Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Wireless Security Standard Has Old Problem?

Posted by simoniker on from the it's-always-something dept.

eggboard writes "Wireless security expert Robert Moskowitz, who sits on IEEE and IETF committees on that subject, sent me a short paper on a glaring weakness in the Wi-Fi Protected Access (WPA) protocol that's replacing the weak and broken WEP system well discussed here at Slashdot. His paper, which I've posted here, proves definitively that while WPA itself remains robust and secure, the interface for choosing consumer passwords makes it simple to snarf a tiny bit of network traffic and perform an offline dictionary attack. For Slashdot readers, this probably seems trivial, but because Linksys, Apple, and others are letting users enter My Dog Has Fleas as their passphrase, WPA might be less secure for home users than WEP."

27 of 249 comments (clear)

  1. Oh, thanks. by Anonymous Coward · · Score: 5, Funny

    Way to tell everybody my password.

    Man, now I have to change it.

  2. My Dog Has Fleas? by Trillan · · Score: 4, Interesting

    My Dog Has Fleas is a positively fantasic password compared to the usual choice of a middle name, spouse's name, child's name or birthdate.

    Or, of course, the infamous "password."

    1. Re:My Dog Has Fleas? by Tumbleweed · · Score: 4, Funny

      Yeah, but what if your does doesn't HAVE fleas? Or if you don't even have a dog? Then your security is based on nothing but LIES! And how secure can THAT be? Think before you ask these questions, Mitch.

    2. Re:My Dog Has Fleas? by IM6100 · · Score: 4, Interesting

      Something that amused me recently was when I installed IRIX on a cool SGI box I bought at auction.

      It refused to let me use a password longer than 8 characters.

      I am talking about a release of IRIX that was pressed to CD in the year 2002.

      --
      A Good Intro to NetBS
    3. Re:My Dog Has Fleas? by stefanlasiewski · · Score: 5, Funny

      My Dog Has Fleas is a positively fantasic password compared to the usual choice of a middle name, spouse's name, child's name or birthdate.

      Well, not really.

      Using your child's name for a password is a million times more secure then posting it on Slashdot :)

      And with the Slasdot crowd, maybe someone really does have a kid named "j3Nn!f3r". What could be more secure then that? It's so secure that those poor kindergarteners can't even pronounce it!!!

      --
      "Can of worms? The can is open... the worms are everywhere."
    4. Re:My Dog Has Fleas? by jamesh · · Score: 3, Funny

      'My Dog Has Fleas' is indeed fantastic. I'm changing all my passwords to that right now. I encourage you all to do the same.

    5. Re:My Dog Has Fleas? by Chops · · Score: 4, Funny

      Once I noticed that an acquaintance of mine's Win2k machine had no password on the "Administrator" account. I began to lecture him on the dangers of SMB, C$, and such, and the fact that his machine was basically freely usable by anyone who had (a) the internet and (b) some semblance of clue and maliciousness.

      He laughed and said, "Yeah, but who would think that the administrator account wouldn't have a password?"

      I gave up and said no more.

  3. Some security is better than no security by Dancin_Santa · · Score: 5, Insightful

    If all it took were a dictionary attack to sniff a password, at least it took that much.

    This isn't some simple passthrough that can be gotten through by knowing a couple backdoor passwords, it's a real live algorithm.

    But in the end, it's up to the user to enter a password and as long as humans remain humans easy to remember passwords will always be chosen over #HrS2sWmNw/()LggDwMn.

  4. At least use WEP! by jolyonr · · Score: 5, Insightful

    It doesn't matter how easy to break a new system is, it's better than having no security.

    I recently took my laptop on a trip across Toronto and in a couple of hours spotted around 60 wireless networks. Around 80% had NO encryption enabled at all. And yes, the most common SSIDs are 'default' and 'linksys'.

    So make a system more complex and people won't use it - which defeats the whole object of it.

    Jolyon

    --


    Please read my Canon EOS tech blog at http://www.everyothershot.com
    1. Re:At least use WEP! by WuphonsReach · · Score: 5, Informative

      We don't use WEP on our wireless net at the office. Too often, the interaction between the card and the access-point doesn't work well if WEP is enabled (different vendors for the two products).

      Instead, we've segregated all of the WAPs onto a dead-end network where the users have to VPN into our LAN through a border server. (Basically treating them as if they were outside the office and coming in from an external ISP.)

      Works pretty well, other then having to remember to VPN into the network. The traffic ends up encrypted (inside of the VPN tunnel), so it's not possible to sniff passwords.

      --
      Wolde you bothe eate your cake, and have your cake?
    2. Re:At least use WEP! by Malor · · Score: 3, Interesting

      I f you have a Linux firewall, just add another network card and move the wireless traffic off onto its own segment. Tunnel the laptop to either the firewall or a desktop machine behind it; one easy way is by running squid on a Linux box, connecting to it with SSH, and routing local port 3128 to remote port 3128. Then configure IE to use 127.0.0.1:3128 as your proxy port. Disallow all traffic except SSH to your LInux server, make sure you run a firewall on your laptop, and disallow wireless administration of the access point. This should give you a fairly secure wireless network.

