Slashdot Mirror

← Back to Stories (view on slashdot.org)

WEP Broken Even Worse

Posted by kdawson on from the give-me-a-minute dept.

collin.m writes in with news of results out of Darmstadt. Erik Tews and others there have demonstrated how to recover a 104-bit WEP key in under a minute, requiring the capture of fewer than 10% the number of packets the previous best method called for. The paper is here (PDF). Quoting: "We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets... for 85,000 data packets [the success probability is] about 95%... 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz..."

66 of 393 comments (clear)

  1. Can ARC4 be used properly at all? by Myria · · Score: 5, Interesting

    Can ARC4 be used securely at all? Or are WEP's failings its own fault?

    On a somewhat related note, I'm annoyed that wireless encryption was implemented in hardware. Nintendo DS's wireless is worthless to me since the encryption system can't be upgraded.

    --
    "Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
    1. Re:Can ARC4 be used properly at all? by Lehk228 · · Score: 4, Insightful

      disable wireless security and implement real security, such as a RADIUS login. then set up a firewall rule to allow unauthenticated devices to access nintendo's servers

      --
      Snowden and Manning are heroes.
    2. Re:Can ARC4 be used properly at all? by drinkypoo · · Score: 4, Insightful

      disable wireless security and implement real security, such as a RADIUS login. then set up a firewall rule to allow unauthenticated devices to access nintendo's servers

      Login authentication does not prevent a man in the middle attack of the breakin sort.

      You need end to end encryption, including encrypted login and certificate verification with secure exchange made pre-connection to provide security over a wireless link.

      Just another reason why if it's not a PDA or a tablet, you should be using a wire. You can get 100' or more of CAT5E for the price of a 802.11G access point, and an 8 port 10/100 FDX switch with port autonegotiation (auto-crossover, too) is about $20. Good jacks will run you $5 per end. Patch cables are a buck and longer cables are just a few bucks.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:Can ARC4 be used properly at all? by stinerman · · Score: 5, Informative

      The problems with WEP have nothing to do with RC4. The problem is that the initialization vectors end up being reused because they are only 24 bits. Reusing IVs is a major no-no when dealing with a stream cipher. And to compound that, the implementation allows for a 50% chance to use the same IV after only 5000 packets. (see wikipedia)

      RC4 is still just as secure as it was before these WEP attacks.

    4. Re:Can ARC4 be used properly at all? by qbwiz · · Score: 5, Funny

      Dragging 300' of cable throughout and around your house to use your laptop anywhere you want: priceless.

      --
      Ewige Blumenkraft.
    5. Re:Can ARC4 be used properly at all? by zippthorne · · Score: 3, Insightful

      It's not the wire that's expensive, it's the holes. In fact, those aren't even the expensive bit. It's the properly out-of-the way and invisible that's expensive.

      --
      Can you be Even More Awesome?!
    6. Re:Can ARC4 be used properly at all? by Belial6 · · Score: 5, Insightful

      I agree with you. That is why I really annoys me that in this day and age, builders are still not putting conduit in walls during construction. I understand a 20 year old house not having conduit in the walls. I can even understand a 10 year old house not having conduit, but any house built in the last 5 years should have conduit to every room. We already know that whatever is in the walls today will be inadequate in another 10 years.

    7. Re:Can ARC4 be used properly at all? by linuxmop · · Score: 4, Informative

      Wireless encryption is (often) implemented in hardware because encryption is expensive to perform. This is especially true on embedded platforms like the DS.

      However, you can apparently upgrade your DS to support WPA with a hacked firmware. It's not clear from the page, but I am fairly sure that it only supports TKIP encryption and not AES since, like WEP, TKIP uses RC4 so does not require a hardware upgrade. It does, however, solve the initialization vector problems of WEP that another poster mentioned; as far as I know, TKIP has not been broken.

      Moral? If you're still using WEP, update your drivers and firmware and you may be able to get TKIP WPA and get those pesky neighbors off of your connection.

