WEP And PPTP Password Crackers Released

Jacco de Leeuw writes "SecurityFocus published an article by Michael Ossmann that discusses the new generation of WEP cracking tools for 802.11 wireless networks. These are much faster as they perform passive statistical analysis. In many cases, a WEP key can be determined in minutes or even seconds. For those who have switched to PPTP for securing their wireless nets: Joshua Wright released a new version of his Cisco LEAP cracker called Asleap which can now also recover weak PPTP passwords. Both LEAP and PPTP employ MS-CHAPv2 authentication." Update: 12/22 00:14 GMT by T : Michael Ossmann wrote to point out his last name has two Ns, rather than one.

Feasibility of dictionary attacks no protocol flaw

Every communication which uses passwords for authentication is susceptible to dictionary attacks. That is not a protocol weakness. If you use a random and long enough password, you'll be fine. Public key based authentication has other risks, like insufficiently secured storage of the key.

End-to-End Security

[Renegade+Lisp]

This just underlines that encryption at the wireless link level may not be the right way to go. Even if the algorithm wasn't so weak -- it strikes me as odd that a whole network should be protected by just a single key, which needs to be present on every individual machine of this network. How easily is this compromised!

It's far better not to rely on wireless link encryption and encrypt your application-level protocols instead. SSL for web browsing, PGP or S/MIME for e-mail, ssh for login. Far better algorithms, far better key management.

Re:End-to-End Security

[selderrr]

While I applaud your suggestions for SSL, PGP et al., one should realize that none of these protect against network intrusion, or more often : someone living of your bandwidth...

Re:End-to-End Security

[RAMMS+EIN]

MAC address restriction is an especially weak form of protection on wireless networks. Contrary to wired networks, where the switch may only send data over the wire connecting to the right card, a wireless AP must broadcast the data to everyone in hearing range. This means that you only have to assume one of the MAC addresses that are allowed to connect to the AP, and you're on the network.

Re:End-to-End Security

[JJahn]

Although it may seem that the switch will only send data to the computer that is connected to it, that is easily subverted by ARP poisoning. Don't feel safe from traffic sniffing just because you use a switch.

Easier for travelers

[ad454]

Great, I will be leaving for a business trip soon, and now I can freely *access* those commercial WEP enabled Wi/Fi access points in many airports without risking my credit card.

Seriously though, Wi/Fi has to be treated like an unsecure public network, and anyone wants to restrict access they should use a more secure protocol like IPSec in host-to-host mode. Do not count on Wi/Fi manufactures to protect you, for some reason they just simply refuse to provide secure products.

Re:Easier for travelers

[Lumpy]

this will not break an authenticated WAP. the ones I help support in my community have only port 80 open for low bandwidth for free, you join us and you get a password you access through nocatauth and then gain full speed open access at the wireless points.

these tools are useless against that scheme. you still need to perform old-skool cracking in order to get past nocatauth, no point and drool tools for getting past that yet, espically with the non-public modifications we made to it to make it different than what is freely available.

Some thoughts on Wireless and Security

[Raindeer]

Well, I wrote some thoughts on Wireless and Security in my blog which I now copy here.

# setting up secure connections is too difficult for the lay person. We need standard Diffie-Helman key exchanges. I saw on the internet that it is available on some access points, but it just should be the standard of the IEEE. As far as I could find with Google it isn't yet. I can't understand why.

# Securing accesspoints should be mandatory. There are too many open access points available. There is no use for anonymous connections over a random family's access point, it only endangers them into being seen as cybercriminals.

# If people want to make it possible for neighbours and strangers to make use of their access point it should be done in the same way hotspots are now available at airports and Starbucks. Make it possible to extend the official network of the ISP to a users access point. This way if I open up my laptop and there is an access point available of Joe User, I can only hook up to it by propperly logging in to the ISP's network or use the airport/credit card system. This will require many roaming agreements etc, but it would bring security and convenience at the same time. It should be done in such a way that the person opening up his network in this way can throttle the speed of the guest users and/or the times they can access. So I would like to see a rule like "Guests can only connect when I am not connecting" or "Guests only get 1mbit/sec".

Re:Some thoughts on Wireless and Security

[DikSeaCup]

Of course, all that aluminum foil you're using to coat your walls and windows must have set you back a bit.

Security is an illusion ...

[Gopal.V]

To be truthful, nothing is secure ... It can only be "Secure Enough". If the cost of breaking something is more than the benifit - that is security in one sense.

Any encryption can be broken - given enough resources ... The trick is to make it so difficult that nobody finds out unless they are prepared to invest more than what you did (time, computing power, money, technology).

Interestingly in India, according to Department of Telecom website - security means something different :).

