Slashdot Mirror
New Wireless Security Standard Has Old Problem?
eggboard writes "Wireless security expert Robert Moskowitz, who sits on IEEE and IETF committees on that subject, sent me a short paper on a glaring weakness in the Wi-Fi Protected Access (WPA) protocol that's replacing the weak and broken WEP system well discussed here at Slashdot. His paper, which I've posted here, proves definitively that while WPA itself remains robust and secure, the interface for choosing consumer passwords makes it simple to snarf a tiny bit of network traffic and perform an offline dictionary attack. For Slashdot readers, this probably seems trivial, but because Linksys, Apple, and others are letting users enter My Dog Has Fleas as their passphrase, WPA might be less secure for home users than WEP."
Firstest Postus.
Posted using the old Wireless Security Standard.
FIRST
Who is that old FAT-ASS dork on userfriendly.org?
PS, the comic strip is about as funny as British Humor -- NOT FUNNY AT ALL!
Way to tell everybody my password.
Man, now I have to change it.
My Dog Has Fleas is a positively fantasic password compared to the usual choice of a middle name, spouse's name, child's name or birthdate.
Or, of course, the infamous "password."
Off topic but relevant to Slashdot in general. Earlier today I submitted a story about a speed record attempt over North America this afternoon that people could go out and look at. It came out around 1pm that a coast-to-coast supersonic passenger jet - one of the final Concorde flights - was just about to start. I posted to Slashdot, and it still isn't up. The flight has now landed. Given all the excitement the plane has generated recently - see:
1 6/1320233&mode=thread&tid=134&tid=160
Mystery Fireball a Concorde Contrail?
http://science.slashdot.org/article.pl?sid=03/10/
it could have been serious for slashdotters in Canada and possibly northern US States incl Washington State to check out possible sonic booms and contrails/fireball appearance overhead, knowing there was a world speed record attempt on. Also, see the flast flight of a supersonic passenger plane over North America for who knows how long. How many times do you get to see that as it happens with your own eyes?
The story had not made it to any news outlets I'm aware of yet. It only came to light through various plane aficionados keeping in touch with what North America air traffic control and airlines are planning. It went out on JFK air traffic control at 1pm, and hence became public knowledge. This would have been a Slashdot Internet scoop.
So - question - if you know of something major about to happen, and want to alert slashdotters who are obviously interested given prior threads - how do you let everyone on Slashdot know about it while it is still happening? How do you get it through the submissions process before the story is dead? What about the next time something seriously interesteing is about to happen?
Update - just posted on Seattle Museum of Flight website
Page updated 4:00 p.m. PST, November 5, 2003
http://www.museumofflight.org/visit/concorde.html
Concorde has landed and set a new World's Record for New York to Seattle.
8 steps to greasing your anus for yoda doll insertion
1) defecate. preferably after eating senna, ex lax, prunes, cabbage and hot sauces.
2) wipe ass with witch hazel, soothes horrific burns
3) prime anus with anal ease.
4) slather richly a considerable amount of vaseline or other anal lubricants into your rectum at least until the bend and also take your yoda doll or yoda soap on a rope and liberally apply it.
5) pucker your ballon knot several times actuating the sphincter muscle in order to work it in
6) slowly rest yourself onto your yoda figurine
7) make sure to have a mechanism by which to fish yoda out of your rectum, the soap on the rope is especially useful because that is built in.
8) gyrate gleefully in your computer chair while your fat sexless geek nerd loser fat shit self enjoys the prostate massage you'll be getting. Read slashdot. Masturbate to anime. Email one of the editors hoping they will honor you with a reply. Join several more dating services - this time, you dont check the (desired - speaks english) and (desired - literate). You figure you might get a chance then. Order some fucking crap from Think Geek. Get Linux to boot on a Black And Decker Appliance. Wish you could afford a new computer. Argue that IDE is better than SCSI because you cant afford SCSI. Make claims about how Linux rules. Compile a kernel on your 486SX. Claim to hate windows but use it for Everquest. Admire Ghyslain's courage in making that wonderful star wars movie. Officially convert to the Jedi religion. Talk about how cool Mega Tokyo is. Try and make sure you do your regular 50 story submissions to Slashdot, all of which get rejected because people who arent fatter than CowboyNeal can't submit. Fondle shrimpy penis while making a yoda voice and saying, feel the force, padawan, feeel the foooorce, hurgm. Yes. Yes. When 900 years you reach, a dick half as big you will not have.
All in a days work with a yoda figurine rammed up your ass.