    8. Re:Can ARC4 be used properly at all? by valkraider · · Score: 5, Insightful

      Unless you live in an apartment, this is not remotely true. Running your own wires is, well, trivial unless you are physically disabled in some significant way.

      Uhmm, methinks you have not actually done this much... Or at least not in many houses.

      Things like lath&plaster, plumbing, strange placement of studs, lack of crawlspaces, windows, carpet, laminates, tile, doors, fireplaces, and foundations - all sorts of stuff really makes it not, well, trivial.
    9. Re:Can ARC4 be used properly at all? by spun · · Score: 4, Funny

      Thank you! It's not as trivial as the GP makes it sound at all. I had a buddy who drilled through a wall and straight into the mains once. Yeah, that's it, a buddy of mine. Not me. Really, I'd never be that dumb.

      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
    10. Re:Can ARC4 be used properly at all? by kakos · · Score: 5, Insightful

      Get a clue. The weakness in WEP has everything to do with a vulnerability in RC4 (specifically this one). The vulnerability is due to the fact that there is a weakness in RC4's key scheduling algorithm that allows an attacker to obtain the whole key from only a very few bits that just happen to be in the first 24-bits of the key. Since the IV does repeat, it is easy to obtain packets with the weak key bits. However, if WEP did not use RC4, that vulnerability wouldn't be there and you couldn't break WEP using that attack.

    11. Re:Can ARC4 be used properly at all? by rossz · · Score: 5, Insightful

      You've obviously have never been married.

      --
      -- Will program for bandwidth
    12. Re:Can ARC4 be used properly at all? by dotgain · · Score: 4, Informative

      Ethernet max segment length is 100 metres, not feet.

    13. Re:Can ARC4 be used properly at all? by failedlogic · · Score: 2, Informative

      About 5 years ago when I worked for sales at a cable company, a mid to large size home builder told me every house he was building would have Cat-5 in every room of the house with a wall jack. He didn't care if the room was the laundry, the basement, the attic (ok, attic I'm exaggerating) but he was serious about it. I think he was one of the first builders in my city to do this. I remember his story and then a few years later the larger builders ensued with similar practices. He did similar pre-wiring with the coax cable as well.

      Cabling sucks if you don't have easy access to air returns or the return doesn't go to the right spot. I'm reluctant in any event to use Wi-Lan for anything.

    14. Re:Can ARC4 be used properly at all? by bkgood · · Score: 2, Funny

      I had a buddy who drilled through a wall and straight into the mains once.
      I take it the keyword there is had?
    15. Re:Can ARC4 be used properly at all? by woolio · · Score: 4, Funny

      I had a buddy who drilled through a wall and straight into the mains once.

      Your use of past tense is all the more curious.

    16. Re:Can ARC4 be used properly at all? by dagamer34 · · Score: 2, Insightful

      MAC addresses can easily be spoofed. Get a clue, pal.

    17. Re:Can ARC4 be used properly at all? by Scoth · · Score: 3, Interesting

      My problem is I tend to be a wanderer. I might be surfing the web in my computer room, boot up the laptop and go sit on the couch for awhile and surf while watching the news or something, then go into the bedroom and play a few webgames while my fiancee works on homework, then maybe go sit on the back deck in the evening and get a little extra work done. Short of really long cables, or lots of plugging/unplugging, going wired isn't really practical. Of course, I guess that's what WPA and other better wireless security setups are for, although ideally I'd set up my DD-WRT with the wireless on a different segment. I'll get to it sooner or later. I've mostly made do with frequently rotated and never repeated wep keys, although that was going on the assumption of needing to capture tons of packets to crack it. This new thing throws that a bit out of whack...

    18. Re:Can ARC4 be used properly at all? by Belial6 · · Score: 2, Informative

      The bad news is you are unlikely to find it. The only reason that my house had it, was that I did a complete renovation where I removed all of the sheetrock, AND I planned to live there. Builders don't bother, and few people will cut into every wall of their house. Of the few build it yourself homes out there, most people don't think ahead enough to worry about what cable they will need in 5 years.

