WPA Weak Key Cracker Posted

← Back to Stories (view on slashdot.org)

Posted by michael on Friday November 5, 2004 @02:02PM from the bet-the-NSA-already-has-it dept.

Glenn Fleishman writes "The folks at TinyPEAP released a cracking tool to break Wi-Fi Protected Access (WPA) keys. WPA is the replacement for weak WEP keys in the original 802.11b specification. Robert Moskowitz of ICSA Labs released a paper almost exactly a year ago documenting how WPA keys that were short and lacked randomnness could be subject to cracks. This tool automates the process. Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits. Some tools exist to produce better keys, including chipmaker Broadcom's SecureEZSetup (in selected hardware) and Buffalo Technologies' hardware-based AOSS for automatic key generation and propagation. Enterprise-based WPA with 802.1X doesn't have this weakness: each user gets a long WPA key that's randomly generated and uniquely assigned--and can be frequently changed during a session."

55 of 168 comments (clear)

Min score:

Reason:

Sort:

By its nature... by The+Islamic+Fundamen · 2004-11-05 14:04 · Score: 2, Insightful

When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.

--
Call me and my voicemail! 914-713-6795. (wow, I have the balls to post my voip number on /.)
1. Re:By its nature... by Anonymous Coward · 2004-11-05 14:19 · Score: 2, Insightful
  
  When you really think about it, by nature the internet can never be too secure. I mean, your data is being transmitted through dozens of other servers to another point. Think about it.
2. Re:By its nature... by wcdw · 2004-11-05 14:26 · Score: 4, Insightful
  
  Theoretically, perhaps - but how secure does it need to be? All wireless traffic in my home uses SSH tunnels between the laptop and the firewall.
  
  When it becomes possible to conveniently crack SSH tunnels, I'll start to worry. By then, I'm sure there will be something better available. Meanwhile, you can sniff those ESP packets to your heart's content.
  
  This is trivial under Linux, and not much more difficult under Winblows (clients), and I'm surprised more people don't suggest it as an alternative to WEP/WPA.
  
  (My girlfriend uses Winblows w/ SSH Sentinel, and has only had one problem that rebooting wouldn't fix - in over 3 years. That one? Installing XP / SP2 turns on the [useless] firewall, which blocks the ports needed by the VPN.)
  
  http://www.theboyz.biz/Computers, parts, electronics, small appliances and more!
  
  --
  If you're not living on the edge, you're just taking up space!
3. Re:By its nature... by slashdot.org · 2004-11-05 14:37 · Score: 5, Insightful
  
  When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.
  
  I guess that's an understandable misconception about security. But security has by nature nothing to do with wireless or wired.
  
  Good security is based on the principle that other people WILL have access to your encrypted data.
  
  Unfortunately, the people that implemented security in the wireless protocols did a piss-poor job and left it vulnerable to (known!) attacks.
  
  However, if you just ran IPSec or something over your wireless connection, you'd be fine.
4. Re:By its nature... by wcdw · 2004-11-05 14:48 · Score: 2, Interesting
  
  The FACTs are that when SP2 was installed, it altered the system configuration, and installed a perfectly useless product. (Actively dangerous, as noted by the bug which enables file/printer sharing across ALL connections if you have it on any!)
  
  As for not knowing what happened, it took me about 10 seconds to solve the problem. And, in fact, DID require a reboot, but then again, that's Winblows.
  
  As for lacking sufficient knowledge of firewalls, you're welcome to try and hack mine. It's been up for 7 years now without an intrusion. And not for trying, according to my logs.
  
  --
  If you're not living on the edge, you're just taking up space!
5. Re:By its nature... by KillerCow · 2004-11-05 15:26 · Score: 3, Insightful
  
  When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.
  
  Your wired network can't be too secure either. All that you need to do is attach a listening device to a wire somewhere. Or just compromise a machine.
  