23. Individuals/Groups/Organisations are permitted to use encryption upto 40 bit key length in the RSA algorithms or its equivalent in other algorithms without having to obtain permission from the Telecom Authority. However, if encryption equipments higher than this limit are to be deployed, individuals/groups/organisations shall do so with the prior written permission of the Telecom Authority and deposit the decryption key, split into two parts, with the Telecom Authority.

We have to keep our private keys in ESCROW to use >40 bit encryption ... Talk about stupid laws (of course which no-one enforces or obeys).

Re:Security is an illusion ...

[amorsen]

Heh, I love the fact that they mention 40-bit RSA. 40-bit symmetric could be sort of used back in the 80's. With 40-bit RSA it's faster to break the encryption than to type in the key.

Misread the headline...

[Timo_UK]

And I thought they had released some crackers from prison...

Re:Feasibility of dictionary attacks no protocol f

[amorsen]

Every communication which uses passwords for authentication is susceptible to dictionary attacks

But the good ones only allow online dictionary attacts. LEAP, PPTP, WEP, and unfortunately WPA all allow offline attacks.

Re:Feasibility of dictionary attacks no protocol f

[wirelessbuzzers]

Every communication which uses passwords for authentication is susceptible to dictionary attacks. That is not a protocol weakness. If you use a random and long enough password, you'll be fine. Public key based authentication has other risks, like insufficiently secured storage of the key.

First, you will note that the attack on WEP (but not on PPTP) is not a dictionary attack and works with a computer-generated random 64- or 128-bit key. This is a protocol weakness.

Second, a good protocol does protect passwords. Either it establishes an encrypted session with the server, like SSH or SSL does, or it uses a secure password protocol like SRP. SRP in particular has the following properties:

1) The protocol is entirely public, and open-source implementations are available.
2) An eavesdropper on the wire does not get a dictionary attack on the password; without breaking the crypto behind the protocol, which nobody has been able to do yet, he gets no information. Of course, he can still do an online attack, but the server should prevent that.
3) Someone impersonating the server also does not get a dictionary attack on the password, even though the client does not need to memorize a key hash.
4) Someone who compromises the server database does get a dictionary attack on the password (this is inevitable), but they don't get the password for free. Furthermore, the password is salted, so they have some work to do.

Re:Feasibility of dictionary attacks no protocol f

[amorsen]

If you have automatic server authentication (which is often fairly easy to do with certificates or simply stored keys a la ssh) then you can avoid man-in-the-middle.

We've known WEP was broken for a long time

This article shows that the time needed to break WEP is smaller than previously demonstrated, not that WEP is any less safe than before. Really, we've known WEP was no good for a _long_ time. The reasons are well known. Both WPA and the recently ratified 802.11i RSN provide good solid fixes to link layer wireless security.

So, this isn't really "new" news, although it should reinforce the message that WEP is worse than useless.

Securing wireless connections

[da.phreak]

I did not trust WEP even before this tools were released. I read a bit about securing the connection independent of the wireless equipment. Treating the wireless connection like a public network, I set up a Virtual Private Network (VPN). I'd like to share my experiences:

First I tried to setup IPSec. It was a nightmare. Although I know a lot about computers and networks I did not manage to setup IPSec. It's configuration is so complicated, I have no clue. Although, it must be possible to get IPSec running, maybe it's just me who is too stupid :). IPSec would have been the most secure solution, but despite public belief it's not that secure:

http://www.schneier.com/paper-ipsec.html

Then I tried Cipe. It was very easy to get it running, but it's horribly insecure. Peter Gutmann wrote a nice article, which was in the news on slashdot some time ago:

http://lists.virus.org/cryptography-0309/msg00257. html

In that article I read about tinc, which I now use. It's almost as easy to setup as cipe, but more secure (although not perfect and not as good as IPSec). Here is the answer of the developers of tinc to Peter Gutmann's article:

http://www.tinc-vpn.org/security

So, maybe if you believe them it's not that bad, I'm not sure about this.

I think one great advantage of the VPN-solutions is that AFAIK there are no tools available that make cracking them as easy as cracking WEP. So the "common War Driver" or Script Kiddie has no clue what to do, you'd need some kind of expert to crack your connection. And, if such an expert is trying to break your security, you maybe have a bigger problem anyway.

I just wanted to have an acceptable level of security and lock War Drivers out.

Re:Old news

[beeblebrox87]

Whats wrong with letting the world access your network? Use SSH/SSL etc to keep your connections secure. If somebody wants internet access, why not provide a public service to them? Wouldn't you like it if someone else did the same for you? If they start using too much bandwidth you can always you can politely ask them to stop, and if that fails, blackmail them with all the pr0n they've been downloading.

Re:MAC Control tables useless?

[MarcQuadra]

Er, MAC filtering is the LEAST safe way to lock-out wireless. MAC addresses are EASILY picked-out of the air, and all you have to do is push the address you want to your wifi card to 'steal' one.

