Cisco's LEAP Authentication Cracked

mtrisk writes "Just a day after Cisco released a security warning about its WLSE access point management tool, a tool to crack wi-fi networks using LEAP authentication has been released, reports Wi-Fi Networking News. The tool, called Asleap and developed by Beyond-Security, actively de-authenticates users, sniffs the network when the user re-auntheticates, and performs an offline dictionary attack upon the password."

Not Cisco's week

[Novanix]

Man to say this isn't Cisco's week would be an understatement. It can also read saved libpcap and airopeek captures. It also can save the required data only to a file for later processing so you can use it on a Palm or WinCE device. Also, for those who just want to get started: Windows Binary | Source.

Re:Not Cisco's week

[nova2]

Better links: Windows | Source

Re:Not Cisco's week

Working URLs:

Windows Binary
Source.

Re:Not Cisco's week

[Shakrai]

Man to say this isn't Cisco's week would be an understatement. It can also read saved libpcap and airopeek captures

Yeah it's been a bad week for Cisco but they aren't Microsoft. They won't ignore these problems. You'll see firmware updates to fix the password problem in a week tops (if it isn't already out). I suspect you'll also see an update to address the LEAP issues.

The only reason to buy Cisco after all (in my experience -- I'm sure the detractors will speak up the minute I click post) is for the support.

I recall a strange off the wall problem I had using an ISDN line card in a 2600 series router a couple of years back. The line card wouldn't co-exist nicely with the 56k DSU/CSU line card in the other slot. After a few days the ISDN interface would choke and die and the router would need to be rebooted.

After working with our vendor's (Ingram Micro) Cisco support group and trying about a million different IOS upgrades they referenced us to Cisco -- the Cisco that we didn't even have a support contract with. They actually flew somebody out (we are on the East Coast) to look at the problem and released a specific IOS upgrade to address that issue once they confirmed it.

Do you think Microsoft would do that for the small time Insurance Agency with one large router (and a couple of smaller ones in our remote offices)? A lousy $6,000 router at that (money for us -- pocket change for Cisco). That's support and that's the reason why I will continue to buy Cisco products even if they are insanely overpriced.

Re:Not Cisco's week

[dave_t_brown]

Yeah it's been a bad week for Cisco but they aren't Microsoft. They won't ignore these problems. You'll see firmware updates to fix the password problem in a week tops (if it isn't already out). I suspect you'll also see an update to address the LEAP issues.

Except that they've known about this problem for months, and the security flaw is not entirely inherent in the protocol. Forcing users to choose strong passwords will provide significantly more protection to a "LEAP-protected" networks than any patch that Cisco could issue for LEAP.

I am entirely unenlightened on EAP-FAST, Cisco's replacement for LEAP, but I'm pretty sure it would be a significant deployment effort for IT to upgrade both the infrastructure and the client devices.

Re:Not Cisco's week

[JackAsh]

Yeah it's been a bad week for Cisco but they aren't Microsoft. They won't ignore these problems. You'll see firmware updates to fix the password problem in a week tops (if it isn't already out). I suspect you'll also see an update to address the LEAP issues.

Read the article - the LEAP problem was reported to them in AUGUST 2003.

I agree they are not a Microsoft, and they are generally much more responsive, but how would you feel if you had over the past six months implemented a major, wonderful, well protected Cisco LEAP wireless network? Only to receive the news that "yeah, we kinda knew since August our security sucked" (for the record, I am NOT in that situation, but LEAP was a contender for our upcoming wi-fi implementation).

Honestly, Bruce Schneier was recently saying that it's no longer about the crypto, as anyone can do strong crypto these days. It's about the factors around it, like usernames and passwords, physical security, but most of all, implementation. You'd think that something which was hailed at the time as the solution to the broken WEP protocol would be partially secure... Ugh. Now I'm just ranting.

-Jack Ash

Re:Not Cisco's week

[pVoid]

Are you somehow comparing code complexity of router firmware to that of an OS? Because if you are, that's just absurd.

The reason they flew someone out is probably because they wanted to confirm the situation... it is in their best interest after all.

The reason why Microsoft doesn't fly people out isn't because they don't care, it's because a) you're dealing with software (not firmware) which can submit bug reports, b) reproducing the problem on their servers will most likely work (software is generally platorm/location independant enough to allow for this) c) broken firmware on a router kind of obviously means you likely won't be able to access the firmware remotely.

Don't even get me started on the support microsoft *does* give you when you actually need it (as opposed to when you're a dick-head newbie sysadmin who doesn't know how to setup an exchange server).

If it makes you happy though, wail on Microsoft all you want. We'll (linux/microsoft/mac) users will be rolling our eyes at you while you try and run your desktop using Cisco firmware.

IANAT(roll)

Re:Not Cisco's week

[ca1v1n]

They've known for a long time that LEAP is inherently flawed, and no patch can fix it. That said, it's a hell of a lot simpler to deploy than more secure things like EAP-TLS. This attack still requires an offline brute force decryption attempt. Granted, it may be a highly accelerated brute force decryption attempt, but if you don't allow your users to use passwords that are vulnerable to dictionary attacks, LEAP is Good Enough for many purposes.

Re:Not Cisco's week

[Florian+Weimer]

Yeah it's been a bad week for Cisco but they aren't Microsoft. They won't ignore these problems.

Not quite true. Their IPsec extension called XAUTH has got the same problems, and and these have been ignored for years:

http://www.ima.umn.edu/~pliam/xauth/

There's a recent rediscovery of the problem archived at: http://www.securityfocus.com/archive/1/347351

The only reason to buy Cisco after all [...] is for the support.

Exactly, and that's why it's sometimes so painful to be a Cisco customer. You have to buy more of their products, or you will lose support guarantees for existing products. And you need these guarantees if you are implementing highly experimental technologies such as QoS and VoIP on production networks, or it's your fault if things break (even if it's an IOS bug).

At least hardly anybody has Microsoft support contracts, so using different products where it makes sense is often a very desirable option because you can't lose that much.

Re:Not Cisco's week

[TheCrazyFinn]

IOS is an OS. It's quite router-specific, but it is an OS nonetheless. As is JunOS on Junipers (Which is FreeBSD based).

Even many dinky little routers actually run Linux as their OS.

Re:Not Cisco's week

[Zeinfeld]

You know the problem with this thread is that most of the comments have nothing to do with the story. A problem is discovered in a Cisco product and so we get immediate speculation about how Microsoft would have reacted to the problem.

It brings to mind the GOP claim made immediately after 9/11 that it was all Clinton's fault, nothing at all to do with them, oh and no way would Gore have taken the decision to invade Afghanistan. As a result of making these silly statements the administration is now having to claim that they somehow were doing more against al-Qaeda when it is obvious that they were doing less. With 20-20 hindsight the Bush administration screwed up, that is understandable. What is not understandable is trying to claim that they did not screw up and the partisans claiming that the real problem was Clinton.

The connection to this case is that the slashdot partisans seem to use 'blame Microsoft' as a substitute for 'blame Clinton'.

In this case it really does not work. Bernard Aboba and Trevor Freeman were both there at the IETF promoting EAP-TLS as the strong solution to the LEAP issue. Microsoft simply does not have a problem designing cryptographic security protocols, they have hired the best in the business and they do at least as well as anyone else.

Where Microsoft has a security problem is in the design of application software. The biggest factor in their security problems is the legacy of applications that were never designed for use in hostile environments.

In this particular case Microsoft has implemented a perfectly sound security layer in Windows XP. As a matter of historical fact they started to respond to the 802.11b WEP security issue long before it became a story on Slashdot. The first team to discover that WEP was broken was Microsoft, they examined the WEP security specs before deploying it on their campus.