Ground Control to Yoda Doll
Ground Control to Yoda Doll
Take your ass grease pills and put your helmet on
Ground Control to Yoda Doll
Commencing countdown, engines on
Check ignition and may God's love shove up you
Ten, Nine, Eight, Seven, Six, Five, Four, Three, Two, One, Shove Up
This is Ground Control to Yoda Doll
You've really made the grade
And the papers want to know whose butts you tear
Now it's time to leave the suppository if you dare
"This is Yoda Doll to Ground Control
I'm stepping through the door
And I'm stinking in a most peculiar way
And the ass look very different today
For here am I sitting in an ass can
Far inside the butt
My face is turning blue
And there's nothing I can do
Though I'm past one hundred thousand bowels
I'm feeling very still
And I think my buttship knows which way to go
Tell my wife I ream her very much, she knows"
Ground Control to Yoda Doll
Your circuit's dead, there's something wrong
Can you hear me, Yoda Doll?
Can you hear me, Yoda Doll?
Can you hear me, Yoda Doll?
Can you....
"Here am I floating in my ass can
Far inside his Moon
My face is turning blue
And there's nothing I can do."
If all it took were a dictionary attack to sniff a password, at least it took that much.
This isn't some simple passthrough that can be gotten through by knowing a couple backdoor passwords, it's a real live algorithm.
But in the end, it's up to the user to enter a password and as long as humans remain humans easy to remember passwords will always be chosen over #HrS2sWmNw/()LggDwMn.
It doesn't matter how easy to break a new system is, it's better than having no security.
I recently took my laptop on a trip across Toronto and in a couple of hours spotted around 60 wireless networks. Around 80% had NO encryption enabled at all. And yes, the most common SSIDs are 'default' and 'linksys'.
So make a system more complex and people won't use it - which defeats the whole object of it.
Jolyon
Please read my Canon EOS tech blog at http://www.everyothershot.com
The important thing here is that this allows for actual security for users smart enough to use good passwords. Even in hex users can enter dumb passwords ("AA AA AA AA AA...").
treos rock
I hope you choke on your own spunk you smarmy fuck
<P> <A> <LI> <OL> <UL> <EM> <BR> <TT> <STRONG> <BLOCKQUOTE> <DIV> <ECODE>
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people's comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
If you want replies to your comments se
Weakness in Passphrase Choice in WPA Interface
By Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of TruSecure Corp
Use of PSK as the key establishment method
WPA and 802.11i provide for a Pre-Shared Key (PSK) as an alternative to 802.1X based key establishment. A PSK is a 256 bit number or a passphrase 8 to 63 bytes long. Each station MAY have its own PSK, tied to its MAC address. To date, vendors are only providing for one PSK for an ESS, just as they do for WEP keying.
When a PSK is used instead of 802.1X, the PSK is the Pairwise Master Key (PMK) that is used to drive the 4-way handshake and the whole Pairwise Transient Key (PTK) keying hierarchy. There is a straightforward formula for converting a passphrase PSK to the 256-bit value needed for the PMK.
This paper will look into the risks of using a PSK and particularly the risk associated with a passphrase-based PSK.
How the PSK is used in WPA and 802.11i
The PSK provides an easily implemented alternative for the PMK as compared to using 802.1X to generate a PMK. A 256bit PSK is used directly as the PMK. When the PSK is a passphrase, the PMK is derived from the passphrase as follows:
PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)
Where the PBKDF2 method is from PKCS #5 v2.0: Password-based Cryptography Standard. This means that the concatenated string of the passphrase, SSID, and the SSIDlength is hashed 4096 times to generate a value of 256 bits. The lengths of the passphrase and the SSID have little impact on the speed of this operation.
The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake. This is why the whole keying hierarchy falls into the hands of anyone possessing the PSK, as all the other information is knowable.
The Intra-PSK attack
The normal practice is to have a single PSK within an ESS. To generate any PTK, a device only needs to learn the two MAC addresses and nonces (and the selected ciphersuite). All of this is available in the initial exchange, from the ASSOCIATE through the 4-Way Handshake. Any device can passively listen for these frames and then generate the PTK. If the device missed these frames, it can send a DISASSOCIATE against the STA and force the STA to perform the ASSOCIATE through the 4-Way Handshake again.
Thus even though each unicast pairing in the ESS has unique keys (PTK) there is nothing private about these keys to any other device in the ESS.
The offline PSK dictionary attack
A station that does not know a passphrase-based PSK can attack it with an offline attack. This is effective for an outsider where there is a single PSK in the ESS, or an insider where there are unique PSKs.
The 802.11i standard points out that:
A passphrase typically has about 2.5 bits of security per character, so the passphrase of n bytes equates to a key with about 2.5n + 12 bits of security. Hence, it provides a relatively low level of security, with keys generated from short passwords subject to dictionary attack. Use of the key hash is recommended only where it is impractical to make use of a stronger form of user authentication. A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks.