      The good news is that Sheetrock is easy to do. If you don't mind fairly major DIY projects, it wouldn't be that hard to tear open a wall, add conduit, and put the wall back. If you plan carefully, you will likely only need to cut into one wall for every two rooms.

    19. Re:Can ARC4 be used properly at all? by Belial6 · · Score: 4, Insightful

      That is a perfect example of what I consider a bad builder. One that is putting in things that are designed to make people THINK they are getting quality, when they really are not. I could care less about Cat-5 and coax, if you just put in a conduit. That builder has already created a situation where the wiring is out dated. Gigabit wants Cat-6. If he had put in conduit, every one of his houses could be rewired by the homeowner with very little fuss. But since the builder didn't care if the house was maintainable, he just slapped in some wire, and sprinted that he did it as a bullet point on the sales sheet. Part of the problem though is that the buyers ooohhh and ahhhh about the cat-5, and don't even think about what they are going to do in a few years.

    20. Re:Can ARC4 be used properly at all? by kd5ujz · · Score: 2, Interesting

      It is not that hard to do without destroying the sheetrock. If you have existing cable, you can attatch a string to the end, pull it up/down into the ceiling/crawlspace, tape on the new cable in the attic/basement, and pull it back down with the string. If you do not have existing cable, you can use paddle bits and bit extenders to get through any cross studs in the wall, then fiberglass rods to fish down through the cross studs. Sometimes you get lucky and there are not any cross studs.

      --
      -William
      God is everything science has yet to explain.
    21. Re:Can ARC4 be used properly at all? by kd5ujz · · Score: 3, Informative

      That is what a stud finder is for. You can locate any kind of copper/steel ( water/gas mains included) so that you dont get a suprise when you go all out with a sawzall.

      --
      -William
      God is everything science has yet to explain.
    22. Re:Can ARC4 be used properly at all? by thealsir · · Score: 5, Insightful

      Common Slashdot Format(TM)

      1. Story posted about $SECURITY_PROTOCOL being broken on $BROKEN_DATE at $SEVERITY
      2. Comments ensue recommending ridiculously complex/impractical solutions (in typical slashdot lore) getting modded up
      3. Comments ensue about how ridiculous and complex those impractical solutions are, getting modded down/up on a 50/50 basis
      4. Actual common-to-do, easy to implement solutions, like the WPA2 in linksys routers, are not discussed or modded
      5. Extreme architecture biases/overall naivete about NO security implementation being completely secure is prevalent in a lot of comments
      6. Sometimes, people come in to right these fallacies in the free market way, by posting.

      Put short, wires are not a solution, no encryption protocol is flawless, the risks/rewards of wireless should be known and the technology should be used accordingly. But improvements in protocol and advancements in technology, especially relatively easy to implement ones, should be emphasized.

      --
      Do not downmod posts "overrated" simply because you disagree with them.
    23. Re:Can ARC4 be used properly at all? by Builder · · Score: 2, Insightful

      How much less could you care ?

    24. Re:Can ARC4 be used properly at all? by Tsagadai · · Score: 2, Funny

      Sadly that is a very good point. After I get married, this fine desktop will probably be going wireless. Luckily when I want to play Warcraft, she'll probably be out, and I can get out my CAT5 cable.
      Giggity
    25. Re:Can ARC4 be used properly at all? by evilbessie · · Score: 2, Insightful

      Um no, gigabit networks need Cat-5E not necessarily Cat-6, most Cat-5 is actually Cat-5E these days anyway, although I would still check you are using Cat-5E if you need gigabit.

  2. Who even still users WEP? by RedElf · · Score: 2

    Hasn't most everyone moved to WPA-PSK by now?

    --
    You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads!
    1. Re:Who even still users WEP? by Knara · · Score: 4, Insightful

      No. Even a cursory glance at your laptop next time you are in a commercial parking lot will tell you that (or at an apartment complex).

