be at least 128 hex characters" you'd end up with a bunch of passwords which were all "AAAAA..." (or something similiar)
The simple truth is people are lazy. How many passwords do you have? And how many password guarded accounts? I bet even the most diligent of us out there only have a small number of "good" passwords which we use for damn near everything and never rotate.
The problem with WEP was flawed crypto. No matter how good my password was, someone could crack it with unacceptable ease. At least with this new scheme those of us with "good" passwords have a chance.
Plus, hackers can obtain passwords from the wireless net that they can try against other systems if the user has not been educated to use different passwords for different systems, which is less of an issue with traditional nets.
Your story might be a little more plausible if your post didn't mention that it was 3 am when the time of your post makes it 8:14. So that puts you where, Turkey? Greece? Tel Aviv? So either you're an American loser in the near east, or you're a pathetic excuse for a liar.
Better luck next time.
when I read buried way down in the Solaris 9 12/02 release notes that they'd be FINALLY supporting md5 password crypts.
::eye roll::
And in typical Sun style, they created a new plugin architecture to support it. There are all of two useful plugins (the standard crypt is built into libc)...
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Would also help if he hadn't been posting it for weeks. I see he's had to go AC now so obviously it's still in his posting history.
Home users are going to generate less traffic than businesses, and so it will take even longer to get enough traffic. Unless you happen to notice a van parked outside your house for a couple days, or find yourself staring down the barrel of a pringles can, you can relax.
- Turn off SSID broadcasting
- use a unique SSID
- For God's sake, change the admin password
- Turn on WEP
- Use MAC address filtering
Congratulations, you're now more trouble than you're worth.I tried it, its legit!
good advice. I just wish it was automatic & that more people knew they were vulnerable. I live on a quiet street and run kismac every so often, so I'm hoping my isolation will protect me... but I haven't tried a high-gain antenna yet!
HIV Crosses Species Barrier... into Muppets
I got wi-fi. I got 802.11g, I waiting for i. I live in the a densely packed suburb, with several friends who go to my school who love to war-drve. Tehy have contests. It is actually quite funny. I am helping them map out active connections. They know I have wi-fi. They try like hell to get into my net, but I have an openBSD box running a radius server. I don't have all that much to worry about. They have been trying since august and still haven't gotten in. These aren't script kiddies, these are the kids who got 5's on the AP comp test. Did I mention that we all studied independently for it, no teacher.
...and an unoriginal one too. This is the third time I've seen it, and I haven't even been looking.
Carry on, nothing to see here.
Guys, wifi is limited in scope to that which is not more than a few hundred yards from the access point. The password doesn't have to stop everybody, just everybody not too far away.
/.?
That limits the damage scope of a malicious party to that within a half a mile of their present location.
The *same* limitations of passwords on the public Internet, however, are much more likely to be damaging. Let me give an example...
How many people use email with pop3 over the Internet? Not only are these accounts typically set up with crummy passwords (like "Robert" - their middle name, or "120871" - their b/day) but then the passwords are sent, several times/day in plaintext!
And yet, with all of these big, huge, security no-nos, pop3 reigns supreme as the standard for email receipt on the 'net, and seldom is there actually a problem.
So, to whit, we have an issue like "A credit card can be used to bypass the locks on many doorknobs" and it makes front page at
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Argh!!! Get out of my head!!! How'd you do that? How'd you guess my uber-secure password! Well since you somehow got the password, I might as well give you the full passphrase: "Human resources Said 2 specify What might Not work / O Lovely grits get Dem with Miss natalie". Now GET OUT OF MY HEAD you mind-reading bastard!
Ha! It's my cat that has fleas, so that password doesn't apply to me.
/. If the government wants us to respect the law, it should set a better example.
On to step 2!
If that's such a safe thing to do then how about posting the address of the building so the local l337 punkz can drive by and make sure you've installed your Blaster/Nachi patches.
I'm sorry. I'll take the -1. I LIKE IT TOO!!!!!
I am not left-handed, either!
hd /dev/random
#It's my little way of saying the kids probably aren't really mine, and their genetic code could've come from anywhere.
You can't judge a book by the way it wears its hair.
What if you don't have a dog, or he/she doesn't have fleas. Would it be more secure to use "I don't have a dog" or maybe "MY dog doesn't have fleas" or "If I had a dog, he/she wouldn't have fleas". Or any combination thereof.