The PTK is used in the 4-Way handshake to produce a hash of the frames. There is a long history of offline dictionary attacks against hashes. Any of these programs can be altered to use the information in the 4-Way Handshake as input to perform the offline attack. Just about any 8-character string a user may select will be in the dictionary. As the standard states, passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use.
This offline attack should be easier to execute than the WEP attacks.
Using Random values for the PSK
The PSK MAY be a 256-bit (64 hexadecimal) random
My cat's breath smells like cat food.
Only long passwords and encouraging the users to use good quality passwords/phrases really helps.
Ultimately though, these passphrases are flawed anyway- they are a form of shared password. History has shown this to be a thoroughly bad idea, one passphrase per user/machine is a far better idea; and even the user shouldn't know what it is (that way it can't get beaten out of them- black cosh crytography works pretty darn well.) These standards organisations aren't even trying.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"yeah, but #HrS2sWmNw/()LggDwMn.
is easier to crack than
"I bought 2 bags of frozen peas at the store"
which is much easier to remember
/bin/fortune | slashdotsig.sh
but my dog DOES have fleas...
MARIJUANA, SHROOMS, X: ONLINE?! - E
Hold it, someone correct me if I'm wrong, but doesn't this mean that instead of collecting thousands of weak packets in RFMon you just need to collect one packet from each network and brute force it?
Which method is harder to crack? I'd take WEP. Simply because its takes longer to collect the necessary packets; especially on a smaller network. On a larger network it may work out to be better from a security standpoint for the cracker to start a brute force attack on the packet on a spare computer and let it sit for a few days instead of having him hide a pocket PC with a wifi card in range of the AP for a few days.
I've just bought my first wireless kit (DLink 802.11b wireless router plus card for $60).
I did some reading on WEP and it sounds pretty frightening. Today I'm going over to set up the same kit for a friend who's NOT a slashdot type. I'm pretty-well used to data protection issues, and I take reasonable precautions and would also not freak out if something Bad happened. But I'm wondering what I should tell my non-techie friend.
Practically speaking, just how vulnerable is WEP? If my friend has a good non-dictionary password and uses "256 bit" encryption, is he reasonably safe from casual hijacking?
That's certainly what the manufacturers would have us believe, and the low prices and ubiquitous Starbucks access points seem to be causing a lot of folks to adopt wireless, at least out here in silicon valley.
Having read up on the security problems, I'm now hoping some of you can provide or point to real-world scenarios.
Hope this isn't too off-topic...
This Like That - fun with words!
The text of the parent has been edited. Mod it down. It is a troll.
Using a relatively small random value represented in hexadecimal, Rob Malda's relatively small dick, and entering it as a passphrase will expand it to a proper 256-bit PSK.
This and many other security concerns were voiced years ago in the IEEE. Unfortunately, the buffoons who pushed the standard through were not interested in hearing about them.
Misdirected karma: they screw up, consumers get hit.
Weakness in Passphrase Choice in WPA Interface
By Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of TruSecure Corp
Use of PSK as the key establishment method
WPA and 802.11i provide for a Pre-Shared Key (PSK) as an alternative to 802.1X based key establishment. A PSK is a 256 bit number or a passphrase 8 to 63 bytes long. Each station MAY have its own PSK, tied to its MAC address. To date, vendors are only providing for one PSK for an ESS, just as they do for WEP keying.
When a PSK is used instead of 802.1X, the PSK is the Pairwise Master Key (PMK) that is used to drive the 4-way handshake and the whole Pairwise Transient Key (PTK) keying hierarchy. There is a straightforward formula for converting a passphrase PSK to the 256-bit value needed for the PMK.
This paper will look into the risks of using a PSK and particularly the risk associated with a passphrase-based PSK.
How the PSK is used in WPA and 802.11i
The PSK provides an easily implemented alternative for the PMK as compared to using 802.1X to generate a PMK. A 256bit PSK is used directly as the PMK. When the PSK is a passphrase, the PMK is derived from the passphrase as follows:
PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)
Where the PBKDF2 method is from PKCS #5 v2.0: Password-based Cryptography Standard. This means that the concatenated string of the passphrase, SSID, and the SSIDlength is hashed 4096 times to generate a value of 256 bits. The lengths of the passphrase and the SSID have little impact on the speed of this operation.
The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake. This is why the whole keying hierarchy falls into the hands of anyone possessing the PSK, as all the other information is knowable.