  See the sibling post about how the basis of cryptography is asuming that someone has access to your encrypted data and the encryption algorithm. All security rests in the key. Cryptographic algorithms exist that can make it infeasable to decrypt a block of cyphertext without the key.
6. Re:By its nature... by Fweeky · 2004-11-05 16:11 · Score: 4, Informative
  
  Looked at OpenVPN? Seems a lot easier to configure than a VPN.
7. Re:By its nature... by drfrogsplat · 2004-11-05 20:04 · Score: 2, Funny
  
  As for lacking sufficient knowledge of firewalls, you're welcome to try and hack mine. It's been up for 7 years now without an intrusion. And not for trying, according to my logs.
  
  Put your money where your mouth is and post your IP on /. then (;
8. Re:By its nature... by Alejo · 2004-11-05 22:59 · Score: 2, Insightful
  
  still missing: session keys and host keys. :)
  Plus how good is your OS at getting entropy? What symmetric encryption algorithm? What key exchange algorithm?
  And about ssh over vpn... a friend (known player @ crypto) told me once that you should never assume that re-encrypting would improve security, unless you are using a well known and tested method of mixing both encryption systems.
  Intention of this post is not bitching, but to try to make ppl aware it's not just "i use XXX, so im safe", but a very complex subject.
9. Re:By its nature... by RandomJoe · 2004-11-06 01:28 · Score: 2, Interesting
  
  It is a WHOLE lot easier! Reading the discussions, I was wondering if anyone else had comments on it. I was originally trying to set up IPSec for home, but had the dual problem of figuring out how to get my work (Win2K) laptop using it (while not messing up the VPN client my company had set up), and just plain figuring IPSec out in the first place. What a mess... I could get there, but next time I needed to do it (very seldom) I was learning all over again. (Yeah, take notes, I'm bad about that...)
  
  I then tried OpenVPN, and without much difficulty at all have set up connections for both wireless access at home, and remote from work to the house, on both my Linux laptop and the work Win2K laptop. The connections on the work laptop were set up probably 2 months after the Linux one, and it only took me a few minutes to remember how to do it. (Using RSA keys, not preshared keys.)
  
  I'm no security expert, so I have to rely on what is said on the OpenVPN site and elsewhere. Is this pretty trustworthy? I now have it setup so NOTHING happens over wireless unless you VPN somewhere. Either OpenVPN to my home network, or the work laptop can VPN (Cisco client) to the corporate office. Remote access is the same way, and limited to certain IPs that I'm likely to be at.
  
  Having done this, I also don't bother with WEP/WPA, but do put the MACs in the AP. Yes, they can be spoofed, but then they hit a blank, unresponsive wall, except for the OpenVPN port. My firewall is not "standards compliant" - I just DROP undesired packets from WLAN or Inet. Fun to see those "test your IP" sites asking if I'm sure the computer is on! ;-)
10. Re:By its nature... by SillyNickName4me · 2004-11-06 04:18 · Score: 2, Informative
  
  > just generate a key from /dev/urandom on nix. doesn't get any more random than that
  
  Maybe you are talking about a specific implementation here (Linux I bet) and detaisl are sightly different between different unix like systems... /dev/urandom is not random at all, it is pseudo-random at best.
  
  The basic issue is that as soon as you think up a process that generates numbers in a way that you can describe mathematically, you also end up with a process uncapable of generating real randomness.
  
  You can get most aspects of randomness, but what you won't get, and that is the most important part for encryption, is unpredictability.
  
  How predictable things are depends for a bit on the algorithm that you use, and for a large part on the abbility to deduct the current state of the 'random generator'. If those 2 are known, the next number your random generator will produce can also be known.
  
  This is why it is so important to have a good entropy source, it makes it virtually impossible to guess at the state of the generator.
11. Re:By its nature... by wcdw · 2004-11-06 04:30 · Score: 2, Interesting
  
  All good points, from a security point of view. I should point out that I do stay current on security patches, including randomness issues, and that ALL of the connections in these networks involve at least one Linux box.
  
  Regarding SSH over VPN, I don't do it for added security, and am familiar with at least some of the dangers multiple encryption layers can present. I do it because when the laptop is wireless, it CAN'T talk to anything without the VPN -- and there is no command line access to any of my boxes save SSH, even through the wired network.
  
  And actually, the nature of the root post should make it clear that 'just because I use [WPA] I'm safe' is a fallacy. It's entirely possible to make SSH and/or IPSec relatively insecure.
  