When the Berkley team reported the flaws in WEP at a cupherpunks meeting I attended, I contacted Microsoft the next morning. They were already six months into the development of a solution - one that looks very similar to the 802.1x scheme that is actually being used. They did not immediately report the flaw to the public but they did report it to the IEEE working group and they pushed for a solution.

Incidentaly, before assuming that this is all the fault of CISCO probably best to remember that they bought in most of their WiFi technology from startups. They certainly bear some responsibility for not reviewing the technology they purchased but they probably diud not do the actual initial design.

Re:Not Cisco's week

It brings to mind the GOP claim made immediately after 9/11 that it was all Clinton's fault, nothing at all to do with them, oh and no way would Gore have taken the decision to invade Afghanistan. As a result of making these silly statements the administration is now having to claim that they somehow were doing more against al-Qaeda when it is obvious that they were doing less. With 20-20 hindsight the Bush administration screwed up, that is understandable. What is not understandable is trying to claim that they did not screw up and the partisans claiming that the real problem was Clinton.

This brings to mind the fable about the office worker who liked to use the phrase, "I'm going to kill you." He used that phrase nearly daily for over 20 years, and everybody who worked with him knew he was just saying it. One day, he did kill two people at the office. He picked up a letter opener and stabbed one person, then threatened others for a couple of minutes, then stabbed someone else; the office workers couldn't stop him. After the incident, people asked the office workers who hadn't died why they didn't respond to the ``daily threats against their lives'' (was how it was phrased). It was hard for the office workers to explain, but it basicly boiled down to the fact that everybody knew the guy used ``I'm going to kill you'' almost conversationally. If anything was going to be done about it, it would've had to have been done by the coworkers, but there wasn't much they could do beforehand. As a result of the incident, letter openers were banned from the office.

Re:Not Cisco's week

Wireless networks using LEAP since August have not been in ANY danger of being compromised. Neither you Jack, nor any of the other poseurs here, could have cracked a LEAP protected network without the binary that was released this week. And seriously, why would you want to with so many completely open wireless networks available. And if companies enforce a strong password policy, you STILL won't be able to get into a LEAP network. But, best of luck trying.

Re:Not Cisco's week

[Zeinfeld]

This brings to mind the fable about the office worker who liked to use the phrase, "I'm going to kill you." He used that phrase nearly daily for over 20 years, and everybody who worked with him knew he was just saying it. One day, he did kill two people at the office.

That does not seem to be a very good analogy, besides missing the point entirely.

The point I was making was that slashweenies seem to think 'blame Microsoft' is the appropriate response in every situation. Cisco screws up so we get 'Blame Microsoft' and 'Well Microsoft would have done worse'.

Its precisely the same sort of irrational response we are seeing on the political side. And to think that the Bushies actually ran on a platform of 'accountability'.

As for the analogy, to make it accurate you would have to have your postal worker actually kill several people in a series of escalating incidents before destroying the entire office in a suicide bomb. Bin Laden had made a series of attacks against the US, he had even financed the first WTC bomb. He had come close to sinking a destroyer.

Re:Not Cisco's week

[Mattcelt]

Best to use EAP-TLS. It's based on x.509 certs instead of passwords, so there's no way to do a dictionary attack.

Problem is, most corporations don't have the wherewithal to deploy a PKI to all users just for wireless access. (Though if you're willing to reduce the strength of your PKI certs to the same assurance level as a username and password, you can use MS 2k3 Active Directory certificate services autoenrollment.)

Insight appreciated?

[monstroyer]

As a small business, i use a Linksys wireless router. Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless? I'd really appreciate a summary of what all the fuss is about and how it affects people who don't run mega corps. Thanks.

Re:Insight appreciated?

[rusty0101]

Not sure I can alleviate all your concerns, however...

The easiest way to see if you are affected by this issue is to get the model number of your access point, and go to the Linksys website. See what capabilities your AP has, and if the AP supports the LEAP authentication protocol.

If it does not, you are probably immune to this particular disorder. Beyond that I would say do not manage your AP over the wifi connection, without another encryption, and if possible disable login to the AP from the Internet. Beyond that I would recomend getting a good book on WiFi security, some have been reviewed here, though how good they are, I can't really judge.

-Rusty

Re:Insight appreciated?

Your WEP 64 is already trivial to defeat with sufficient captured data (numbers fail me at the moment.. though something tells me that it may be in the many hundreds of megs captured).

Moreso if your router is older and produces the 'weak' packets that programs like Kismet detect (in which case, hundreds of megs becomes hundreds of kilobytes :-P )

Re:Insight appreciated?

[AKnightCowboy]

Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless?

This is for Cisco wireless products (their Aironet series for example), not Linksys products. I'm sure they're still pretty seperate companies even though Linksys may be a wholly owned subsidiary. i.e. Linksys access points don't run IOS (hell, some run Linux). Plus, your Linksys box wouldn't support LEAP anyway. Now, the problem with you is that 64-bit WEP is already easy to crack with enough data so it's a thin veil of security, nothing more. Don't rely on it to encrypt your traffic! If you're doing anything that needs encryption then use higher layers like SSL or even IPSEC.

Re:Insight appreciated?

[Shakrai]

As a small business, i use a Linksys wireless router. Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless? I'd really appreciate a summary of what all the fuss is about and how it affects people who don't run mega corps. Thanks.

I haven't seen any Linksys hardware that uses LEAP but I haven't bought or used any since Cisco bought them out -- not out of distrust or dislike of Cisco -- just haven't had the chance or reason to.

I have used LEAP before in the Aironet 350 series AP from Cisco. My hunch says that LEAP is still limited to the Aironet line (Linksys is more targetted at home users while Aironet is for Enterprises) but I could be wrong. In any case I wouldn't call your Linksys AP secure just because it doesn't support LEAP. There are other ways to break WEP/mac address protection that have been discussed here before.

I purposely leave an AP on my home network. I figure it's an easy out if I get busted for downloading mp3s or Windows source code ;)

Re:Insight appreciated?

[FauxPasIII]

> hardware found in big companies like Bell Canada, and not my WEP 64 wireless

Correct; asleap won't crack your network. However, airsnort will.

http://airsnort.shmoo.com/

So far as I'm aware, there hasn't been a link-layer security protocol for wireless made yet that
hasn't been cracked. That's why I run ipsec.

Re:Insight appreciated?

[ph4s3]

First of all, don't use WEP. Many many articles about it being broken have been written. At a minimum you should be running a linksys with at least v1.41 (1.42?) of the firmware and be using the WPA security.

If you're doing anything that needs real encryption, such as administering anything requiring strong passwords or doing financial transactions, you should be researching a VPN layer or something along those lines.

Along the same lines, this seems to open up a new service category... VPN service authentication... Allow you to get a secure link from wherever you are physically at back to the VPN point. Protect your packets from being sniffed (and usable) by wire or wireless. Anyone seen this type of thing? I've only seen server+client side implementation, never an auth service.

Re:Insight appreciated?

[iamwahoo2]

How much damage can be done if somebody cracks your WEP? I am not particularly worried if someone is using my connection as much as I am worried that someone will get my private information like credit card numbers. If I only use machines on the wired LAN to keep and transmit private data, does that protect me?

Re:Insight appreciated?

[Aaron+England]

Most websites provide an additonal level of encryption known as SSL to protect credit card transactions.

Re:Insight appreciated?

A recently acquired, wholly owned subsidiary of Hadden industries?

Re:Insight appreciated?

[FauxPasIII]

> How much damage can be done if somebody cracks your WEP?

If somebody breaks into your WEP, they can do anything that any machine on your LAN can do. That is, they can sniff your traffic, they can access any internal servers that use only IP address checking for security (NFS is commonly set up this way) and they can use your connection to the net. The latter is more serious than you might think; for instance, what if they launch a DDoS, port-scan a bank, or serve child pornography from your IP address?