The Intra-PSK attack
The normal practice is to have a single PSK within an ESS. To generate any PTK, a device only needs to learn the two MAC addresses and nonces (and the selected ciphersuite). All of this is available in the initial exchange, from the ASSOCIATE through the 4-Way Handshake. Any device can passively listen for these frames and then generate the PTK. If the device missed these frames, it can send a DISASSOCIATE against the STA and force the STA to perform the ASSOCIATE through the 4-Way Handshake again.
Thus even though each unicast pairing in the ESS has unique keys (PTK) there is nothing private about these keys to any other device in the ESS.
The offline PSK dictionary attack
A station that does not know a passphrase-based PSK can attack it with an offline attack. This is effective for an outsider where there is a single PSK in the ESS, or an insider where there are unique PSKs.
The 802.11i standard points out that:
A passphrase typically has about 2.5 bits of security per character, so the passphrase of n bytes equates to a key with about 2.5n + 12 bits of security. Hence, it provides a relatively low level of security, with keys generated from short passwords subject to dictionary attack. Use of the key hash is recommended only where it is impractical to make use of a stronger form of user authentication. A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks.
The PTK is used in the 4-Way handshake to produce a hash of the frames. There is a long history of offline dictionary attacks against hashes. Any of these programs can be altered to use the information in the 4-Way Handshake as input to perform the offline attack. Just about any 8-character string a user may select will be in the dictionary. As the standard states, passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use.
This offline attack should be easier to execute than the WEP attacks.
Using Random values for the PSK
The PSK MAY be a 256-bit (64 hexadecimal) random
Thought i would put up a mirror as it looks like the site is really slowing down and might die soon.
ghh mportant Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic,mportant Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic,
1..2..3. Hey that is the same combination I use on my luggage!
There's a growing sense that even if The Future comes,
most of us won't be able to afford it.
-- Lemmy
Basically they are claiming that this protocol is insecure becase users choose bad passwords. Duh. Why not just let the user enter as pass phrase, then make an MD5 from the user supllied passphrase, then use the sum as the wireless passphrase. It's difficult to do a dictionary attack, and the user gets to stick with his chosen easy to remember pass phrase.
...my wireless router has a first name
it's l-i-n-k-s-y-s
my router has a SSID
it's l-i-n-k-s-y-s
RE: password security -- what about the old technique of using an acronym for something that wouldn't be hit by a dictionary attack? Um, like:
My Dog Has Fleas And Your Mom Does Too would create a password of "mdhfaymdt" ? Secure enough...and probably not in someone's best interest to share with anyone else.
This has nothing to do with anything remotely Slashdot related, but I need to do something before my head explodes...
As I type this, my roomate and my best friend/recent lover are fucking in the next room over. WHAT THE FUCK. After 10 years of friendship and built-up sexual tension, we finally hooked up and now less than a week later she's banging my roomate. I am so fucking incensed right now I can't think straight. I wouldn't mind if they went to a hotel or otherwise didn't make it known, but she just FUCKING WALKED PAST MY ROOM TOPLESS AND SHUT THE DOOR IN MY FUCKING FACE. How fucking insensitive can you be?!
This sucks. It's 3AM and I'm telling strangers (GEEK strangers, no less) about my personal problems. I am a big pussy and will most likely not say anything to either one of them so I expect this to go on for a while. Fuck.
Feeling low? There's someone else out there that's having a worse day than you. Trust me.
The idea here (I know, I was there when we voted it into the standard) is that the PBKDF2 is computationally significant.
Thus when you perform your offline dictionary attack, for each lookup in the dictionary, you must perform 4096 HMAC_SHA1s and this might take some time if you are looking up a large number of dictionary entries.
The basic conflict is the wide disparity between the power of processors in low end 802.11 transceivers and high end computers. The time to compute the 4096 HMAC-SHA1s is significant on say a slow ARM7TDMI and the 4096 value is a compromise to limit the delay in computing this. This delay affects the time from pressing return on the keyboard, to the time the PTK can be known and communications can begin.
However the attacker can apply his cluster of 3GHz PCs, or his FPGA HMAC_SHA1 parallel processor, or his supercomputer array, and make the speed of dictionary lookups relatively insignificant compared against the strength of the passwords being used.
The wise people asked for a much higher number than 4096. Some implementation types beat it down to 4096, and here we are..
Evil people are out to get you.
I think this problem is present in *any* system that relies on user passwords. according to the article, each character in a password is equivalent to about 2.5 "bits" of encryption (since you can't use the entire ascii bitspace and some words/letters are more common, etc). this is a higher number than I saw referenced in one of bruce schneier's books (he said 1.3 bits of entropy per char I think.).
so, if your 128 bit or 256 bit or bit security system is ultimately based from a human-rememberable (and thus probably short) password, is there ANYTHING that can be done short of requiring 30 character passwords?