  For example, using a pre-shared key that is the name of your dog, and e-mailing it to the receipient on the other end, well...
  
  But as far as making people aware, as far as I know, no one has even been able to get across the concept of strong passwords, never mind creating memorable ones that don't need to be written down anywhere.
  
  It's unlikely that people are going to change, meaning that encryption needs to be make stronger IN SPITE OF the user. It wouldn't be that hard, for example, to add a routine to new WPA boxes that refused to accept weak passwords.
  
  --
  If you're not living on the edge, you're just taking up space!
12. Re:By its nature... by peter · 2004-11-06 09:13 · Score: 2, Informative
  
  > /dev/urandom is not random at all, it is pseudo-random at best.
  
  On Linux, that's wrong. /dev/urandom returns very high quality pseudo-random at _worst_. /dev/random never resorts to mere pseudo randomness, and read(2)s on it block until the kernel has accumulated enough entropy in its pool. (yes, Linux maintains an entropy pool which it seeds from random events so there is some true randomness waiting for programs like gnupg or statistical simulations that need it.)
  
  You're correct about everything else, though. The only thing you didn't know is that /dev/random doesn't come from a purely algorithmic source. Kernels have access to more than just a Turing machine :).
  
  > This is why it is so important to have a good entropy source, it makes it
  > virtually impossible to guess at the state of the generator.
  
  Now you're talking. That's why Linux uses the low bits of the CPU's clock cycle counter sampled during interrupts (which are generated by disks, the network, keyboards, and mice, etc. i.e. fairly unpredictable things, esp. wrt. exact numbers of CPU cycles!) It mixes these samples into its pool with cryptographically strong algorithms (insert hand-waving here... :), so even if the samples aren't very random, they don't make it worse.
  
  If you're totally paranoid, RML's netdev-random patch will let you choose whether you want to add entropy from network interrupts to the entropy pool. Of course, you could also use rngd from rng-tools to feed entropy from your chipset's built-in rng (which measure thermal noise, and so has randomness that fairly directly from quantum mechanical processes, the only known source of true unpredictability in the Universe.)
  
  --
  #define X(x,y) x##y
  Peter Cordes ; e-mail: X(peter@cordes , .ca)
13. Re:By its nature... by SillyNickName4me · 2004-11-06 09:44 · Score: 2, Interesting
  
  > On Linux, that's wrong. /dev/urandom returns very high quality pseudo-random at _worst_. /dev/random never resorts to mere pseudo randomness, and read(2)s on it block until the kernel has accumulated enough entropy in its pool. (yes, Linux maintains an entropy pool which it seeds from random events so there is some true randomness waiting for programs like gnupg or statistical simulations that need it.)
  
  Blahblahblah.
  
  1. the point of my post was to point out that you should verify that your random generator has a good enough entropy source, and if you had bothered to read my post a bit more carefully, you would have seen that I am aware of the fact that Linux does a decent job at this.
  
  2. You ensure randomness in the entropy pool, and thereby in the state of the random generator. The generator itself however is still pseudo random.
  
  3. Sorry if I sound annoyed here, but what was the point of your post other then trying to push a specific system?
Better colours by Anonymous Coward · 2004-11-05 14:11 · Score: 3, Interesting

http://shit.slashdot.org/article.pl?sid=04/11/05/2 143226
Odds of implementation? by IamGarageGuy+2 · 2004-11-05 14:13 · Score: 3, Insightful

The odds of Joe sixpack going the extra step of making a 20 character key is not good. WiFi setups are all the rage and now can all be broken into even after you spend an hour telling someone that they have to use WEP.

--
Stay tuned for new sig...
1. Re:Odds of implementation? by EnronHaliburton2004 · 2004-11-05 14:28 · Score: 2, Informative
  
  WEP
  
  Er, you mean WPA?
  