MAC filtering is not encryption, even if you MAC filter, I can come by with any number of 'tools' and leech all your traffic without having to do any work. Perhaps the only thing MAC filtering does is keep the non-technical neighbor upstairs off your signal.

This article refers to another way to crack networks that are actually encrypted, which was generally enough of a hassle that someone would want to specifically target YOU before going through the trouble. As with all encryption though, cracking what's out there gets easier every day, time to move up to something else!

Re:Old news

[LiquidCoooled]

Whats wrong with it is your not an ISP, and your not protected by the same rules, regulations and laws as them.

So if someone did illegal things through your connection, YOU will still be responsible.

Correction to submission

[paranode]

Just to clarify, it can crack the code in minutes or even seconds after you've already captured at least about a quarter of a million encrypted packets, maybe more. That will take longer than just a few minutes or seconds, most likely.

Re:Old news

[nickname225]

I think there is a high level of hysteria about this issue of you being responsible for someone using your link to download child porn. Remember - the criminal standard is "proof beyond a reasonable doubt". I am an attorney and I work for a District Attorney (although criminal law is not my area) and we would be extremely unlikely to prosecute anyone for child porn without finding actual images in the defendant's possession.

Re:Now who can we blame for downloading GB of stuf

[bhima]

I was speaking to an American friend, who lives in Atlanta, recently. He was complaining about this very thing. He owns & manages a variety of types of property which he leases out to people who run bars, restaurants, small businesses, warehouses, and even churches. Occasionally, he has tenants 'disappear' and when he goes down to inspect the property he finds evidence of drug related activities (i.e. rows of HPS lighting, hydroponic setups, and my favorite: money counters). So generally to keep it of his back he reports it and has the police come in and take it all in as evidence. Recently, during one of these events the investigating officer arrested him using a little known local law (either Fulton or DeKalb county) which required the owner of the property to report any illegal activities taking place on their properties. The law is so grey that they make no attempt to deal with whether or not the property owner is knowledgeable or a participant. In effect they demand that all property owners become investigators / informants.

Welcome to post 911 America

You only have to outrun the other guy...

[tc]

Two guys are out camping, when one night an angry bear starts trying to get into their tent. The first man quickly grabs his sneakers and starts lacing them up. The second man says "what the hell are you doing? You'll never outrun the bear!", to which the first replies "I don't have to outrun the bear, I just have to outrun you".

The moral of this story is that your security doesn't need to be perfect, it just needs to be 'good enough', and in this case 'good enough' is probably merely 'better than the muppet next door who hasn't secured their network at all'.

I use WEP to secure my wireless LAN. Does it bother me that it's possible to crack? Not really, because there are at least 2 other networks in my apartment building (with SSIDs of 'linksys' and 'default') which don't appear to have any kind of security at all. Which means that someone casually looking for a free connection is going to use them, not me. If someone really wants to compromise my network specifically, and has the time and skill to do so, well, then I have bigger problems...

OpenVPN

[halfelven]

By far the best way to accomplish that is by using OpenVPN.
I tried everything, IPSec, SSH tunneling, you name it. They all suck. SSH is, let's face it, limited. IPSec is cumbersome, not exactly friendly to all operating systems, doesn't play well with NAT (unless you use UDP encapsulation), etc. It is glaringly obvious that it's a severely overdesigned protocol.

Enter OpenVPN. It uses SSL for encryption, but it's not a SSL-based pseudo-VPN, but a true VPN - it can forward any IP protocol. Think of it as having the functionality of IPSec, but using a simpler and more sensible implementation.
It's cross-platform (Linux, Windows, Solaris... you name it). It's simple to install and configure (same software can be either server or client and the config file semantics are similar). It's secure (it can use signed certificates, passwords, any authentication mechanism you like). It can compress the traffic on the fly (using LZO which is pretty damn fast and low-overhead). If you use TCP transport instead of UDP, it can tunnel through ordinary HTTP proxies. It has dummy-friendly GUI for Windows. It slices, it dices and it makes coffee... oh, well, maybe not that.

Anyway, i'm running an OpenVPN server on my home firewall, and i put OpenVPN on all my computers (my workstation at the office, my laptop, etc.). Wherever i go, i just fire up OpenVPN and "i'm home".
I run IMAP through it, so my IMAP clients (Evolution), no matter where they are, they "see" the same IMAP servers and folders. That is awesome - different systems, yet my mail looks the same. And it's also secure. ;-)

My wireless access point has no security whatsoever: no encryption, no MAC filtering, no SSID cloaking... it even gives you a DHCP address. :-) However, it's behind a totally restrictive firewall. The only way to work around that is to open an OpenVPN tunnel. Then you can do pretty much anything, through the tunnel, of course.

It rocks!