    2. Re:Who even still users WEP? by ukatoton · · Score: 5, Insightful

      2 words: Legacy Hardware I have 2 computers in my house with cards that don't support WPA. If I were to set my router to run with WPA, then my sister would not be able to connect to the network. If i told her the security implications, she wouldn't understand nor care. Upgrading the network would mean me footing the bill for new wireless cards unless I can convince my dad that there is a real reason to upgrade to better security. However, this is unlikely.

    3. Re:Who even still users WEP? by Southpaw018 · · Score: 3, Informative

      Unfortunately, Nintendo has outright refused to support WPA on the DS. Those who use the DS online regularly must either fall back to WPA or resort to completely unsecured communication. Or change their router's settings every single time they want to play online.

      Nintendo's response to this is, last I checked, "well, disable WEP and then turn off your computer," which is obviously ridiculous.

      --
      ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
    4. Re:Who even still users WEP? by jrumney · · Score: 2, Insightful

      All my pieces of wifi equipment but one support WPA-PSK, but it only takes one piece of equipment to tie me to WEP.

    5. Re:Who even still users WEP? by zippthorne · · Score: 2, Insightful

      It's faster than his Internet connection, which apparently is a cable modem. No need to go significantly faster than the main bottleneck. Especially if the LAN is mostly used to share the WAN anyway.

      --
      Can you be Even More Awesome?!
    6. Re:Who even still users WEP? by drinkypoo · · Score: 4, Insightful

      So.. your answer is "people who don't upgrade." Not to sound discriminatory, but I'm pretty sure he wasn't including you in the question, much the way when I say "Who doesn't run a firewall?" I'm not including people who still use C64s. Talk to us again when all your hardware supports WPA, but you still use WEP anyway.

      Well, that was an incredibly arrogant response from someone who refuses to examine reality.

      How many environments are you familiar with in which everything is always upgraded all at the same time, in which all of the hardware works the first time, and in which you never become dependent on a legacy product for any length of time?

      Here in the really real world, we often have reasons to utilize legacy hardware. What if I've got one of those $1500 bar code scanner boxes and it doesn't support WPA and there's no upgrade to provide it? Am I going to spend $1600 for this year's model with two more buttons and WPA support? Or am I going to keep using this device as long as I think I can get away with it? What if I don't have budget to buy a replacement? What if it's not even my decision?

      Like I said, here in the real world, we often have to use suboptimal equipment. And I assure you that huge numbers of corporations, including those amongst the fortune whatever, are still using wifi gear with no WPA support on a daily basis.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    7. Re:Who even still users WEP? by Zadaz · · Score: 2, Informative

      I live in downtown San Francisco. If I put my laptop in my kitchen window I can pick up 46 wireless networks.

      2 of them are WPA-PSK (including mine)
      12 of the are unsecured.
      The rest are WEP.

      7 of the WEP encrypted ones are the DSL router/wireless access point that AT&T hands out. As far as I can tell this piece of hardware can't be configured in any way, can't even change your WEP key.

    8. Re:Who even still users WEP? by eclectro · · Score: 5, Funny

      unless I can convince my dad that there is a real reason to upgrade to better security.

      Is your sister cute? Does she have pictures of herself on her computer?

      --
      Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
    9. Re:Who even still users WEP? by JWW · · Score: 3, Insightful

      Hell, out of 5 wireless networks I can "see" from my house, two have no encryption on whatsoever.

      I mean, no matter how bad WEP is, you'll never be able to hack into a WEP network as fast as you can an open one.

      It may be where I live, but around town there are open networks virtually EVERYWHERE.

    10. Re:Who even still users WEP? by Technician · · Score: 4, Interesting

      No. Even a cursory glance at your laptop next time you are in a commercial parking lot will tell you that (or at an apartment complex).

      No. We use some prety antique hardware (laptop with embedded 11b no WPA). We are fairly remote so the number of potential attackers is pretty slim. To discourage them, DHCP is truned on. The DHCP range is blocked from the gateway by access control. To get a leachable connection, you will need to spoof a MAC address, use a fixed IP address, and hope we are not online at the moment. A conflict will be noticed.

      We don't need a hack proof wireless. We just need to be more difficult than our neighbors.