  --
  94% of Repubs and 21% of Dems voted to renew the Patriot Act
2. Re:Odds of implementation? by IamGarageGuy+2 · 2004-11-05 14:29 · Score: 3, Funny
  
  doh! - temporal acronym overload
  
  --
  Stay tuned for new sig...
3. Re:Odds of implementation? by fisgreen · 2004-11-05 17:14 · Score: 3, Interesting
  
  The odds of Joe sixpack going the extra step of making a 20 character key is not good. WiFi setups are all the rage and now can all be broken into even after you spend an hour telling someone that they have to use WEP.
  Sadly, who needs to break into anything when so many leave their front doors wide open? I just moved into a new appartment complex. While waiting for my cable to get turned on, I thought I'd scan for networks, just for the hell of it. F'ing amazing: five APs detected, one WEP (not WAP) secured, four open. Of the open ones, three hadn't even changed the defaults.
4. Re:Odds of implementation? by cbiltcliffe · 2004-11-06 05:46 · Score: 2, Funny
  
  So:
  
  1. Put up an ad in the mailroom for computer and network service in apartment number
  2. A week later, start enabling WEP on the open routers.
  3. Residents go ?????.
  4. PROFIT!!
  
  (Who knew this /. staple could ever be used in a sensible way?)
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
So it's just a bruteforce/dictionary tool... by zaffir · 2004-11-05 14:14 · Score: 2, Informative

What's the big deal? Kismac has had this feature for a while. I hope i'm missing something.

--
"Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
1. Re:So it's just a bruteforce/dictionary tool... by zaffir · 2004-11-05 15:06 · Score: 3, Informative
  
  Notice i said Kismac, not Kismet. This new tool doesn't do anything special when attacking WPA. It isn't even the first to do this non-special thing.
  
  --
  "Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
Re:What Morons by Sarhosh+Amiral · 2004-11-05 14:15 · Score: 2, Informative

It does not have to be cracked, MAC filtering does not prevent from others listening the network.
Re:What Morons by Anonymous Coward · 2004-11-05 14:15 · Score: 2, Informative

Um, do you know how easy it is to spoof MAC addresses? Very easy.
I'm all for this. by Anonymous Coward · 2004-11-05 14:16 · Score: 5, Funny

Leaving my WAP wide open all the time allows experienced crackers to access all the best pr0n sites with ease via my connection. All I then have to do is check the logs and Voila! There they are! Saves me looking for them and having to wade thru the pop-ups and bogus sites!
no good excuse by Misanthropy · 2004-11-05 14:17 · Score: 3, Interesting

there's not really any good excuse for a weak wpa key. My router will generate a random 128bit key.
Kind of funny. I have our wireless router locked down with a 128bit key and only accepting connections from mine and my roommates' MAC addresses. But one of my neighbors has a wide open access point that I can connect to whenever I wan't.
I don't really want to, but I could.

No real point to this post except that you should attempt even minimal security (Unlike my neighbor).
In addition to a cracker by slashdot.org · 2004-11-05 14:18 · Score: 4, Interesting

I would have liked to see a tool that will verify if your chosen key is 'secure' or not.

Would have made the crack software look a little less black-hat, to the uninitiated.

Just an idea.
Re:What Morons by PedanticSpellingTrol · 2004-11-05 14:19 · Score: 5, Insightful

Jesus christ, I hope you don't have a job in security. If all your packets are unencrypted, anybody can sniff them, see what MAC addresses are recieving traffic, and thus are on the whitelist. From there, it's a simple matter to spoof the MAC in software. This feature is built into linux, windows and OS X. The myth that MAC addresses are a universally unique identifier is dangerous and has to be dispelled.
This is why by zakezuke · 2004-11-05 14:20 · Score: 5, Funny

This is why I setup a stand alone wifi network that when ever war-drivers discover my "wireless network" everything they visit gets redirected to goatse. The result, I've observed is usually a loud exclamation followed by the sound of screeching tires and burnt rubber.

Next i'll observe when I secretly host a wifi network near starbucks and replace everything with a small mirror of www.khaaan.com.

--
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
1. Re:This is why by zakezuke · 2004-11-05 15:30 · Score: 3, Funny
  
  If you want to get really evil, I assure you that some twisted people are perfectly capable of dreaming up even scarier things than goatse
  
  I don't know, hearing 20 laptops or so yelling "Khaaan! Khaaan!" I think is scarier than a penis bisection.
  