Re:Insight appreciated?

[tietokone-olmi]

Yes, the number is in the hundreds of megabytes. Typically, to crack a weakly-keyed wireless network you need to see about two gigabytes' worth of data, though the margin of error for this number is rather large since you'll be looking for packets with weak generated keys, and the occurrence of those is somewhat random. Could be more, could be less.

The nice thing is that you don't need to capture and save the encrypted frames. The cracking clients merely need to see enough traffic, which means that you could even crack a wireless network with one of those D-Link CF WLAN cards and any old IPaq, if the network had enough traffic going through it while your batteries last ;-)

Re:Insight appreciated?

[Gerald]

Does Linux support WPA yet?

Re:Insight appreciated?

[Superfly_rh]

As a small business, i use a Linksys wireless router. Cisco now owns Linksys. Can anyone alleviate my "phears" and tell me that this vulnerability is more for the hardware found in big companies like Bell Canada, and not my WEP 64 wireless? I'd really appreciate a summary of what all the fuss is about and how it affects people who don't run mega corps. Thanks.

The vulnerability is if you use 802.1X authentication with the LEAP protocol.

The Access Point doesn't have a security flaw in it, the LEAP protocol does. If you have a Radius server that is configured to do LEAP and you have a wireless supplicant that supports LEAP and a wireless card that works with that supplicant, then you can do LEAP.

It used to only be the Cisco cards that could do LEAP, but I've noticed that changing lately.

But, you have a 64 bit WEP network, probably not doing 802.1x. I'd worry about that. And the thing is, that's worse than having a network secured with the security flawed LEAP protocol. You have no authentication and probably no key rotation going on. WEP is known to be horribly flawed. With LEAP you at least has authentication (although proven to be crackable by an offline dictionary attack) and WEP key rotation.

At least try and upgrade to WPA-PSK, with TKIP or AES. WPA w/Radius and TKIP or AES is preferred though. Some people say to use VPN's instead. I don't like that idea much... but that's just me, it seems to work great for some people.

Re:Insight appreciated?

[GigsVT]

. I figure it's an easy out if I get busted for downloading mp3s or Windows source code ;)

Until they send Slashdot a subpoena to tie your posts to your IP.

Re:Insight appreciated?

Just so no readers are confused with what rusty0101 posted:

Running a Linksys AP with that doesn't have LEAP, and also has no extra firewall, and no SSH VPNs is as bad or worse than using an access point that uses compromised LEAP.

You really need to have SOME solution to deal with the inherent insecurity of wireless, and if it's not a LEAP (that'll hopefully be upgraded soon), it should be an SSH VPN or a good firewall with a good network topology, or something along those lines (as rusty0101 rightly pointed out. Just that readers shouldn't think that the take-home message is "if you don't have LEAP, you're good").

Re:Insight appreciated?

[merlin_jim]

(numbers fail me at the moment.. though something tells me that it may be in the many hundreds of megs captured).

Any WEP implementation can be broken with about a million packets, so says the documentation for AirSnort.

Re:Insight appreciated?

[merlin_jim]

So far as I'm aware, there hasn't been a link-layer security protocol for wireless made yet that
hasn't been cracked. That's why I run ipsec.

A wireless network using Windows RADIUS is pretty secure; the vulnerability in WEP requires many packets to go down the pipe in order to be visible. RADIUS requires IEEE 802.1x authentication, and assigns each user their own rotating key based on that. Unless a user stays connected to the network for days at a time, it's theoretically unbreakable, as the key rotation is based on the PKI authentication, and therefore given the current key it is impossible to deduce the next one...

Re:Insight appreciated?

[MrNonchalant]

Your WEP 64 wireless has plenty of problems of its own without borrowing new ones. I only continue to implement WEP on my network because it provides some barrier, same reason I turned of SSID broadcasts and am MAC filtering. All of those, however, are trivially circumvented. A little Googling finds about two Linksys products boast LEAP support, and both are 802.11 notebook cards.

Re:Insight appreciated?

[swillden]

If it does not, you are probably immune to this particular disorder.

Right. But this is like telling the Ebola patient that he doesn't appear to have cancer.

If you aren't layering some sort of VPN-based security on your wireless network, complete with firewalls on every wireless device that seal off everything other than the VPN connections, you're insecure.

If being insecure is a problem for you, you had better address it. Quickly. And LEAP is no longer an option.

Re:Insight appreciated?

[John+Courtland]

Couldn't you just filter by MAC address and be done with it? That's how I do things and I haven't had any real problems, although it is admittedly a pain in the ass.

Re:Insight appreciated?

[WoTG]

MAC addresses can be sniffed too and cloned. Just about every NIC has the ability to have it's MAC set in the driver nowadays. Heck, in routers, it's a semi-big selling feature to be able to "clone" a MAC address (used if your ISP filters access by MAC).

Re:Insight appreciated?

[John+Courtland]

That is true, I forgot about the manual MAC settings. I guess the only real key to security is disconnectivity.

Re:Insight appreciated?

[FauxPasIII]

I find it important to remember that security is not an on or off state. Any given system exists somewhere on a continuum between security and convenience. You just have to decide where on that continuum you want to be.

For instance, it doesn't do much good to spend hours setting up a cumbersome cryptographic scheme for your wireless LAN in order to protect your internal file server, if you only have normal household padlocks and no human guards on the server. Attackers will always find the path of least resistance.

Re:Insight appreciated?

[Shakrai]

Until they send Slashdot a subpoena to tie your posts to your IP.

How are they going to tie the slashdot username 'Shakrai' to a random p2p ip address? I don't think I'm the first to make that claim.

Besides IIRC Slashdot only keeps an IP address attached to posts for 48 hours or so. Of course I could be wrong.

Re:Insight appreciated?

[Zabu]

I test wireless products, as the above posts say, 64-bit WEP is trivial, and your network is not secure using it.
LEAP is cisco's way of implementing EAP, which deals with Pre-Shared Keys (PSK). If you want real protection, use a PSK with a strong string... i.e. not in a dictionary.

When it rains, it pours...

[bfg9000]

What are these guys, the Microsoft of hardware?

Re:When it rains, it pours...

[PoopJuggler]

Wouldnt that make them Microhard?

Re:When it rains, it pours...

[tarballedtux]

Can't we accept some problems with EVERY piece of software or hardware. At least they tried to make a product to make up for existing wireless security.

Re:When it rains, it pours...

[bfg9000]

I know there's a joke in there somewhere....

Re:When it rains, it pours...

[FreakyGeeky]

Yeah there is, it's "the joke is in your hand."

So I guess...

[ForestGrump]

Wifi is once again unsecure.

-Grump

Re:So I guess...

[ForestGrump]

no, no, no.
and lastly, I'm an athiest.

dictionary attack?

[Njovich]

Sure, this is a well done cracking tool, but isn't "cracked" a bit sensationalistic considering it still requires brute forcing the password? The weakness remains the password here, hardly the authentication scheme... good luck dictionary attacking a good password!

Re:dictionary attack?

Yeah, let me tell you, a dictionary attack WILL break a cisco router in seconds, every time.

Of course, not just any dictionary will do: you need a dictionary with not only simple English words, but with long definitions and even off-beat, obsolete words.

Routers are quiet small in the scheme of things, and they really can't stand up to a quick beating by, let's say the Oxford English dictionary, especially if the router is opened up and the electronics are exposed. No, those little dictionaries you get with a subscription to Time magazine won't do (after all, Time's vocabulary is pretty light-weight to begin with).

However, a quality rack-mounted cisco router will likely be protected in a secure data center or other secure closet. in that case, you'll have to take all the words in the dictionary and hash them up. And if the users aren't dumb, they'll pick tough passwords. It can take many years (or even decades) to successfully attack quality passwords.