      --
      The truth shall set you free!
    11. Re:Who even still users WEP? by nutshell42 · · Score: 3, Interesting
      Well, from a legal POV the plausible deniability an unsecured WLAN offers is quite tempting.

      As long as you secure your computers and data (and if you're not charged by the GB), it's really useful to be able to tell the judge that it was teH h4X0rZz when the RIAA rings at your door.

      --
      Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
    12. Re:Who even still users WEP? by ZDRuX · · Score: 3, Funny

      You still live with your parents?!.. Hahaha, you're such a lo.. Wait a minute, so do I!.. fuck.

      --
      The magical number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    13. Re:Who even still users WEP? by dotgain · · Score: 2, Funny
      Congratulations!

      You've missed the point several by orders of magnitude more than I have ever seen on /. before! In fact, if the point were to travel at the speed of light it probably won't hit you until we're talking about WPA+PSK being broken in minutes.

    14. Re:Who even still users WEP? by adolf · · Score: 2, Interesting

      No, sir. Nobody would ever suggest that you replace your fleet of $1.5k bar code readers just because someone has finally found WEP to be trivially easy to break. It's your network; open it to the world at your own peril.

      Instead, I offer this suggestion: Stop using the old scanners, and go back to whatever system you were using before you decided that wireless bar code readers were Teh Way to Maximum Synergistic Productivity through Leveraged Asset Management and Total Quality Control. Use that old system for a few weeks.

      After that, reevaluate whether the additional $1.6k for WPA-supporting scanners is in order. If it's still too expensive, you don't need it.

      Hope this helps...

      --
      Kid-proof tablet..
    15. Re:Who even still users WEP? by The+One+and+Only · · Score: 2, Funny

      People in the ghetto don't have wireless networks, and if they do, they're not smart enough to secure them?

      --
      In Repressive Burma, it's not just your connection that dies. slashdot.org/comments.pl?sid=314547&cid=20819199
    16. Re:Who even still users WEP? by plover · · Score: 2, Interesting
      A corporation with 10,000 WEP-only devices deployed to 2,000 field locations would love to switch to WPA, but that's not always immediately possible for financial reasons. Let's say that one device costs $2,000 dollars to replace (custom hardware,) and each field location requires the upgrade of perhaps a dozen old access points, each one costing say $500 plus the average installation labor of about $1,000 each. So that's $20 million for device costs, plus another $36 million to secure the access points. I don't care how big your company is, you don't tap $56 million from the budget without some serious planning.

      When a corporation initially buys equipment, they go for whatever is available and makes sense at the time, and they plan for an expected lifetime of the equipment. When those access points were installed, WPA wasn't on the horizon and security wasn't a top issue, and they may have budgeted for an expected lifetime of 15 years. Just as the rollout of all this infrastructure is finishing up, some researcher announces WEP is cracked. Think about the manager who has to go back to the board of directors asking for an extra $56 million to replace all that brand new equipment because the encryption now has the wrong three letters. Even if the board doesn't fire the manager on the spot for being short-sighted, money for the replacement project is not going to come quickly, I tell you that.

      As long as it's not 100% replaced, you're flapping in the breeze. Your only answer is to secure the network behind the access points (a good idea in any case,) secure the device's applications as best as you can, and hold your breath until the money arrives and the old gear is replaced.

      It may be the cost of doing business, but it's still pretty high in some cases.

      --
      John
  3. Back in the courtroom by Nom+du+Keyboard · · Score: 5, Funny
    Your Honor, I was using WEP on my Linksys when the RIAA claimed their agents, Media Sentry, claimed that my IP address was involved in illegal filesharing. I was taking the best precautions my poor little 802.11b router can handle. Allow me to now introduce a paper here explaining how my system can be broken by the average desktop computer in less than a minute.

    Case Dismissed!

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
    1. Re:Back in the courtroom by TheGratefulNet · · Score: 3, Insightful

      its modded as funny BUT its a VERY valid defense, I would think (ianal).

      there is significant doubt as to who the user of a wireless lan really is.

      in fact, it now makes sense to DOWNGRADE wireless AP's due to this...