  --
  There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Re:What Morons by chizu · 2004-11-05 14:25 · Score: 3, Insightful

"ifconfig wlan0 hw ether [mac address]" sets your wlan card's mac address under Linux. There is probably a way to do so under Windows as well.
don't blame WPA by nbert · 2004-11-05 14:27 · Score: 4, Insightful

...if your key is asdf - the attack is based on a dictionary. This weakness relies on human nature after all.

Btw: The Tips and Tricks section of this newsletter is a good ressource if you want to create passes which are harder to guess.

--
I don't read replies by ACs.
1. Re:don't blame WPA by nbert · 2004-11-05 14:32 · Score: 2, Informative
  
  arghh - let's blame my caffeine consumption...
  
  Here's the a correct link
  
  --
  I don't read replies by ACs.
Re:What Morons by wcdw · 2004-11-05 14:31 · Score: 3, Informative

NOT really a good idea to start a thread about morons, and then act like one.

_YOUR_ wlan card may have the MAC address burned into it. Once ALL NIC did. I think it was more than 10 years ago that I saw my first NIC that DID NOT HAVE a MAC address (it was all zeroes, and expected to be set in software).

_MY_ wlan card will _CERTAINLY_ let me change the MAC address - under Linux _or_ Windows.

http://www.theboyz.biz/Computers, parts, electronics, small appliances and more!

--
If you're not living on the edge, you're just taking up space!
Ho hum by Realistic_Dragon · 2004-11-05 14:33 · Score: 2, Interesting

Guess it's not time to abandon treating all wireless hosts as bastions and using SSH to tunnel/authenticate just yet then.

Treat wireless just like you do a student network and everything will be fine.

--
Beep beep.
1. Re:Ho hum by Dr.+Evil · 2004-11-06 03:28 · Score: 2, Informative
  
  Note that WPA is just like WEP but with quickly rotating keys and more secure key exchange. Yeah, you can't crack it in real-time to get on the network... but if you listen to the vendors carefully, they'll even say it... "Authentication, Authorization.... " But never will they formally say "Secure encryption of data"
  You can decode everything but the key exchange off-line.
  VPN software is the only way to go. The wireless vendors are liars.
  Does anyone want to comment on WPA2? Does it require new hardware?
Re:WPA Keys by Olmy's+Jart · 2004-11-05 14:33 · Score: 3, Informative

Yes... Several..

Do your homework. Look up Supplicant, XSupplication, HostAP, 802.11i for Linux, 802.1x for Linux, etc, etc, etc... Lots of things going on.

ITMT... This crack is only for weak keys with WPA-PSK. Not applicable to WPA enterprise or WPA2.
Comment removed by account_deleted · 2004-11-05 14:43 · Score: 2, Insightful

Comment removed based on user account deletion
Re:What Morons by arth1 · 2004-11-05 14:51 · Score: 3, Informative

you need to brute-force check each MAC adress. there are ways to make this harder in the router.

No, you don't have to do this. Once the WEP key is broken (or if there is no WEP key, just MAC filtering), you simply listen to the traffic to get a MAC address that's allowed, and use that.

Regards,
--
*Art
Suggestion by cuteseal · 2004-11-05 15:02 · Score: 3, Interesting

From reading all the threads and flame wars going on here, it appears that WEP, WPA and even MAC address filtering is easy to crack, if someone was determined enough to do it.
So, I know it's not foolproof, but does anyone have suggestions on how to increase wireless security?
1. Regularly change WEP keys?
2. Use a proxy server to access internet, and disable direct access via access point?
3. Turn off router and computers when you're not using them?
Any others?

--
The friendliest digital photography forums on the net!
1. Re:Suggestion by slashname3 · 2004-11-05 16:56 · Score: 3, Informative
  
  The best thing you can do in addition to using WEP, changing keys, and locking down the MAC addresses allowed, is to use ssh or VPN software to encrypt your connections. If someone spends enough time to crack WEP and spoof a MAC address then the most they can get is access through your access point. They would have to break ssh or VPN to look at your data. Of course you would need to have tools in place to identify a man in the middle attack to prevent them from spoofing your connections.
  