I think the physical dictionary attack is the easier approach. Unless you permit your users to choose stupid passwords (like mine: "17Trees")

Re:dictionary attack?

[MBAFK]

"good luck dictionary attacking a good password"

The time to brute force the password is a combination of many factors not just the strength (length and composition) of the password. The amount of resources avaible to compute the hashes and the complexity of the algorithm used to create the hashes have a large effect on how long it will take to compute a match.

In this age it is becoming possible to precompute the hashes and then look them up, in that case the "strength" of the password becomes less important.

Re:dictionary attack?

I think aironet access points will kick you off the ap after 3 failed authentication attempts and will not let you associate for a minute or two. It seems like it would take a really long time to break a password if you only get 3 trys per minute.

Re:dictionary attack?

Unless you permit your users to choose stupid passwords (like mine: "17Trees")

d00d, ur box is r00t3d. I'm in 127.0.0.1 n0w. Start crying, time to rm -fR /.

Re:dictionary attack?

[rmdyer]

Aren't you assuming that the relationship between the number of bits in the password and the number of bits in the hash are not one to one?

If the number of bits possible in the password are 256, 512, or 1024, then password strength definitely does matter.

+2

Re:dictionary attack?

[fermion]

To be fair, there are few things that could withstand the force of twenty volumes...

Re:dictionary attack?

The real issue here is NOT that it might take sometime to crack a password.

Fact is that a LARGE number of LEAP installations are connected to Windows Domain authenication or Active Directory.

Lets say you have 100 end users using your wireless network authenicating with their Domain Account.

Reason you picked LEAP was because it was EASIER to deploy than IPSEC. Not from an IT stand point as much as a user stand point.

Are you willing to bet that out of 100+ windows users one of them isn't going to have a password that can be guessed?

You're right, me and you, and other computer users will have a password that will take sometime, but what about your average windows admin or even worse your average windows user?

Also, the REALLY REALLY bad part? The don't just get access to your network. They are also an authenicated user on your Windows Systems!

Re:dictionary attack?

[wobblie]

I don't think so - in my experience, most infrastructure equipment have terrible passwords. The truth is a simple dictionary attack would probably crack half the cisco routers out there. Just because it isn't sophisticated doesn't mean it won't work.

Cool. Now there's a laugh

[Moderation+abuser]

Cos the very very large corporation which I very recently used to work for has just rolled out Cisco based wireless across *all* of it's sites worldwide.

Re:Cool. Now there's a laugh

[BlackHorse]

I think I know where you used to work, unless the company I used to work for did the same thing =P

Re:Cool. Now there's a laugh

[AKnightCowboy]

I think I know where you used to work, unless the company I used to work for did the same thing =P

Woh, imagine that! Two different companies using wireless products from Cisco. What are the odds of that!?

Re:Cool. Now there's a laugh

[BlackHorse]

I meant a "major" company "just" rolling out Cisco wireless to "all" locations.

Re:Cool. Now there's a laugh

Woh, imagine that! Two different companies using wireless products from Cisco. What are the odds of that!?

After this week, very, very long.

Yeah but, don't worry.

[FreeLinux]

Because if you are using a Cisco network it is self-defending, self-securing and self-healing. No, really. I saw it on TV.

They had this little girl on the computer and she like, downloaded a worm. But, the network saw it and popped up a message on her screan that the worm was there. Then it said that it was like, isolating the worm and everything. Then it like, popped up another message that said the worm had been destroyed. It was like, way cool and I didn't even know that Cisco like, made antivirus software.

Of course the above is a joke but, what is not funny is that the television advertisement is well done and likely to be very influential to the typical PHB who will buy it hook, line and sinker.

Re:Yeah but, don't worry.

[drinkypoo]

And like, the router was like BEEP BEEP BEEP BEEP and then it crashed, it was a really good config too.

Re:Yeah but, don't worry.

[slash-tard]

Well Cisco does have some of the best HA hardware available. I think that qualifies for self healing. They also have 4 hour turn around on hardware repairs if you want to pay for it.

Cisco also has IDS software that will detect intrusions and update access lists on the appropriate routers on the fly. I think that qualifies for self securing and defending.

Re:Yeah but, don't worry.

They should have used Ti-Kwan-Leep authentication.

Hey Cisco, Boot to the Head!

Re:Yeah but, don't worry.

[porkus]

What this commercial is really about is the Cisco Security Agent they are selling now. Comes preinstalled on some of their products, like the AVVID CallManager. It hooks into the system libraries and watches call sequences for potential virus/worm/trojan-related activity and stops the application from running if it detects something that fits the profile.

Re:Yeah but, don't worry.

[drinkypoo]

Reminds me of Disinfectant.

Another news source

A more detailed source.

Linksys

[Moderation+abuser]

Bin it now! Not because it's insecure, bin it cos it's crap.

BTW, if you're running standard WEP it's pretty easy to get into your network anyway.

Crypto subsystems are notoriously difficult...

[Svartalf]

It's WHY you really, really ought to have a cryptologist design your subsystems if at all possible. If it's not possible, you need to have them AUDIT it at the very least. Suffice it to say, each and every one of the wireless designs so far seem to be fairly flawed- and I don't believe that a single one was designed by or audited by a competent cryptographer (Someone like Schneier comes immediately to mind- never mind how expensive this sort of person will be for you with the design work or an audit, the embarassment and increased liability for exploits on the system make it far, far more expensive to NOT hire them...).

I'm a fairly competant amateur- I know better than to assume anything I or anyone else that's not an SME produces in this arena is anything but vulnerable until proven otherwise.

Re:Crypto subsystems are notoriously difficult...

[ballwall]

There's another thing that I don't understand. Why use yet another method of encryption for wireless? Why can't the AP or router behind it be set up for a VPN. My company doesn't trust the internet, so it uses a VPN. If you don't trust your WIFI link, why not use a VPN?

This is the setup I have at home:
My AP is connected to it's own NIC in my router box (running linux). The DHCP server on the box will give people coming over that interface non-routable IPs, and iptables is configured to drop everything not going to the router from that interface. If a user attempts to go to a web page iptables routes the traffic to the routers web server which tells them how to set up a VPN, if they have a username/pass (my gf is always messing it up, so she needs instructions :) ). Once VPNing to the router you're given an IP on the normal wired network and off to the races. This way you get none of the downsides of WEP (insecure, slowdown, known key, etc) and all the benefits of encryption.
It sounds complicated, but really it's not. I can't see why more people aren't doing this as opposed to WEP. It's my understanding WEP==BAD.

Re:Crypto subsystems are notoriously difficult...

[thogard]

Who are you going to trust? In '95 I wondered into a student dorm in Wash DC to buy a pixel machine. The price of the device went up by the time I got there and I wondered off to the ATM and when I got back the box had a "better offer" and disappeared. It had 82 CPUs that could deal with 40 des real quick. When it comes to cryptologist they come in 3 flavors, 1) the gov't versions, 2) civilian grade and 3) amature. From what what I've seen type 2==type 3. Take a look at how Schneier describes him self if you can find a 1st edition vs the later ones.

Re:Crypto subsystems are notoriously difficult...

[kbonin]

When I quit Cisco, I was the only real security programmer left in my business unit - all the other positions had been "outsourced" to Bangalore. That team didn't write "bad" code, it just wasn't robust. And they didn't get it. And management didn't care. And marketing just wants it to ship with the feature checklist complete.

I said it below, I'll say it again here. Companies have to CARE enough about security to have experienced crypto people do this sort of work. To design it, to implement it, and to test it.

But now its all about keeping things cheap.

Re:Crypto subsystems are notoriously difficult...

[sbrown123]

It's WHY you really, really ought to have a cryptologist design your subsystems if at all possible.

No!!!!!!

Seriously, the last thing we need is slow hardware.