256bit PSK is used directly as the PMK. When the PSK is a passphrase, the PMK is derived from the passphrase as follows:
PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)
---------
Now I see where the problem is. Easily solvable...
alias passphrase = write "enter you MSG" \
read $MSG \
echo "$MSG" | rot13 | rot13 |mail -s Passphrase luzer@name.com
That wasn't so hard now was it?
wget -qO - kungfunix.net/fatality|sed -n '1!G;h;$p'
MoFscker
"Poorly choosen passwords lead to insecurity."
Well, duh. I didn't need three pages of dense, TLA-obscured claptrap to tell me that.
hahaha thanks for that
really, I have to re-install windows about once every omnth or month and a half (maybe I could stretch it out a little bit longer, but with increasing issues and difficulties) I have long since abandoned my PC as a platform for any kind of critical information. If someone wants to use it, fine, go ahead. I prefer it if no one were malicious, but hey, i'd just be re-installing anyway. What about my bandwidth you say? have at that too. I'm not using it all anyway. I might be a little peeved when I am playing games, but its not going to kill me (well it might when I am in a game, but not in real life) These are the reasons I love knoppix... a nice clean start every time!
After reading the article (gasp!), this guy is saying that if you (the user) choose a passphrase that is susceptible to a dictionary attack, your passphrase could be compromised by someone using a dictionary attack. No kidding? I would have thought that choosing a passphrase of common words would make it HARDER for a brute-force program using a dictionary of common words to crack! Slow news day, or what?
He also points out that WPA is perfectly secure with a good shared key (such as generating 256 bits of random characters) or using the built-in 802.1X authentication system. So....what's the point here?
perform an offline dictionary attack
What, you sneak up behind the sysadmin and brain him with a copy of Webster's?
Dark Helmet: So the combination is 1,2,3,4,5 ... That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage.
President Skroob: . . . 1,2,3,4,5. That's amazing I've got the same combination on my luggage.
YOU'RE WINNER !
Another lame blog
hexdump -e "\"%04x%04x\n\"" -n 8 /dev/random
Pre shared key auth/keying is a bad idea. Public key based authentication with random session keys via integration with RADIUS or Kerberos is much more secure (and should be supported by any WPA capable AP)
that's right. talk about malicious behaviour? these fauxking payper liesense stock markup FraUD billyonerrors, have done more damage to US, with their felonious softwar gangster crimewave/shoddy products, than can be measured accurately.
so, in typical ?pr? ?firm? hypenosys gangster fashion, rather than repair the infactdead BugWear(tm) blight, they endeavor to shift the focus from their owned greed/fear/ego based foibles, to place the bullame (with the support of the georgewellian fuddite murderers) onto some vandals who did not much more than to eXPose the ongoing shoddiness of the felons' 'products'.
they know J. Public has no clue as to the facts, & they continue (pretending) to deny the very existence of the creators, & the newclear power plan.
lookout bullow. the daze of the greed/fear/ego based felonious payper liesense ?pr? ?firm? hypenosys stock markup fraud execrable, is WANing into coolapps/the abyss, at the (increasing) speed of right.
pay no mind/money to the felonious payper liesense corepirate nazi softwar gangster stock markup FraUD execrable. they are self-dissolving by their owned MiSdeeds/whoreabull motives.
that's won way to help to disempower unprecedented evile.
consult with/trust in yOUR creator... get ready to see the light.
Uh oh, looks like you should have posted AC
Speaking as a cryptographer and longtime security geek, this weakness is about as damning as... using a 128 bit cipher that only gives 120 bits of protection. Look at the big picture. Most people don't even use WEP, let alone limit access by MAC address. The average user is SO oblivious to security, sharing passwords, opening .EXE attachments... I'd hate to recall how many times I found things like .rhosts files with '++' in them among career Unix programmers who must have known better. WEP was a semi-broken protocol, TACACS+ was a totally broken protocol, there was no way one could use them without compromising security. Just as nobody can use a number of commercial software products without compromising security.
WPA, on the other hand, is a very well-designed protocol. It is only as weak as its users are careless. And one need not choose "h^Ne#b8SV@,4g%yP" as a password to avoid this attack, any semi-uncommon phrase of 4 or 5 words will do.
I will deal with this problem by threatening users with a nasty note in their personnel file if they choose a sh*t passphrase -- and terminate their wireless access. And yes, I will try cracking the passwords myself, just as I have done with operating system passwords for several years.
I sure wish all my security problems were so simple! At least WPA *can* be secure, unlike the steaming heap of offal that most folks call a desktop operating system.