  Of course if someone spends that much effort just to break into your wireless network you either have something really important or they are have way to much time on their hands. (and I doubt if anyone has anything that important on their network....)
2. Re:Suggestion by igrp · 2004-11-05 22:19 · Score: 4, Insightful
  
  From reading all the threads and flame wars going on here, it appears that WEP, WPA and even MAC address filtering is easy to crack, if someone was determined enough to do it.
  Well, there are different schools of thought when it comes to SoHo/low bandwidth WAN access security.
  You are attempting to lock your network down so that a potential attacker cannot use your connection. The other approach lock your network down just enough to make a cracker not want to bother and to move on to the next, easier target (ie. your neighbors' access points).
  The former approach generally works just fine if your goal is to deny a potential attacker access to your network bandwidth. It won't really stop a determined attacker who isn't just in it for a free-ride but who wants to steal specific data. If that's part of your threat model, chances are wireless isn't really for you. The downside is that this is pretty inconvenient. And since convenience is the big selling point when it comes to wireless networking, most people just won't take that route.
  Those people who have WEP and MAC address filtering enabled, basically want to protect themselves against random, unsophisticated wardriving. It won't help defend against a determined attacker and probably won't even scare off the teenager next door with too much time on his hands. The point isn't really to have good access security. It's just to raise the bar enough to be unatractive enough of a target. Think of it as a "I don't have to outrun the bear, I just have to outrun you" scenario.
Re:Just name all your specific MAC addresses by hsidhu · 2004-11-05 15:39 · Score: 5, Insightful

ummmm how hard is it to sniff the traffic, and get the MAC addess that is allowed and then spoof it?
Asside: WEP = Wired Equivalency Protocol by KillerCow · 2004-11-05 15:48 · Score: 4, Insightful

As an aside to the above point, the original "WEP" stood for "Wired Equivalency Protocol." They chose that because it acknowledged that wires weren't inherently secure either. It's name didn't claim security at all... just that it was equivalent to a wire. The inside joke was that that didn't mean anything from a security standpoint either.
What is Slashdot coming too? by Anonymous Coward · 2004-11-05 16:20 · Score: 2, Funny

I know traffic has been declining to this site but please have a little dignity left. Posting cracks on slashdot? What next, hosting the latest music, movies and software. I would hope the moderators would do a better job sifting through stories. Lots of good stories are getting rejected while dupes and stuff like this gets posted all the time. It's just a shame to see this site suffering from the same problems big media conglomerates have.
Re:Just name all your specific MAC addresses by zakezuke · 2004-11-05 16:47 · Score: 4, Insightful

How many home networks really need to allow random MAC addresses access?

How many home users know what a MAC address is?

--
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Re:Just name all your specific MAC addresses by IHateSlashDot · 2004-11-05 17:45 · Score: 5, Insightful

You're kidding right? MAC filtering provides absolutely no added security. Once the encryption is broken, spoofing a MAC address is trivial.
What about unsecured networks? by porkUpine · 2004-11-05 18:35 · Score: 4, Funny

Until people start securing their wireless networks with SOMETHING, wireless will always have a bad reputation. As nice as it would be, we aren't allowed to use wireless in office... period. BTW, I'm surfing /. from my neighbors unsecured WAP. *Sigh*
Re:Just name all your specific MAC addresses by Anonymous Coward · 2004-11-05 20:12 · Score: 2, Funny

How many home users know what a MAC address is?
Let me guess...
A: The street address of an Apple Macintosh?
B: The serial number of an Apple Macintosh?
C: Address of the closest MacDonald's?
D: Something that can be changed under Network Device Settings?
Re:What Morons by wfberg · 2004-11-05 22:14 · Score: 3, Informative

MAC adresses are universally unique identifiers, except for a few duplicate runs in cheap-ass brand NICs.

It's just that they cannot be authenticated in any way. It's like allowing only people who claim to be you on your network, rather than people who can prove it in some way.