The trick to beat hackers and crackers is put out so much variety they have no idea what the hell to do. Seriously, if 99% of people didnt run the same hardware and software for everything hackers would cause very minimal damage.

Re:Crypto subsystems are notoriously difficult...

[nick_urbanik]

Can you tell us more about the software to implement this?

• What VPN software are you using?
• What does the person need to do to "set up a VPN" (i.e., can you post a brief summary of your web page with the instructions?)
• What software did you write, and what does it do?
  • I guess that you have written code that reads the DHCP leases for the short-term "non-routable" IPs, and
  • Creates a longer term lease once you have authenticated?

I'm interested in the technical details of what you described.

If I had mod points, I'd call it interesting.

Re:Crypto subsystems are notoriously difficult...

I'm not the original poster, but I have done exactly this.

If you have Windows clients, you can use poptop and let them talk PPTP to you. Yeah, PPTP has its own issues similar to those of WEP, but it's better than nothing.

If that bothers you, you might run IPSec. Or you could just gouge yourself with a rusty fork - it's simpler to do and feels about the same in terms of pain.

The best solution is OpenVPN, since it's free, it doesn't involve any kernel-level mangling, it runs on Linux, BSD, Windows (2000/XP), and more. The only catch is that you have to set up each tunnel explicitly - it's not a client/server thing like you can have with poptop. Hint: poptop calls pppd, so you can use a pppd plugin to call out to do your authentication if you really want.

As for the rest: dhcpd hands out addresses in 172.16.1.0/24, and poptop hands out addresses in 172.16.2.0/24. Rules set with iptables forward (and masq) packets from the second set and ignore most everything from the first. The only packets that are allowed from the non-VPN network are those for the VPN itself. Nothing from it is forwarded.

If you're doing this for real in a business environment, use VLANs, put the APs into one of them, and have the gateway sit in that VLAN and the normal network. You can do this with two NICs or the VLAN code that's been stock in 2.4 for a couple of releases now.

I don't feel safe...

[cdavies]

.. with my Open System Wireless, with MAC address access control, but at least my intruders will be using a better class of operating system, on which you can easily spoof MACs.

Script kiddies using canned cracks on me from Windows machines would just make me feel dirty.

This has been in the wild for months

[codepunk]

I seen the leap cracker downloadable for at least several months now. This means it has been in use for quite some time no sense in worrying about it now.

Not quite a crack

[russotto]

This is an offline dictionary attack, not a cryptographic break as has been done to WEP. If you use a strong password (one not in the dictionary), this won't break it. I don't know if preventing offline attacks was a goal of LEAP; if it was, it's fair to describe this as a crack, but if not, this is really just a tool to automate what was already known to be possible.

Re:Not quite a crack

[wasabii]

Read the article. They use a weakness in the establishment of the connection to DRAMATICALLY reduce the time it takes for a dictionary attack, by gaining knowledge of the last two bytes of the NT hash.

Re:Not quite a crack

[merlin_jim]

If you use a strong password (one not in the dictionary)

Well, if you were to try every possible combination, it would take 185 days to crack any 8 letter or less password, given the quoted rate of 45 million password tries per second that the author quoted

Re:Not quite a crack

[russotto]

Thanks for the correction, it took me a couple of links to find that, but you're right; this is a crack. Cisco should have known better than to use MS crypto.... It's still a dictionary attack, in that the 45M passwords/sec depends on having a precomputed dictionary... but it's probably practical nowadays to precompute some pretty decent lists.

Re:Not quite a crack

26 letters * 2 cases = 52 letters

52^8 + 52^7 + 52^6 + 52^5 +52^4 + 52^3 + 52^2 + 52 + 1 =
54507958502661 combinations

54507958502661 attempts / (45000000 attempts/second) / (86400 seconds/day) = 14.0 days maximum, 7.0 days average.

Re:Not quite a crack

[merlin_jim]

Actually, I used 72 letters (numbers 0-9 and 10 special characters... might be off a little, but should be good for ballpark).

72^8 = 722204136308736 No, I didn't add in the other possible lengths (speaking of which, you estimated 1 more combination than is possible with a 52 character set. 0-length passwords are not allowed)

722204136308736 attempts / (45000000 attempts / second) / (86400 seconds / day) = 185 days

No, the MS of hw is already here:

[carabela]

Microsoft Hardware Worldwide.

And yes, they've got wireless routers running you-know-what!

Not really an issue for large businesses...

[stienman]

Since large businesses use secure VPN over any insecure channel (wireless, internet, dialup, even inside their own wired network) then it will only affect small businesses or those with poor security specialists who try to save money by putting the security into the network infrastructure.

Unfortunately while the firmware may be upgradeable, the cryptographic functions are usually implemented in hardware (better performance) and it may be hard, if not impossible, to secure the authentication so this kind of attack is harder.

What they really should do is have a public/private key for each access point, with the SSID set to the public key. Then any client can transmit to the access point without possibility of eavesdropping. This would be used to set up the secure LEAP session. Since the password is never sent back to the client then it's not going to be breakable by offline brute force attacks.

Of course, in the end anything is breakable given enough time and/or money.

-Adam

Re:Not really an issue for large businesses...

I work for a Fortune 100 company and I can proudly say we do none of that.

Re:Not really an issue for large businesses...

You'd be surprised how many big companies don't use IPSEC.

Straight WEP was hard enough fight to win. And we only have 7,000+ APs enterprise wide.

Offline attack

[Knightmare]

Many people here are talking about the length of time it takes to brute the password. I saw a demonstration of the asleap tool about 1/2 a year ago and it took 15 seconds to reveal the password. Something you need to keep in mind is the fact that there is no salt involved in the password hash for LEAP. So a precached hash of the possible passwords is very easy. All you need is lots of disk space and a well written index of the hashes.

There are quite a few others that are saying well thats only if you let your users pick bad passwords... Come on guys, have you actually worked in the real world? Normal users can't remember crazy passwords, they are going to pick their dog and their favorite football player's number put together. Or their aniversary and the current food they are eating.

Keeping a dictionary of enough passwords to get into the network would be trivial. All you need is one user with a weak password to get in, after that who cares how strong the rest are.

Re:Offline attack

[Anime_Fan]

Come on guys, have you actually worked in the real world? Normal users can't remember crazy passwords, they are going to pick their dog and their favorite football player's number put together. Or their aniversary and the current food they are eating.

At least we force hard passwords for administrators.
I've got some 7 complex passwords for admin accounts at work.
Add 2 for my regular accounts there.
Add 1 for Lotus Notes there.
Add 1 for my user at my home server.
Add 1 for root at the server.
Add 5 for the encrypted partitions on the server (one of which is 20 characters long).
Add 2 for my laptop.
Add 1 for my university logon.

It's easy to remember passwords once you learn how to create _good_ ones (that aren't based on dogs name + 3-digit number that you raise by 1 every 90 days).

But yes, most of my users tend to forget their passwords and need me to reset them once a month.
And the rest of the bunch use as weak passwords as they can.

The good thing is, their accounts don't matter to me. It's only some files they're going to find.
The admin accounts, OTOH can access any users' files in an instant (saved locally on the computer or on Novell doesn't matter). This is the account that needs protection.
That, and keeping the company off the internet, wireless networks et al.

Re:Offline attack

[awk-fu]

local privilege escalations effectively become remote privilege escalations when you throw in access to some user's weakly protected account.

Re:Offline attack

[Anime_Fan]

local privilege escalations effectively become remote privilege escalations when you throw in access to some user's weakly protected account.

And non-root accounts become root accounts once they utilize a local exploit. So what's the big deal?

Does the US government want insecure WiFi?

[throwaway18]

A conspiracy theory.

WEP is broken by design. A few engineers who don't know anything about cryptanalysis making their own encryption system that turns out to be broken is quite plausable however wifi standards are set by the IEEE. The IEEE is not stupid.

