Slashdot Mirror
New Wireless Security Standard Has Old Problem?
eggboard writes "Wireless security expert Robert Moskowitz, who sits on IEEE and IETF committees on that subject, sent me a short paper on a glaring weakness in the Wi-Fi Protected Access (WPA) protocol that's replacing the weak and broken WEP system well discussed here at Slashdot. His paper, which I've posted here, proves definitively that while WPA itself remains robust and secure, the interface for choosing consumer passwords makes it simple to snarf a tiny bit of network traffic and perform an offline dictionary attack. For Slashdot readers, this probably seems trivial, but because Linksys, Apple, and others are letting users enter My Dog Has Fleas as their passphrase, WPA might be less secure for home users than WEP."
If all it took were a dictionary attack to sniff a password, at least it took that much.
This isn't some simple passthrough that can be gotten through by knowing a couple backdoor passwords, it's a real live algorithm.
But in the end, it's up to the user to enter a password and as long as humans remain humans easy to remember passwords will always be chosen over #HrS2sWmNw/()LggDwMn.
It doesn't matter how easy to break a new system is, it's better than having no security.
I recently took my laptop on a trip across Toronto and in a couple of hours spotted around 60 wireless networks. Around 80% had NO encryption enabled at all. And yes, the most common SSIDs are 'default' and 'linksys'.
So make a system more complex and people won't use it - which defeats the whole object of it.
Jolyon
Please read my Canon EOS tech blog at http://www.everyothershot.com
The important thing here is that this allows for actual security for users smart enough to use good passwords. Even in hex users can enter dumb passwords ("AA AA AA AA AA...").
Hold it, someone correct me if I'm wrong, but doesn't this mean that instead of collecting thousands of weak packets in RFMon you just need to collect one packet from each network and brute force it?
Which method is harder to crack? I'd take WEP. Simply because its takes longer to collect the necessary packets; especially on a smaller network. On a larger network it may work out to be better from a security standpoint for the cracker to start a brute force attack on the packet on a spare computer and let it sit for a few days instead of having him hide a pocket PC with a wifi card in range of the AP for a few days.
"Poorly choosen passwords lead to insecurity."
Well, duh. I didn't need three pages of dense, TLA-obscured claptrap to tell me that.
actually, your passphrase has much lower entropy than your random password. assuming there are about 10K words in common vocabulary, and you use 10 words, that's about 10,000^10. pretty large, but only about 23 bits. now consider the deterministic ordering of words in an english sentence, and you knock off a few more bits.
but your 20 character password has a huge entropy. you have 26 lowercase letters, 26 uppercase letters, 10 numbers and about 10 punctuation marks. that's 66 possibilities per character. now 72^20 is a lot. that's about 26 bits.
so it may be easier to remember, but it's not more secure.
Speaking as a cryptographer and longtime security geek, this weakness is about as damning as... using a 128 bit cipher that only gives 120 bits of protection. Look at the big picture. Most people don't even use WEP, let alone limit access by MAC address. The average user is SO oblivious to security, sharing passwords, opening .EXE attachments... I'd hate to recall how many times I found things like .rhosts files with '++' in them among career Unix programmers who must have known better. WEP was a semi-broken protocol, TACACS+ was a totally broken protocol, there was no way one could use them without compromising security. Just as nobody can use a number of commercial software products without compromising security.
WPA, on the other hand, is a very well-designed protocol. It is only as weak as its users are careless. And one need not choose "h^Ne#b8SV@,4g%yP" as a password to avoid this attack, any semi-uncommon phrase of 4 or 5 words will do.
I will deal with this problem by threatening users with a nasty note in their personnel file if they choose a sh*t passphrase -- and terminate their wireless access. And yes, I will try cracking the passwords myself, just as I have done with operating system passwords for several years.
I sure wish all my security problems were so simple! At least WPA *can* be secure, unlike the steaming heap of offal that most folks call a desktop operating system.
Boy, some peole just want to find things to complain about. I just read another "you have to protect us from ourselves" article today, perhaps this should have been included in their list. Personally, I think if people want to hurt themsleves this way they should be allowed to do so. If they do it as part of their job then better qualified technical people should take their place.
I'm an American. I love this country and the freedoms that we used to have.
It doesn't _hurt_ to enable the MAC address protection though.
It's next to useless. It doesn't hurt, but it doesn't help. If somebody's cracking your WEP key, MAC addressing isn't even going to slow them down.
And if they are stupid enough to hijack your MAC while you are using it (and to figure out the MAC they'd first have to break the WEP),
Not true. You can get the client MACs within seconds, without cracking anything.
you'd know pretty quickly that something was going on.
How?
Haida Manga
This is where frequent password rotation comes into play. Security is more than that single great password. You need to have a continually changing flow of great passwords to keep one step ahead of hackers. What's in your password wallet?
We do that in corporations where we are forced to change the password every 3-6 months, but we gripe about it and avoid doing it elsewhere. How many of us really take that extra measure of security. Remember, security is a process, not a destination.
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
I think he's talking about brute force attacks. If you are only allowed to have a 1 character password and the only possible password for that 1 character is lowercase a-z, then you have 26 possible password combinations. But if you have 2 characters, now you have 676 possible password combinations.
So regardless of how random a password is, in a brute force attack, a longer password will always take longer to crack.
You're missing the point here: you're sophisticated and understand that poor password choice produces high risk.
Since WPA is susceptible to dictionary attacks, wouldn't you build an interface that would reject poor passwords? Or would you advertise WPA as a way to enter simple passwords? You're smart: you'd build an interface that had crack behind it and a good dictionary, or at least required 20 digits and some punctuation.
Since the marketing folks and interface designers are encouraging the use of simple passwords, this dramatically increases the risk to consumers that their networks aren't truly secure.
Freelance tech journalist for the Economist, MIT Technology Review, Macworld, and others
Okay, so users might pick a password which is less than 20 characters and is dictionary based. Guess what? They always will... Security is a balancing act. If you make security too cumbersome, then users will find a shortcut and abuse it, making it worse than no security. If the spec enforced something like: "passphrases must be at least 128 hex characters" you'd end up with a bunch of passwords which were all "AAAAA..." (or something similiar)
The simple truth is people are lazy. How many passwords do you have? And how many password guarded accounts? I bet even the most diligent of us out there only have a small number of "good" passwords which we use for damn near everything and never rotate.
The problem with WEP was flawed crypto. No matter how good my password was, someone could crack it with unacceptable ease. At least with this new scheme those of us with "good" passwords have a chance.
Guys, wifi is limited in scope to that which is not more than a few hundred yards from the access point. The password doesn't have to stop everybody, just everybody not too far away.
/.?
That limits the damage scope of a malicious party to that within a half a mile of their present location.
The *same* limitations of passwords on the public Internet, however, are much more likely to be damaging. Let me give an example...
How many people use email with pop3 over the Internet? Not only are these accounts typically set up with crummy passwords (like "Robert" - their middle name, or "120871" - their b/day) but then the passwords are sent, several times/day in plaintext!
And yet, with all of these big, huge, security no-nos, pop3 reigns supreme as the standard for email receipt on the 'net, and seldom is there actually a problem.
So, to whit, we have an issue like "A credit card can be used to bypass the locks on many doorknobs" and it makes front page at
I have no problem with your religion until you decide it's reason to deprive others of the truth.