--
SCO employee? Check out the bounty
What are "short" WPA keys supposed to be? by rpp3po · 2004-11-05 22:24 · Score: 5, Insightful
It is easy to see, that the original poster of this story has no clue about encryption. There are several misconceptions in his posting:
1. He writes: "WPA is the replacement for weak WEP keys in the original 802.11b specification". This is wrong. "weak key" ist a crypographic term for - wonder - weak keys, like 128 bit, consisting of 1's only (1111111111111...). For like 30 years, even WEP, has taken measures to prevent this kind of keys during use. WEP's problem in fact is the deterministic generation of IV's of the keystream, not weak keys.
2. "Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits." That's also misunderstood. The PSK (pre shared key) even when not using 802.1X is always 256-bit. It's generated -from- a passphrase that you type in. A passphrase like "abc" e.g. contains less than 16 bits of security. So a WPA key generated from the passphrase "abc", although still being 256-bit, can be cracked within the time of a 16 bit brute force attack. This is done by simply generating WPA keys from all passphrases between "aaa" and "zzz". So you always use 256 bit keys (PSK's), but they can be generated from much smaller passphrases.
3. "each user gets a long WPA key". See above. The keys are always the same size of 256 bit. When using 802.1X there is only maximum "randomness". That's the difference. It think the poster still thinks that WPA works like WEP where you actually use different key lengths.
One could think that I'm very picky about his words. I think not. Especially in cryptography it is important to know exactly what part of a cryptographic chain you're talking about, when talking about weaknesses. TinyPEAP seems to be just a tool for people like the original poster and script kiddies, who are in fact NOT knowing what they are talking about. It's just a bruteforce tool to try out WPA passphrases. This is supposingly faster for people using short passphrases than bruteforcing keys directly.
1. Re:What are "short" WPA keys supposed to be? by Anonymous Coward · 2004-11-05 23:17 · Score: 2, Interesting
  
  WEP has several problems. Deterministic IV generation is not one of them. To be precise, sequential IVs are preferable to random IVs because you can effectively avoid using the same IV twice. The IV is transmitted in the clear, so you don't need knowledge about IV generation to get the IV.
  
  WEPs main problem is that the space from which IVs can be chosen is much too small. That, combined with a user supplied key which is directly used for encryption instead of just securing the exchange of random keys, means that you can't avoid reusing the same key. The RC4 algorithm used by WEP becomes vulnerable when the same key is used twice.
  
  Due to the nonexistent defense against replay, attackers can create arbitrary amounts of traffic on encrypted networks. That means they can provoke IV reuse. Sequential IVs can be used to reject frames which are encrypted with IVs that the recipient has seen before, thereby foiling replay attacks.
2. Re:What are "short" WPA keys supposed to be? by eggboard · 2004-11-06 03:02 · Score: 2, Insightful
  
  I'm the original poster. You're reading what I wrote with the lack of knowledge necessary to comment on it.
  
  1. All WEP keys are susceptible to nearly the same degree of being broken by collecting enough data passively. Thus, they are all weak. From a definition of weak keys at an online dictionary: "In the extreme, a poor cipher design is simply one with a very large number of weak keys."
  
  2. No, you're misreading this, too. Moskowitz (see his paper) is talking about the seed data, not the resulting way in which it's represented. The lack of randomness in seed data is the problem. So if you take 16 bits of data and turn them into a hex WPA key, it doesn't matter whether it's represented as 256 bits. The whole problem is the algorithm by which it's processed. You need to start with at least 128 bits of data (into hex) that are non-dictionary, non-weak. (In this sense, weak is much more limited.)
  
  3. Sigh. Each user gets a key that has a full 256 bits of randomness.
  
  You are being picky about your words incorrectly.
  
  --
  Freelance tech journalist for the Economist, MIT Technology Review, Macworld, and others
Re:What Morons by zzyrc · 2004-11-05 23:07 · Score: 2, Informative

The frame control that contains the MAC header in an 802.11 packet is always unencrypted. So the list of MAC addresses is available at once, before key cracking.
WPA er Old News! by fogez · 2004-11-06 01:52 · Score: 3, Informative

KisMAC has had this function for a long time. Someone used it at Hope 2004 to their wifi key. In addition, Josh Wright has had a working copy available for linux for some time. The LiveCD from Remote-exploit.org (Auditor) has included this tool for about a month now. This is not new...