Was WEP deliberatly broken to make government snooping easier?
That may seem ludicrus now but what if the likes of consume suceed in their goal of building mesh networks across citys? Securing wireless connections at VPN or application level is so much hassle that only 0.01% of users bother.

The reaction of the American government to the new Chinese wifi encryption standard lends weight to this theory. Supporting WAPI just means hardware manufacturers have to write a bit more software. Once it's in the software it will no doubt be supplied as standard worldwide. It may actuall be secure with little work. Why else would the American government threaten retailation over somthing so obscure?

Re:Does the US government want insecure WiFi?

"The reaction of the American government to the new Chinese wifi encryption standard lends weight to this theory. Supporting WAPI just means hardware manufacturers have to write a bit more software. Once it's in the software it will no doubt be supplied as standard worldwide. It may actuall be secure with little work. Why else would the American government threaten retailation over somthing so obscure?"

easy because of the other side of it....

"China's WLAN standard has provoked concern among U.S. companies and industry groups for fear that it could fracture the market for WLAN equipment. Also creating some apprehension is a requirement that foreign WLAN equipment vendors must license the technology through coproduction agreements with Chinese companies. The U.S. Information Technology Office (USITO), a U.S. industry group, has said this provision unfairly requires U.S. companies to share proprietary technology with Chinese companies that may also be competitors. "

So there in a nutshell are the other reasons why WAPI is not being embraced by the US government or US businesses. On the other hand I like your tinfoil hat angle because it is so shiny ;-)

Re:Does the US government want insecure WiFi?

[eggboard]

WEP was weak (not broken) by design: when the spec was being designed, the US government still had its onerous cryptographic export restrictions (classifying them as munitions) and one person involved in setting the WEP spec said they erred towards weakness in part because of that climate, and in part because they didn't have computational juice available. The broken parts are just broken, but the strength was intentional.

On the Chinese front, you're way off base. The problem is that the Chinese government requires that foreign companies provide their intellectual property (chip designs, etc.) to one of a dozen Chinese firms that are licensed to create WAPI. So it's not a matter of just adding code to firmware, in which case it might be Yet Another Redundant Standard. Instead, the Chinese government is requiring that non-Chinese firms essentially give away their technological advances.

Re:Does the US government want insecure WiFi?

[tietokone-olmi]

And besides, the RC4 weak key scheduling thing wasn't known until after the WEP specification became widely accepted.

Re:Does the US government want insecure WiFi?

[AKnightCowboy]

Securing wireless connections at VPN or application level is so much hassle that only 0.01% of users bother.

Ever hear of SSL? How difficult is it to open a browser and go to an SSL website? How difficult is it to use IMAPS or POPS? How difficult is it to use SSH instead of Telnet? Getting users to understand PKI and client side certificates to manage in their IPSEC VPN client is one thing (and I agree it's entirely too complex a solution for the problem people use it to solve), but teaching users to type https instead of http isn't that difficult. I blame most of bad press encryption has gotten over the past few years on IPSEC. It's a bloated solution that is unnecessarily complicated and must integrate tightly into the client's IP stack to handle the lower-layer levels of encryption.

Re:Does the US government want insecure WiFi?

"The problem is that the Chinese government requires that foreign companies provide their intellectual property (chip designs, etc.) to one of a dozen Chinese firms that are licensed to create WAPI. So it's not a matter of just adding code to firmware, in which case it might be Yet Another Redundant Standard. Instead, the Chinese government is requiring that non-Chinese firms essentially give away their technological advances."

this is actually quite true. They want you to turn over your source code to one of 11 (now its 24 I think) 'certified' chinese companies, who would then design and decide whether WAPI goes into software or hardware and where. They then make the required changes. _this_ is the reason why Intel is so pissed about this, and Dick Cheney has been asked by many CEOs to bring this topic up on his visit to China.

With all the work that IEEE 802.11i has done getting AES-CCMP in, wireless security is now almost top-notch, there is no real need for another protocol unless the Chinese govt wants a protocol with backdoors so that they can spy on their citizens.

Re:Does the US government want insecure WiFi?

[rmdyer]

Related to this, since I've gotten into networking, oh 18 years or so ago, I've been told that it is illegal to develop your own encryption that can't be broken by the government. So you either don't use encryption, or you must use a publicly available encryption like WEP, SSL, etc.

What I want to know is, is this true? Would sending random looking data to some IP addresses get you into trouble?

-1

Re:Does the US government want insecure WiFi?

And what about SMB? Or mssql? Clients often end up using systems that have no method of encryption. Not that I'd every give up SSH for Telnet even with IPSEC, but it does have it's purposes. It's also nice if you maybe want to browse the internet, and not have to worry about people seeing what you are doing considering 99% of the Internet is unencrypted as far as websites go.

Re:Does the US government want insecure WiFi?

[e_lehman]

This is absolutely and completely false.

Re:Does the US government want insecure WiFi?

The IEEE is not stupid.


You're making an assumption here that I believe is wrong. Just because the IEEE has Engineering in the mean does not mean that they're any more righteous than ANSI or ISO and that the committee members of the standards they ratify have pleasant smelling excrement. On the contrary, the IEEE standards commitees are prone to the same forces that every other one.

You give a bunch of people with Engineering degrees too much credit.

Re:Does the US government want insecure WiFi?

[Ben+Hutchings]

That depends on where you live. In the US you're probably OK for the moment, but see the EFF privacy archive for information about crypto law in other jurisdictions.

Comment removed

[account_deleted]

Comment removed based on user account deletion

'twas on http://dis.hert.org a few days ago

[acz]

Slashdot's always a bit late on interesting security issues. This news was on the Hacker Emergency Response team beta new website a few days ago.

The site which accidently looks a lot like slashdot, focuses on quality security news; no vuln reports people don't care about... all the latest news and white papers.

A cool white paper on utf-8 shellcodes was released on it too.

Re:'twas on http://dis.hert.org a few days ago

[qtp]

The site which accidently looks a lot like slashdot,

Are you sure that incedentally wouldn't be a better term? Lots of developers start with slashcode when building their forums, and they are not ashamed of the fact (nor should they be.

It only makes sense to use something that works well and is already written if it asddresses your needs and is offered freely by its creators.

no vuln reports people don't care about...

It's nice to know that their knowledge is so complete that they can make that decision for their readers. Even (especially?) obscur vulns and seemingly insignificant theoretical flaws have a tendency to blow up later if they are not addressed in a reasonable time. What makes the vuln appear insignificant is often the failure of anyone (developers, security specialists, and crackers) to understand the ramifications when it is first announced. Just because no-one has posted a "proof of concept" at the moment does not mean that it cannot be exploited or is not already being exploited by someone who is more quiet with their knowledge.

all the latest news and white papers.

The papers are the meat of the subject, if they are well written and thoroughly considered. It's good to someone attempting to provide a central library for the community to access.

It looks like a great site, and I'm sure it'll be quite useful. It would be nice if their readers would step forward and contribute a bit more (most stories on the front page have zero comments), as all security papers and news can use a bit of community criticism to test their theses. It will be interesting to see if the timeliness of their reports can continue to be as good as it is once they start getting the volume of participation that you see here.

Thanks for the link.

Cisco WLAN AP != LEAP in all cases

[supton]

EAP-TLS, EAP-TTLS, and other EAP/802.1x authentication mechanisms are also supported by Aironet 1100 and 1200 series APs. These use strong certificate-based authentication, which isn't practially vulnerable to dictionary attack. This, of course, requires you run a certicifate authority for your network, and means more work - but most companies running a VPN will already be doing this, and those that are not will do this to avoid having to put APs outside the firewall and maintain a VPN infrastructure for WLANs.

"Cracked"?