      (and then just run ssh on top of it, for sessions that truly need privacy).

      --

      --
      "It is now safe to switch off your computer."
    2. Re:Back in the courtroom by dissy · · Score: 2, Interesting

      Shame about the file fragments (or whole files) they'll find on your harddrive.. which the court will compell you to produce to a forensic expert. You're better off planting a worm infection on your computer.. then claim you were part of a botnet.

      Totally valid point. One of the main reasons you should stay under the radar and not get a finger pointed at you if at all possible.

      While excuses such as 'someone was on my wireless' are totally valid, the court will indeed check your systems, and once they find the files in question, add one purgery charge if you attempted to use that wireless excuse.

      Alot more care needs to be taken to hide ALL of your downloads of that nature. Warez, music, video, everything.

      Encrypted disks will be found, and now it's up to a judge to choose between your excuse why you can't show the court whats in it, and the FUD the procecuter will throw out.

      Hiding your data on removable media (disk or otherwise) or even hidden systems, still seems like it would rely on luck of them not being found (Remember, in the USA, its quite possible for a raid first, sue later, depending on the source of the files. Alot more likely in massive busts than simple riaa/mpaa auto-lawsuits thou.)

      Even your work infection idea isnt too good in all cases. "Yes your honor, we believe the computer was infected and part of a botnet.. so those files were put there by some hacker. The defendant just found them and played the music and watched the videos.. er, i mean the hacker somehow loaded them to the video player cache.. er, i mean the hacker must have gotten into his set top box and streamed media there too..."

      Most patterns of usage of those types of files will not match what a botnet/trojan would do with them.

      Making this type of attack public is Great for ppl who really didn't commit a crime and their wireless was used by someone else to do it. One less seeming item of proof to use aginst them.

      But for the people really breaking the law and trying to lie about it after getting caught, you will need aLOT more planning to go into your excuse(s), and enough mucking with your system to hide things that it will not be convienent at all to use your pirated booty.

      Of course that call is up to you.
      But if you are breaking the current laws, don't expect this one thing alone to help you out much if at all if you get caught.

  4. Does this still depend on weak IVs? by Zarhan · · Score: 3, Interesting

    For some reason I can't get the paper to load, but anyway, does this still depend on weak initialization vectors?

    I know that the original attack did depend on that, and most software and basestations have since been configured to avoid those weak IVs. I know that some stuff (like Nokia's basestations) are still weak agains the original attack (at least when tested with Kismet), however, against Cisco Aironets and almost any newer hardware I haven't been able to see this weakness in action when trying out if it really works...

    (Terabeam uses the term "WEPPlus" about this - see http://www.terabeam.com/solutions/whitepapers/wep- plus.php )

    Anyway, if this is just extension of the original attack, then it still requires those weak IVs to exist.

    Or is it something completely new?

    1. Re:Does this still depend on weak IVs? by tbo · · Score: 4, Informative

      For some reason I can't get the paper to load, but anyway, does this still depend on weak initialization vectors?

      According to the article, the attack does not require weak IVs. They haven't actually tested against WEPplus, but expect the attack to still work against it. In other words, WEP in all its forms is now nothing more than an electronic "No trespassing sign" and 3-foot fence.

  5. What about 64 and 128 bit? by andy55 · · Score: 3, Interesting

    This may be a dumb question, but why does TFA only refer to 40 and 104 bit WEP when the more common variants seem to be 64 and 128 bits?

    --
    G-Force music visualization
    1. Re:What about 64 and 128 bit? by !ramirez · · Score: 4, Informative

      Because there's a 24-bit IV, or initialization vector, that is not strictly considered part of the keyspace.

    2. Re:What about 64 and 128 bit? by Galaga88 · · Score: 3, Informative

      Not a stupid question, a good question.

      WEP uses a 24 bit initialization vector, and the rest is left for the actual key. So 40 bit = 64 bit - 24 bit IV. Same for 128 = 104. People just use the terms interchangably (for better or for worse).