Boy, some peole just want to find things to complain about. I just read another "you have to protect us from ourselves" article today, perhaps this should have been included in their list. Personally, I think if people want to hurt themsleves this way they should be allowed to do so. If they do it as part of their job then better qualified technical people should take their place.
I'm an American. I love this country and the freedoms that we used to have.
and always will be that computer security is a deturrent for script-kiddies. if someone wants your computer to be a smoldering pile of has-been, it will happen no matter how much money you "invest".
You are confusing me with someone who cares.
YOU
(IT)
I'd like to have seen this story. This happened live, right now, and I have friends that could have seen it. Liked the earlier /. on the sky meteor, and would have been way better if /. could have posted in advance to go look at it!!! The guy posted as a story and a OT thread, but that gets dumped to the dregs here, so we still don't hear about it.
/. has good filter people. Must be a better way to handle OT major announces. That Guy Fawks story today is fun, but I could have heard it tomorrow with no difference, and still have friends get to see the record breaking today.
Presentation - Tim Moore, Doug Whiting, Jesse Walker - doc 02/545r0 - Mapping Password to PSK
Standardize a method to generate a 256 bit PSK from an ASCII password.
PSK = PBKDF2(password, ssid, ssidlen, 4096, 256)
Jesse: Only do this if you have to. Security is bad.
Tim: Use hard to guess passwords. Also change SSID from default.
Jesse: I would suggest that every AP ship with a different SSID.
Comment: This forces the administrator to set them to a common value in order to roam.
Comment: Why so big (4096)
Doug: Increases the number of effective bits by that amount.
Comment: How long does this take?
Tim: 17ms on my machine.
Comment: There is a Unicode problem here with UTF8. Results will be different based on code page used.
Comment: Will a 1 byte SSID cause a problem with this?
Tim: This will work, but won't be very good.
Doug: Doc says don't use this in the corporate environment. Suggested for home use.
Comment: Apple had a concept of pass phrase. Is this the same?
Chair: I don't believe they ran it through a function.
Tim: How much time to people want to review the draft?
Chair: If we postpone a motion, will anybody look at it?
Jesse: Do you want it incorporated as normative?
Comment: It could be normative for optional.
Tim: Either we make it normative or WECA does.
Jesse: We could put it in an informative annex.
Motion by Russ Housley
Motion to incorporate document 02/545r0 as an informative annex.
Second: Jesse Walker
Discussion:
Comment: Request to change document to use passphrase instead of password.
Motion to amend by Donald Eastlake.
Change motion to be:
Motion to incorporate document 02/545r0 as an informative annex with password replaced by passphrase.
Second: Paul Lambert.
Discussion:
Comment: We have not properly defined "passphrase". Does the editor know this definition?
Jesse: I have seen it before.
Comment: Call the question
Chair: Any objection?
None
Vote on motion to amend: 22-1-2 Passes
New main motion:
Motion to incorporate document 02/545r0 as an informative annex with password replaced by passphrase.
Any discussion on new main motion?
None
Vote on new main motion: 24-0-1 Passes
Evil people are out to get you.
Where are you getting this stuff?!?
assuming there are about 10K words in common vocabulary, and you use 10 words, that's about 10,000^10. pretty large, but only about 23 bits.
10,000^10 ~ (2^13.3)^10 = 2^133 = 133 bits of encryption.
but your 20 character password has a huge entropy. you have 26 lowercase letters, 26 uppercase letters, 10 numbers and about 10 punctuation marks. that's 66 possibilities per character. now 72^20 is a lot. that's about 26 bits.
66 possibilities * 20 chars ~ (2^6)^20 = 2^120 = 120 bits of encryption.
Above is tubgirl link. why do they want us to see it?
When I try to enable WPA (Enterprise) with the latest Airport software it tells me, (a) it is not compatible with my 802.11b card, (b) it is not compatible with MAC address access lists, and, (c) it is not compatible with WDS. WDS is where you can chain Airport connectivity over the air, which I use, and (b) only occurs under WPA Enterprise as opposed to personal. I can see (a) being rationalized under needing better hardware for better encryption, and I was going to upgrade regardless, but (b) and (c)? Doh!
Maybe a year ago I read this great guide on choosing a password that went through all the mathematics of how long it would take to break a password with just regular words, one with mixed case letters, one with irregularly placed characters, etc. It gave some good practical advice for coming up with memorable passwords that were secure. Can anyone direct me to this document? I've tried googling but I haven't had any luck. Don't remember much more about it. Thanks!
Yes, but how would polite people know whether a site is open intentionally or not?
.here) to help with this sort of thing.
2 49 29/286/2
l dh ere-01.txt
That's one of the many reasons why I proposed the setting up of a reserved TLD (e.g.