Whee! /. goes security journalism:

Dictionary attack == LEAP is cracked!

Re:"Cracked"?

Given the ease with which the authentication is compromised, dictionary or not, it is a crack.

Sane auth mechanisms using public key crypto are not prone to cracks like this, weak passwords or not.

Need to move to PEAP ASAP

[hta]

So NOW I know why everyone's telling me that LEAP is not the end-game, and we need to move to systems based on PEAP (which is supposed to be an open standard, as opposed to LEAP which is proprietary) or some other, even newer variant.
Security protocols are like windows (the physical kind). Once they're broken, duct tape is not the answer.

Re:Need to move to PEAP ASAP

[Mordant]

Show me a PEAP implementation for Linux, or Mac OS/X, if PEAP is so 'open'.

Re:Need to move to PEAP ASAP

[scseth]

I have seen a lot of half-truths in responses here.

PEAP is not an open standard. But there are Linux clients available for PEAP. Meetinghouse sells one, for example.

Cisco and Microsoft competed for different PEAP standards, while Funk Software competed with PEAP using a EAP-TTLS standard.

PEAP (protected EAP) is suppose to be the succecessor for LEAP (light EAP, which may explain why Cisco has not released any type of update for LEAP yet.

Also, Cisco is also releasing an EAP-FAST to help with secure hand-offs with their 7290 wifi phones.

All variants of EAP (Extensible Authentication Protocol) were designed to create an encrypted authentication using the IEEE 802.1x standard. /seth

Re:Need to move to PEAP ASAP

PEAP has major flaws too. Maybe you should call your buddies at Cisco and ask them?

Ask them how long they've know about the problems with LEAP (summer of 2001).

PEAP has issues, including man in the middle attacks because of poorly implemented client software.

Re:Need to move to PEAP ASAP

[roybadami]

PEAP could reasonably be described as an open standard, but it has two problems:

It's unfinished, and there are implementations of different (incompatible) drafts in use.

Many implementations only support a very restricted set of EAP types over PEAP (eg EAP-MS-CHAP-V2 for microsoft and EAP-GTC for Cisco) which is a problem for interoperability.

The former problem should be resolved as the PEAP version 2 specification matures.

Sorry...

[Svartalf]

I can't alleviate your fears with regard to your wireless router.

While Cisco owns Linksys, they don't use LEAP on that device (LEAP is typically used in enterprise contexts for wireless access...). However, your WEP based device is actually every bit as vulnerable because WEP's been cracked for pretty much any number of bits and has been for some time. LEAP was being touted as the fix to the problem and Cisco was flogging it pretty heavily- we now know that LEAP's not any better than WEP in all practical use.

Re:precomputed hashes

Now there's something I never thought of - bajillions of possible passwords, what with mixing of case, numbers, and a few special characters across an unknown number of characters...

Why not sit down ONCE, and create your own dictionary of all possible passwords - which would be a huge job, but afterwards you could just do a simple lookup on the hash and your database would return the unencrypted password.

Considering an OS like Windows can last almost a decade before most people are upgraded to the next version, it might be worth spending a couple of years building such a dictionary to have as a resource.

Now, I eagerly await all those who wish to respond with either A) It's long since been done or, B) It's not practical yet due to the required processing & storage. In my ignorance, I don't know which is the case.

Offline Dictionary Attacks

Offline Dictionary Attacks do work on "strong" passwords. I got the hash of my Dad's strong Mac OS X password (something like "l;770gH>K") and cracked it using John the Ripper in about 45 days using an old Power Mac G4 400mhz machine. It's not hard, you just have to be patient. To be fair, I think OS X uses SHA1 as opposed to MD5 (which would have taken a lot longer to crack probably)

Re:Offline Dictionary Attacks

True, you can brute force anything if you're patient. SHA1 is quite a bit stronger than MD5 though. I don't think MD5 has been totally broken yet, has some very serious cracks.

WPA-PSK at risk in similar circumstances

[eggboard]

The LEAP problem is pretty egregious because PEAP and EAP-TTLS are in wide use -- both of which encrypt the authentication process protecting against just sucking down a transaction for offline analysis. PEAP was supposedly supported by Microsoft and Cisco, but I don't see how Cisco is supporting it by releasing EAP-FAST, which is an alternate approach that's not as strong as PEAP. (PEAP is also supported by Mac OS X 10.3, just by the way, as well as third parties who made 802.1X authentication software clients.)

But remember that this problem isn't limited to LEAP. As Robert Moskowitz of ICSA Labs wrote last November, poor WPA preshared key passphrase choice can allow WPA keys to be cracked. WPA (Wi-Fi Protected Access) is a fix to WEP that involves dramatically more complexity and sophistication in deriving per-packet keys.

However, if you choose a dictionary-crackable passphrase of under 20 characters in WPA, you hit the same problem as LEAP: a cracker can trigger a deauthentication, capture the reauthentication in less than a minute, and then crack at their leisure.

WPA-PSK will probably only be used in home and small office networks, where passphrases may be poorly chosen. I have spoken to manufacturers about changing the presentation layer: don't let users pick bad passwords. So far, to no avail. Not even a recommendation from the Wi-Fi Alliance.

how long for the offline crack?

[Matey-O]

I always thought LEAP's strengths were in the time based key exchange. If the keys are exchanged some aribtrarily short period of time, you won't have the time to do a 128-bit crack.

Not having used LEAP, during a 'deauthentication' is there any notification to the client that the wireless subsystem is 're-authenticating'?

Allways on the ball

[RustyTaco]

Wow, this is slow on the uptake even for slashdot. This was demonstrated last year at DefCon in August. It works because, as somebody else mentioned, there is no salt on the hash so you can pre-compute massive hash dictionaries. Also, it's a bastardized MS-CHAP which stupidly pads the hash with two constant characters so you can almost instantly cut down the keyspace you need to brute force by a huge margin.
The limiting factor is how fast your attack machine can read your pre-computed dictionaries off the disk.

- RustyTaco

Re:Allways on the ball

[mtrisk]

Yes, Asleap was demonstrated at DefCon in August, but when Cisco got a hold of it they asked the developers to wait six months before releasing it to the public, so they would have time to work on a more secure successor to LEAP. So Cisco came up with EAP-FAST, and Asleap is just now being released for download. (Or that's how the story goes anyways.)

Hire EXPERIENCED security people, not cheap ones!

[kbonin]

This is yet another example of why you need to hire security programmers with actual experience in the field, not just outsource it to a cheap Indian programming group with no real experience writing robust protocols.

I'm an ex Cisco security programmer, and thats exactally what was happening before I quit. I wish I could say more...

Re:Compare apples to oranges

[O2n]

There is a VAST difference
Yes, it's the difference between fscking 300 milion Joe's who cannot sue you and don't really know the difference between a CPU and an operating system, and trying not to piss off big $$$ companies which can, eventually, sue. Microsoft is also helpful towards big $$$, rest assured.

salts?

[Heisenbug]

"In this age it is becoming possible to precompute the hashes and then look them up, in that case the "strength" of the password becomes less important."

I would love to know how this works -- I thought it was pretty much useless. First because the storable keyspace is so much tinier than the total keyspace, and second because of salts.

IANACrypto person, but the basic idea with salts is that the router would say 'please send me your password hashed with the string "abcdefg".' The client then says, "oh, of course, that's hash('passwordsexgodabcdefg')". The evil sniffer has hash('passwordsexgod') stored in their lookup table, but that's totally useless in discovering what the client used. Since 'abcdefg' is a different string in each transaction, the lookup table becomes irrelevant.

I wasn't being sarcastic above -- I would love to know if this technique has somehow been overcome.

Re:salts?

[silas_moeckel]

OK speaking as somebody that started doing this years ago vs unix crypt function commonly used to store passwords. The salt does add to the number of permutations as for each cleartest password you need to crypt it with every possible salt.