  6. No problem for me by NotFamous · · Score: 5, Funny

    I use 56-bit WEP and I've never had.... ATTN: YOU HAVE WON THE IRISH LOTTERY PLEASE respons immediately to... ...so I don't see why it is a big deal?

    --
    Some settling may occur during posting.
  7. Today on duh news. by kinglink · · Score: 4, Funny

    WEP insecure! Coming up at 6PM Bill Gates still really really rich.

  8. Corporate Greed by Lead+Butthead · · Score: 5, Informative

    My understanding is that it should be easy enough to implement WPA on older (.11a/b) hardware, but companies much rather sell end user new hardware (.11g etc.) than spending development time to upgrade old hardware (that does not generate additional revenue.) This is evident in that Apple's old AirPort (.11b) does support WPA but other venders' (that would include YOU, Linksys) old .11a/b products do not.

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
    1. Re:Corporate Greed by Anti_Climax · · Score: 2, Informative

      Prism Based 802.11b adapters (sold under Lucent, Orinoco, Conexant, 2wire, Dell, ZCom and several other names) support WPA with a proper driver. I'm not sure if it's the full AES WPA or if it's just TKIP. TKIP may be subject to a similar attack as mentioned by a previous poster. It is my understanding that unless the adapter was built with a fair amount of extra capability, WPA AES is not an option.

      --
      Even people that believe in pre-destiny look both ways before crossing the street.
    2. Re:Corporate Greed by poopdeville · · Score: 2, Informative

      TKIP may be subject to a similar attack as mentioned by a previous poster.

      It is in principle, but not in practice. Think of WPA TKIP as a strengthened WEP. They both even use the same encryption schemes. But the vulnerability that affects WEP isn't present in WPA TKIP because TKIP is designed to change keys every 10,000 or so packets. Since you need about two orders of magnitude as many unique IV's to crack this encryption scheme in a reasonable amount of time, you're safe.

      --
      After all, I am strangely colored.
  9. Re:Nice try but... by wolrahnaes · · Score: 4, Informative

    WPA "cracks" are all just brute force, which you could also do with WEP and any other encryption algorithm. It just takes fucking forever (assuming the user chose a key that was more than just a dictionary word). These WEP attacks are actually flaws in the design of the system which allow you to crack a key many times faster than brute force.

    Rainbow tables, dictionaries, and the like are all just variations on brute force. They accelerate the process, but either way you're not actually breaking the encryption but instead using a crapload of processor power to try one key after another until you hit the right one.

    Saying WPA is insecure because there is a brute force tool for it is like saying the a lock is insecure because I could go and start trying combinations. 1-1-1....1-1-2....1-1-3.........

    --
    I used to get high on life, but I developed a tolerance. Now I need something stronger.
  10. 10 minutes, 1 minute... no big deal by geekinaseat · · Score: 3, Interesting

    This isn't really news. It's pretty smart that they have managed to crack WEP with so few IVs (it usually takes about 200,000 for 64bit and just under a million for 128bit) but in reality this doesn't change (or expose) WEPs inherent vuneribilities at all, for example I am currently doing my dissertation on wireless security and in tests WEP64 on average can be cracked in about 3 minutes and WEP128 in about 10 minutes so getting this down to a minute doesn't really change the fact that a hacker could capture enough packets simply by hanging around and drinking a coffee using the "old" tools.

    An interesting sidenote is that the amount of time a hacker needs to be near a target WLAN for WPA-PSK is measured in seconds making it much more insecure if it has a weak passphrase than WEP is even now with crack times under a minute.

    Please if you want a secure home wireless network choose WPA-PSK and make the passphrase as long and as abstract as possible, nothing else is safe -and if you have the cash... buy a radius server

    1. Re:10 minutes, 1 minute... no big deal by Rick17JJ · · Score: 2, Interesting

      For my computers at home, I used the "Perfect Password Generator" that is on the grc.com web page to generate the longest most random possible WPA password. Each time I visit that web page a different a password is generated. I then placed the password on a USB key and transfered the password to both of my computers and the wireless router. I then cut and pasted the password instead of trying to type the huge password. For the extra paranoid, slicing and dicing and mixing up the long password that is generated could also done as an extra precaution, although the password did come from a secure website at a security oriented web page.