That way Joe Schmoe can just do http://here/ or something like that and learn more about the WiFi service/area he is using, terms and conditions. And there's lots more you can do with this sort of thing.
http://www.warchalking.org/comments/2002/9/27/1
http://www.watersprings.org/pub/id/draft-yeoh-t
Many institutions unwittingly standardize on weak passwords. For example, a certain EE department at a certain university (that I might attend), has a password convention of six characters, letters and numbers, but no two letters or numbers are allowed next to each other. So all the passwords are number, letter, number, letter, etc or letter, number, letter, number. They don't even require mixed case letters.
====
Crudely Drawn Games
> yes, I will try cracking the passwords myself,
Are you sure that's not a DMCA violation?
Thanks & good thinking. Reason I posted under my own id is this is a great story, at least according to other more specialist forums. How many times on Slashdot do you get to hear about something as a main article BEFORE another site posts it? How many times do you get to see a world speed record broken over your own town? When I sent the original article I could find no mention of it. Did a lot of trawling, and now found some news on various special interest aviation boards.
Given there was a lot of interest in the Concorde mistaken for meteor article, I figured it would be excellent for some slashdotters to get the chance to see it with their own eyes. Not just some digital camera photo a week old. Luckily some people got to see it, and a happy co-incidence if a few of them were slashdotters.
Now if that kind of scoop gets rejected, and OT stories are automatically relegated to the dumpster, I know nothing important and happening now i find out about will ever get posted. Will be content to read and enjoy slashdot as an AC.
tsarkon thanks you for your attention to the yoda doll chronicles.
...promote terrorism!
Seriously though, is there any reprecussion if some stranger comes up, enters your WAP, and downloads kiddie porn or *gasp* illegal mp3's?
-Eyston
You can't come in here unless you say "swordfish". Now, I give you one more guess.
Comment removed based on user account deletion
Ha! What a fucking loser you are. You post the same thing as me but then point to my article which was posted 10 minutes earlier and say its a troll just to try and get mod points.
I also loved how you posted as an AC to try to back up your claim.
Fucking moron.
Don't listen to the idiot below who as AnnieCoulter copied and pasted this text 10 minutes after I did in an attempt to get mods points.
Yeah like anyone wouldn't figure out that AnnieCoulter who copied and pasted the above post and then posted as an AC saying this was troll wasn't the same person.
This is just a troll trying to get karma so that they can troll at +1. Dumb ass.
WiFi security basics:http://azwardriving.com/security/
for mod points. Lame.
Why don't these companies start implementing Kerberos? Or something similar. My understanding is that no passwords are ever sent out over the network.
http://web.mit.edu/kerberos/www/
1. Use IPSec, or
2. Restrict the access point so that no connections can be made anywhere except to a VPN server
I'm currently planning something along the lines of (2) at home. I plan to use the hostap driver for Linux and firewall the wireless interface off from everything except for a single port which goes through to a VPN server. In order to talk to ANYBODY the client will have to log in through the VPN.
This way if/when a weakness is discovered in the crypto I just upgrade the software on the server/client instead of blowing money on new hardware every time they standardize on something else.
The only problem is that users can still DOS each other wirelessly, but there's nothing that can be done about that.
6cea e4ca 6713 721c 4cbf 71a4 e1aa 8972 0a03 f9d0 47a9 8f3c 9ead 8fb4 35d9 38c0 0406 1f02 0c46 878f 42f8 5ec1 77c5 1a99 f64b 5ad3 bb82 2c93 7870 a725 ba29 dd2b c470 0e70 3bf4 9c50 01a3 31cd c717 0b68 afe0 d479 62b2 46c0 a0c6 af61 c8e0 1915 01f4 8df8 be64 7401 4ed7 1459 766c d888 e772 f41b b310 e958 ebf6 87a1 c0e7 7a60 99d1 38ff d009 4c65 7a5f dbb0 f347 7a65 1f34 254c 8167 d103 4e34 9fc7 c97b 9ac0 0575 12a5 4f0d 9c87 5015 a647 ab9d 0ff6 f940 c1e7 1699 bfef 9827 b19f 9bc9 8391 3985 ed5e 275d f2c0 d3cd d489 13d3 6d0c 9aba 85e2 221d 1990 2fc8 1584 f2cf f7a1 98de 819d 6d2f 954e 83f0 d4a6 b854 940b 6cec a490 f7ce f556 fff2 fc53 daee 7af2
By coincidence, I do plan to name my kids in hex. Leet-speak would make them look like wimps, while 6cea would certainly make my kid the coolest throughout school.
You can't judge a book by the way it wears its hair.
You're missing the point here: you're sophisticated and understand that poor password choice produces high risk.