      If you need additional services, you can tunnel those too; ssh can do it for free via Cygwin, but it takes a little time to set up. (each port requires a separate ssh command; you can script them if you always need several). You can also use a payware program like SecureCRT to forward multiple ports with a nice GUI interface.

      With this kind of setup, WEP becomes essentially irrelevant. In fact, it may be a detriment, simply because you may get sloppy about not setting up your tunnels if you think maybe you're not being watched.

      You can also do IPSEC, which will work with anything and won't require specific tunneled ports, but that's a lot more complex. SSH is simple, fast, easy, and pretty secure.

  5. There will always be stupid users... by mackman · · Score: 3, Insightful

    The important thing here is that this allows for actual security for users smart enough to use good passwords. Even in hex users can enter dumb passwords ("AA AA AA AA AA...").

  6. Big deal by WolfWithoutAClause · · Score: 4, Informative
    Just about any protocol allows dictionary attacks. Whilst some techniques, like salt, help, ultimately they make the problem for the bad guys only slightly harder.

    Only long passwords and encouraging the users to use good quality passwords/phrases really helps.

    Ultimately though, these passphrases are flawed anyway- they are a form of shared password. History has shown this to be a thoroughly bad idea, one passphrase per user/machine is a far better idea; and even the user shouldn't know what it is (that way it can't get beaten out of them- black cosh crytography works pretty darn well.) These standards organisations aren't even trying.

    --

    -WolfWithoutAClause

    "Gravity is only a theory, not a fact!"
  7. Improvement over WEP?! by hobbesmaster · · Score: 3, Insightful

    Hold it, someone correct me if I'm wrong, but doesn't this mean that instead of collecting thousands of weak packets in RFMon you just need to collect one packet from each network and brute force it?

    Which method is harder to crack? I'd take WEP. Simply because its takes longer to collect the necessary packets; especially on a smaller network. On a larger network it may work out to be better from a security standpoint for the cracker to start a brute force attack on the packet on a spare computer and let it sit for a few days instead of having him hide a pocket PC with a wifi card in range of the AP for a few days.

  8. This is *Supposed* to be hard by TechyImmigrant · · Score: 5, Informative

    The idea here (I know, I was there when we voted it into the standard) is that the PBKDF2 is computationally significant.

    Thus when you perform your offline dictionary attack, for each lookup in the dictionary, you must perform 4096 HMAC_SHA1s and this might take some time if you are looking up a large number of dictionary entries.

    The basic conflict is the wide disparity between the power of processors in low end 802.11 transceivers and high end computers. The time to compute the 4096 HMAC-SHA1s is significant on say a slow ARM7TDMI and the 4096 value is a compromise to limit the delay in computing this. This delay affects the time from pressing return on the keyboard, to the time the PTK can be known and communications can begin.

    However the attacker can apply his cluster of 3GHz PCs, or his FPGA HMAC_SHA1 parallel processor, or his supercomputer array, and make the speed of dictionary lookups relatively insignificant compared against the strength of the passwords being used.

    The wise people asked for a much higher number than 4096. Some implementation types beat it down to 4096, and here we are..

    --
    Evil people are out to get you.
  9. Shorter Version of the Article by f1f2f3 · · Score: 3, Insightful

    "Poorly choosen passwords lead to insecurity."

    Well, duh. I didn't need three pages of dense, TLA-obscured claptrap to tell me that.

  10. Re:WEP newbie question - how bad is it? by hobbesmaster · · Score: 3, Informative

    It takes far longer than that. Getting thousands of interesting packets takes weeks for a 256bit WEP network being used by only one person.

    And yes, this is from experience. I will neither confirm nor deny that I was given permission to try this...

  11. Re:WEP newbie question - how bad is it? by Dusty · · Score: 4, Informative

    Ars Technica has a good summary of what you can do with SSID's and WEP to improve your wireless network's security:-

    Security Practicum: Essential Home Wireless Security Practices
  12. What's that? by dswensen · · Score: 5, Funny

    perform an offline dictionary attack

    What, you sneak up behind the sysadmin and brain him with a copy of Webster's?

  13. Re:WEP newbie question - how bad is it? by timeOday · · Score: 3, Informative
    The threat is way overblown. I'm willing to bet that fewer than 1% of WEP-protected access points fall to cryptographic weakness (but my guesstimate will yield immediately to anybody with ACTUAL DATA that agrees or disagrees). Any sensitive data you send, you should be (and probably are) sending over ssl (when the little lock appears in your browser window), using ssh instead of telnet, etc. As for Starbucks access points, they're not protected by WEP anyways.

    Just enable the WEP, use secure applications for sensitive data, and quit worrying about it.