      Perfect Passwords

  11. The most obvoius solution. by Randseed · · Score: 2, Insightful
    The most obvious solution is to have each machine that connects over wireless use a VPN. Everything coming in over anything other than the VPN is discarded.

    Since this is Slashdot, I request a community service: Come up with a script/whatever where this is simple.

  12. Re:Securing a wireless router and using the NDS... by MS-06FZ · · Score: 2, Interesting

    So, for instance, the laptops of the house would all use WPA and the NDS would use WEP?

    That wouldn't really increase the overall security of the network. If somebody wanted to break in, he'd just crack the WEP encryption.. I am aware of that flaw. However, I'm attempting to make the best of a bad situation - a perfect solution is not possible.

    The idea is that by having the NDS and only the NDS use WEP, the opportunities for sniffing WEP packets will be limited to those times when someone's accessing the network with an NDS - as opposed to when one of our unwired computers is on (and presumably doing some net activity, either in the foreground or background), which is pretty much all the time. So if someone wanted to break in, they'd need to find out when I play Mario Kart, and do it then. Still quite feasible, but the vast majority of wireless network traffic in the household would not be using WEP, and most of the time there'd just be no WEP traffic to monitor, no WEP packets to request resend of, etc.

    And then, also, there's the maintenance issues of that setup: if I monitor the activity over the WEP from time to time and want to update the key or block out WEP for a while, or do something else to shake off freeloaders - only the NDS would be affected. The laptops and such would go on happily using WPA, which is at least reasonably secure.

    So, again, my question is not "is this setup secure?", it's "is this setup possible?" Or would the separate control of access methods require a separate set of hardware?
    --
    ---GEC
    I'm but the humble pupil, seeking to snatch the scratchbuilt pebble from the master's fully articulated hand
  13. Conduit by xquercus · · Score: 3, Insightful

    The only real conduit one needs in a house are a crawlspace and an attic.

  14. Broken Even Worse?! by Seumas · · Score: 5, Funny

    Slashdot editors suck at grammar. Obviously, the words they were looking for was supposed to be more brokener.

  15. Re:Simple, cheap, easy solution by tonywong · · Score: 2, Funny

    Wireless Total Price: $80
    CAT5 Total Price*: $393

    Having your network compromised and your identity stolen: Priceless

  16. Easily spoofed. by codergeek42 · · Score: 2, Informative

    This will help, sure, and be quite a detriment (since hackers will then need to figure out one more detail before being able to own your wireless network); but the fact remains that thanks to things like macchanger and other utilities, a MAC address can be very easily spoofed.

    Plus, once an attacker has enough packets, he or she can divulge the necessary MAC address from those packet headers, so it's not really as great an aide as many claim...

  17. Re:Mac Filtering ! by Anonymous Coward · · Score: 3, Informative

    From Wireless LAN security hall of shame:

    "MAC filtering: This is like handing a security guard a pad of paper with a list of names. Then when someone comes up to the door and wants entry, the security guard looks at the person's name tag and compares it to his list of names and determines whether to open the door or not. Do you see a problem here? All someone needs to do is watch an authorized person go in and forge a name tag with that person's name. The comparison to a wireless LAN here is that the name tag is the MAC address. The MAC address is just a 12 digit long HEX number that can be viewed in clear text with a sniffer. A sniffer to a hacker is like a hammer to a carpenter except the sniffer is free. Once the MAC address is seen in the clear, it takes about 10 seconds to cut-paste a legitimate MAC address in to the wireless Ethernet adapter settings and the whole scheme is defeated. MAC filtering is absolutely worthless since it is one of the easiest schemes to attack. The shocking thing is that so many large organizations still waste the time to implement these things. The bottom line is, MAC filtering takes the most effort to manage with zero ROI (return on investment) in terms of security gain."