I think the funny bit about this is there is allready a fix anyway it's SecurID as it rotates the password at every signon it invalidates this program as knowing the password does no good.

Once again, securing the network isn't effective

[adamsc]

It's funny how much effort people put into solving the wrong problem - if you simply treat your wireless network like the Internet and secure your actual services, none of this is a concern.

Re:AMERICAN GAYBOYS!!! JOIN aPPLE COMPUTER CLUB!!!

[okayiaT+ver.65535]

but... ... ...
I am Japanese... :o)

Sigh...

I feel for you man. But my teacher told me, and I stick to this in my life: "The cream will always rise."

Re:Sigh...

You have too much faith in humanity.

Re:yes!

Cisco -> Ci sco -> Ci SCO -> SCO
Civilian control monkey.

Re:Attention Slashbot Bitches:

> Happy birthday to me.
> Happy birthday to me.
> I paid for some pussy,
> but you got some for free.

u-mmmm.

That song is like a
"DENKI GROOVE - Happy Birthday.mp3"
Japanese music.
I think.
Dig.
o.

_
by okayiaT ver.65535
# CheapGbE!GbE!!TheKLF!KLF!!TheRMS!RMS!! And a meme sparks...

OUTSOURCING

[ShadowRage]

anyone think this is due to outsourcing besides me?

just after cisco started utsourcing, their products have become faulty, sure, the programmers in india are pretty smart, but most are quickly trained amatuers who are usually new to coding secure applications. anyone else think this may be the case?

Re:OUTSOURCING

[kbonin]

I was there. It is due to outsourcing. Period.

dictionary attack ?

Maybe people should stop using dictionary words for passwords?

I think of a phrase and take first letter of each word, like

Top of the morning to you ==> totmty

etc..

Re:precomputed hashes

The problem is that most will spinkle some salt on the password, resulting in a new hash value.

So, let's say my password is "dog". I'll put a random but publicly known salt in front of it: "abc". The hash algorithm will then hash "abcdog".

If that's the case, then it gets very expensive to hash every password... you basically need s^n copies of your hash dictionary. If you pick a suitably large numbers for s & n, that can become unreasonably large.

WLSE hardcoded login/pass - how widely known?

[zaffir]

How widespread is knowledge of the hardcoded login and password? I haven't run across it yet, but that doesn't mean it isn't floating around.

Re:Hire EXPERIENCED security people, not cheap one

[skifreak87]

Sadly the problem is consumers don't care enough to require companies to put the effort into caring about real security. How many people who buy these products actually know what a brute-force or dictionary attack is? In my comp sci course we, doing a time-space tradeoff problem cracked a subset sum password scheme (iirc, subset-sum is NP-complete so there's currently no known polynomial time algorithm) fairly quickly (it was one that M$ used to use). I bet most people who purchase these products have on knowledge/no interest in what makes a security scheme vulnerable as long as it works for them.

Furthermore, aside from the tinfoil hat crowd, do most people really have a need for their systems to be crack-proof. Granted, I use various randomly generated passwords (but I use them all enough that my fingers remember them even if I forget them) but in all honesty, if someone cracked my computer password, unless they were just an asshole trying to wreak havoc for no reason, there's not much they could grab that would bother me (pr0n is not something I'm embarassed about having on my computer and anything really private, I have encrypted another way - I used to keep a journal on my comp but I never wrote in English in case someone saw it because that was way private).

Companies respond to consumer pressure. If people really wanted these things to be super secure, there'd be a consumer backlash and then Cisco would realize that things should be super secure. Problem is, most people don't seem to care. How many management people have any idea what their IT person is talking about when he mentions public-key or asymetric key versus symmetric key encryption? Furthermore even if they do, do you think they honestly understand what makes certain protocols more secure than others?

The /. crowd cares because we're all computer geeks and we read /., but until mainstream consumers care, there's not much incentive to correct things.

Cisco Ads in France, all about Security

[Erik_]

And in France, Cisco is now passing TV Ads about total security in their networks, and self-healing systems. Not a good claim to do these days...

Re:Cisco Ads in France, all about Security

[Ben+Hutchings]

In France I believe the normal procedure is to claim total security and then sue your detractors.

Or....

[raehl]

Of course, in the end anything is breakable given enough time and/or money.

Or a big enough hammer.

throw away wireless security and start over

[hak1du]

Wireless security is broken beyond repair, and incremental attempts to fix it, like LEAP, just aren't working.

I think we should just treat all networking transports (wired, wireless) as inherently insecure and implement security separately with systems like IPsec, ssh, and SSL.

Then, we won't have to upgrade our hardware every time another flaw surfaces. Or is that perhaps the plan, actually?

Not the plan, just the way it should be done

[anti-NAT]

Security is best done end-to-end. As significant amounts of traffic requiring security cross layer 2 boundaries (ie. the wired or wireless networks you are talking about), it is far better to implement the protocols you are taking about, which usually provide end-to-end, or near end-to-end protection.

The Rest of the Story..

So, to summarize, this isn't news. Josh announced this on Bugtraq last year and with held the actual exploit until just recently. Funny enough, Bugtraq wouldn't post the annoucement when it actually was released.

The real question though is what does this *really* mean to wireless security? The answer is: not much. Most large enterprises that were using LEAP migrated to Cisco PEAP (or MS PEAP), or EAP-TLS in recent months or just simply unplugged their wireless from the network in some instances.

The state and history of wireless security is this. First there was static WEP, and static WEP had a technical problem (not to mention the social vulnerability of a shared key) with weak IVs, but any modern implementation has fixed this and is immune to wepcrack/airsnort. In response to this, three different technical solutions were created:

1. Dynamic WEP (change out key via 802.1x framework every 4 minutes).

2. WPA 1.0/TKIP (new key every packet, new MIC, 48-bit IV).

3. WPA 2.0/802.11i (802.1x, RSN, and AES). The standard is being finalized and products will begin to appear at the end of the year.

With the addition of new wireless IDS's and 802.11 aware stateful firewalls, (like Aruba), wireless gets even more secure then it ever has been before.

Bad Faith?

[TubeSteak]

Using your situation, couldn't you argue that Cisco made some false claims, engaged in false advertising, and if you got a contract with them... negotiated in bad faith? This seems like it should be s serious issue for their 'newer' customers and maybe they deserve some sweeteners to be added to their contracts.

You, sir, are seriously mus-informed...

[Svartalf]

Seriously, the last thing we need is slow hardware.

1) Some of the fastest hard crypto (i.e. military grade...) came from the very person I mention as an example.

2) Variety can only take you so far- chaff, etc. can make it difficult, but in the end, you basically end up with the same level of vulnerability you had in the system to begin with. Even variety doesn't make up for a weakness in your system.

Re:You, sir, are seriously mus-informed...

[sbrown123]

Some of the fastest hard crypto (i.e. military grade...)


Your talking to someone who worked in DOD. Theres no such thing as military grade crypto. Its the same stuff you find in the consumer market. When the use Cisco hardware they dont load anything special on it. Thats why you hear of crackers/hackers getting into them or military projects hurt by simple things like Microsoft Windows worms.


Even variety doesn't make up for a weakness in your system.


Sure, but which system? Ill use a simple example with three server operating systems: NT, Linux, and Solaris. Name a single virus or weakness (besides DOS) that effects all three?

Re: Microhard?

[neunhauer]

Microhard? Sounds like the main ingredient for a few crass jokes, so I'll keep this short. Never mind.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:precomputed hashes

[Valar]

But what he is saying is that if the hash is md5, you find one string that corresponds to each possible hash. Then it doesn't matter if it is salted or not, because the salted version would be in the dictionary as well. This isn't really feasible with current technology for md5, but it is part of the reason the old unix crypt has a limited shelflife.