  14. Re:WEP newbie question - how bad is it? by ch-chuck · · Score: 3, Informative

    Don't worry, set him up, turn on wep, make some keys, and also use MAC filtering so only known stations can get in. To get around both those someone has to be fairly determined, just like someone determined to get in your house can probably do so, no matter what locks and alarms you install. That'll keep out the accidental neighbors and casual drive by scanners. Anything important like credit card numbers should be encrypted from browser to server with SSL anyway.

    Now, if a bank or hospital was going to install a wireless wep on a campus with account passwords etc in the air in the parking lot, then you'd have good reason to worry.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  15. Re:My Dog Has Fleas by shird · · Score: 4, Informative

    Actually, a dictionary attack is inlikely to break 'My Dog has Fleas' because it is composed of multiple words, is fairly long, and has mixed case. Dictionary attacks typically involve just one or possibly two words strung together. Anymore and it becomes pretty impratical.

    The only pratical way to find that password is through brute force. In this scenario, the longer the password and more possible different characters (ie lowercase and uppercase, and spaces) makes it more difficult. Thus, 'My Dog has Fleas' would be more secure than 'mdhfaymdt' against a brute force attack. The latter could be broken in a matter of hours through brute force.

    --
    I.O.U One Sig.
  16. WPA dictionary attack by uucpbrain · · Score: 5, Insightful

    Speaking as a cryptographer and longtime security geek, this weakness is about as damning as... using a 128 bit cipher that only gives 120 bits of protection. Look at the big picture. Most people don't even use WEP, let alone limit access by MAC address. The average user is SO oblivious to security, sharing passwords, opening .EXE attachments... I'd hate to recall how many times I found things like .rhosts files with '++' in them among career Unix programmers who must have known better. WEP was a semi-broken protocol, TACACS+ was a totally broken protocol, there was no way one could use them without compromising security. Just as nobody can use a number of commercial software products without compromising security.

    WPA, on the other hand, is a very well-designed protocol. It is only as weak as its users are careless. And one need not choose "h^Ne#b8SV@,4g%yP" as a password to avoid this attack, any semi-uncommon phrase of 4 or 5 words will do.

    I will deal with this problem by threatening users with a nasty note in their personnel file if they choose a sh*t passphrase -- and terminate their wireless access. And yes, I will try cracking the passwords myself, just as I have done with operating system passwords for several years.

    I sure wish all my security problems were so simple! At least WPA *can* be secure, unlike the steaming heap of offal that most folks call a desktop operating system.

  17. How is this worse? by Halo- · · Score: 3, Insightful

    Okay, so users might pick a password which is less than 20 characters and is dictionary based. Guess what? They always will... Security is a balancing act. If you make security too cumbersome, then users will find a shortcut and abuse it, making it worse than no security. If the spec enforced something like: "passphrases must be at least 128 hex characters" you'd end up with a bunch of passwords which were all "AAAAA..." (or something similiar)

    The simple truth is people are lazy. How many passwords do you have? And how many password guarded accounts? I bet even the most diligent of us out there only have a small number of "good" passwords which we use for damn near everything and never rotate.

    The problem with WEP was flawed crypto. No matter how good my password was, someone could crack it with unacceptable ease. At least with this new scheme those of us with "good" passwords have a chance.

  18. Re:Cryptography is not for the math-impared by adrianbaugh · · Score: 3, Informative

    A program implementing a true brute force attack would be really stupid, though, at least for [J. Random Muppet]'s account; lots of time would be wasted trying aaaa, aaab, aaac etc., when the password is far more likely to be "password" or "150367". Once you force people to use passcodes of a length sufficient that even dumb people are likely to enter more than one word, or a word with at least one number, you enforce a level of security unbreakable by most entities over the average duration of a user's session. OK, that isn't anywhere near perfect but it's a lot better than allowing "password", "banana" or "slashdot"....

    --
    "'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
    - JRR Tolkien.
  19. WEP isn't that bad to begin with by Brad+Mace · · Score: 4, Informative
    If you're smart when you set up your access point, and turn on WEP, 99.9% of people that might hack your network are going to go find an easier target. The typical figure I've heard is 24 hours or more to get enough traffic to break the encryption. Unless someone knows you have something they want, they're not going to bother.

    Home users are going to generate less traffic than businesses, and so it will take even longer to get enough traffic. Unless you happen to notice a van parked outside your house for a couple days, or find yourself staring down the barrel of a pringles can, you can relax.

    1. Turn off SSID broadcasting
    2. use a unique SSID
    3. For God's sake, change the admin password
    4. Turn on WEP
    5. Use MAC address filtering
    Congratulations, you're now more trouble than you're worth.
  20. Re:one for the crypto/math freaks by PD · · Score: 4, Interesting

    It's actually a stupid idea.

    Your chance of winning the lottery is exactly the same if they change the winning numbers, or if they don't change them.

    Making users change passwords does the following:

    1) Annoys the users.
    2) Users are likely to pick easy passwords to remember, rather than memorizing a really good password just once. Or worse, they will write the password down.
    3) Does all that for no increase in security. Yay!

    --
    If tits were wings it'd be flying around.