Since WPA is susceptible to dictionary attacks, wouldn't you build an interface that would reject poor passwords? Or would you advertise WPA as a way to enter simple passwords? You're smart: you'd build an interface that had crack behind it and a good dictionary, or at least required 20 digits and some punctuation.
Since the marketing folks and interface designers are encouraging the use of simple passwords, this dramatically increases the risk to consumers that their networks aren't truly secure.
Freelance tech journalist for the Economist, MIT Technology Review, Macworld, and others
If she is, how can I get ahold of her? I want a peice of that!
Okay, so users might pick a password which is less than 20 characters and is dictionary based. Guess what? They always will... Security is a balancing act. If you make security too cumbersome, then users will find a shortcut and abuse it, making it worse than no security. If the spec enforced something like: "passphrases must be at least 128 hex characters" you'd end up with a bunch of passwords which were all "AAAAA..." (or something similiar)
The simple truth is people are lazy. How many passwords do you have? And how many password guarded accounts? I bet even the most diligent of us out there only have a small number of "good" passwords which we use for damn near everything and never rotate.
The problem with WEP was flawed crypto. No matter how good my password was, someone could crack it with unacceptable ease. At least with this new scheme those of us with "good" passwords have a chance.
Plus, hackers can obtain passwords from the wireless net that they can try against other systems if the user has not been educated to use different passwords for different systems, which is less of an issue with traditional nets.
when I read buried way down in the Solaris 9 12/02 release notes that they'd be FINALLY supporting md5 password crypts.
::eye roll::
And in typical Sun style, they created a new plugin architecture to support it. There are all of two useful plugins (the standard crypt is built into libc)...
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Home users are going to generate less traffic than businesses, and so it will take even longer to get enough traffic. Unless you happen to notice a van parked outside your house for a couple days, or find yourself staring down the barrel of a pringles can, you can relax.
- Turn off SSID broadcasting
- use a unique SSID
- For God's sake, change the admin password
- Turn on WEP
- Use MAC address filtering
Congratulations, you're now more trouble than you're worth.I tried it, its legit!
good advice. I just wish it was automatic & that more people knew they were vulnerable. I live on a quiet street and run kismac every so often, so I'm hoping my isolation will protect me... but I haven't tried a high-gain antenna yet!
HIV Crosses Species Barrier... into Muppets
I got wi-fi. I got 802.11g, I waiting for i. I live in the a densely packed suburb, with several friends who go to my school who love to war-drve. Tehy have contests. It is actually quite funny. I am helping them map out active connections. They know I have wi-fi. They try like hell to get into my net, but I have an openBSD box running a radius server. I don't have all that much to worry about. They have been trying since august and still haven't gotten in. These aren't script kiddies, these are the kids who got 5's on the AP comp test. Did I mention that we all studied independently for it, no teacher.
...and an unoriginal one too. This is the third time I've seen it, and I haven't even been looking.
Carry on, nothing to see here.
Guys, wifi is limited in scope to that which is not more than a few hundred yards from the access point. The password doesn't have to stop everybody, just everybody not too far away.
/.?
That limits the damage scope of a malicious party to that within a half a mile of their present location.
The *same* limitations of passwords on the public Internet, however, are much more likely to be damaging. Let me give an example...
How many people use email with pop3 over the Internet? Not only are these accounts typically set up with crummy passwords (like "Robert" - their middle name, or "120871" - their b/day) but then the passwords are sent, several times/day in plaintext!
And yet, with all of these big, huge, security no-nos, pop3 reigns supreme as the standard for email receipt on the 'net, and seldom is there actually a problem.
So, to whit, we have an issue like "A credit card can be used to bypass the locks on many doorknobs" and it makes front page at
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Argh!!! Get out of my head!!! How'd you do that? How'd you guess my uber-secure password! Well since you somehow got the password, I might as well give you the full passphrase: "Human resources Said 2 specify What might Not work / O Lovely grits get Dem with Miss natalie". Now GET OUT OF MY HEAD you mind-reading bastard!
Ha! It's my cat that has fleas, so that password doesn't apply to me.
/. If the government wants us to respect the law, it should set a better example.
If that's such a safe thing to do then how about posting the address of the building so the local l337 punkz can drive by and make sure you've installed your Blaster/Nachi patches.
hd /dev/random
#It's my little way of saying the kids probably aren't really mine, and their genetic code could've come from anywhere.
You can't judge a book by the way it wears its hair.
What if you don't have a dog, or he/she doesn't have fleas. Would it be more secure to use "I don't have a dog" or maybe "MY dog doesn't have fleas" or "If I had a dog, he/she wouldn't have fleas". Or any combination thereof.