Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Real Story On WPA's Flaw

Posted by kdawson on from the calm-down dept.

Glenn Fleishman writes "The reports earlier today on WPA's TKIP key type being cracked were incorrect. I spoke at length with Erik Tews, the joint author of the paper that discloses a checksum weakness in TKIP that allows individual short packets to be decrypted without revealing the TKIP key. I wrote this up for Ars Technica with quite a bit of background on WEP and WPA. Tews's paper, co-written with Martin Beck, whom he credits as discovering and implementing a working crack (in aircrack-ng as a module), describes a way to use a backwards-compatible part of TKIP to exploit a weakness that remains from WEP. ARP packets and similarly short packets can be decoded. Longer packets are likely still safe, and TKIP hasn't been cracked. Don't believe the hype, but the exploit is still notable."

12 of 67 comments (clear)

  1. The boy who cried wolf... by flajann · · Score: 2, Insightful

    Well, really, these stories should be checked out more throughly before publication!!!!

    --
    Ruby Neural Evolution of Augmenting Topologies
    1. Re:The boy who cried wolf... by MasterOfMagic · · Score: 5, Insightful

      This is exactly why the trend of waiting to release news at security conventions is a bad idea. By announcing that there's an exploit but withholding the details, real harm can be done. I understand that security researcher is not a glamorous position (being one myself), and I understand the desire to keep certain details of an exploit under wraps until a vendor fixes them. Ultimately, if you want to wait until the vendor fixes the problem, you do not publish. It's that simple.

      Otherwise you end up with, "omg the sky is falling!11!!!11!1! TKIP sux lol may just use open wifi".

    2. Re:The boy who cried wolf... by flajann · · Score: 2, Insightful

      This is exactly why the trend of waiting to release news at security conventions is a bad idea. By announcing that there's an exploit but withholding the details, real harm can be done. I understand that security researcher is not a glamorous position (being one myself), and I understand the desire to keep certain details of an exploit under wraps until a vendor fixes them. Ultimately, if you want to wait until the vendor fixes the problem, you do not publish. It's that simple.

      Otherwise you end up with, "omg the sky is falling!11!!!11!1! TKIP sux lol may just use open wifi".

      As a user of the technology, and as a technologist who is geared to support the firms I work for, I want the news of a potential exploit that may affect me or my organizations to be presented as soon as possible, so I can take measures before the vendor releases a fix.

      Get the news out on a real exploit out immediately, but make sure it's real.

      --
      Ruby Neural Evolution of Augmenting Topologies
    3. Re:The boy who cried wolf... by hal9000(jr) · · Score: 5, Insightful

      I want the news of a potential exploit that may affect me or my organizations to be presented as soon as possible, so I can take measures before the vendor releases a fix.

      In many cases, knowing about an exploitable vulnerability doesn't mean you can do anything about it. That is the very heart of the full disclosure/responsible disclosure debate.

    4. Re:The boy who cried wolf... by flajann · · Score: 3, Insightful

      I want the news of a potential exploit that may affect me or my organizations to be presented as soon as possible, so I can take measures before the vendor releases a fix. In many cases, knowing about an exploitable vulnerability doesn't mean you can do anything about it. That is the very heart of the full disclosure/responsible disclosure debate.

      There's always something you can do about it -- even if it's a matter of policy vs. technology. Or sometimes there's creative solutions that can be put in place. For instance, if WPA encryption were found to have an actual exploit, you could add an additional encryption layer via VPN or even simply an SSH tunnel. I actually do the latter over the really insecure WEP connections.

      --
      Ruby Neural Evolution of Augmenting Topologies
    5. Re:The boy who cried wolf... by Cowmonaut · · Score: 5, Insightful

      An unknown attack vector is far worse than a known one. If you know where an attack is going to be coming from you have a far better chance of either A) preventing or B) reacting to an attack.

      Knowing is a LOT better than having no idea your system is vulnerable and it getting compromised. Particularly if your job is knowing all you can about security and securing your company's system...

  2. OK, that settles it by ChrisCampbell47 · · Score: 4, Insightful

    OK, that settles it. Ars Technica for the win!

    They've been doing a great job on technical analysis for a long time now ...

    --
    One simple rule for its versus it's
  3. Don't panic, but... by petard · · Score: 5, Insightful

    Attacks only get better, not worse. The right thing to do, IMO, is treat this as a warning. We need to stop trying to concoct schemes that are specific to wifi and just treat wireless media as untrusted. Harden the clients. Don't let them act like they're on a trusted local network until they're on your VPN. Besides getting more thoroughly vetted crypto, this leaves your road warriors in a much better position when they sign on in coffee houses, airports and hotels.

    --
    .sig: file not found
    1. Re:Don't panic, but... by sumdumass · · Score: 2, Insightful

      Finally, some common sense I can agree with.

  4. A crack by ledow · · Score: 5, Insightful

    Yes, it's only a crack, not a collapse. But a crack into which can be inserted the crowbar of, in this case, ARP or DNS spoofing. Enough to force quite a large hole into a wireless network which relies on TKIP. AES is safe, yes, but if your router allows TKIP, this could be quite a large hole... enough to poke a user on the other side to start sending their private traffic across the Internet, other wireless networks, etc. to a third-party IP.

    And it won't be long before that crack becomes a hole big enough to slap the user through. It's not "the sky is falling" but it's a wake up call to people who thought TKIP/WPA was "safe enough" to instead make sure they are using AES with strong keys. Personally, even the school wireless routers that I manage have WPA2, AES with PSK's in the range of 512bytes each. Doing that from the first has bought me a lot of time in which to be secure. However, if I had started slightly earlier with WEP equipment, moved onto WPA as a compatability measure, etc. I might now be in the position where I would need to move again.

    It's right to make a fuss of this. It's wrong to suggest the WPA (or, by unsaid extension) WPA2 are "broken". Even if they were, we have no viable alternative just yet, anyway, so you're stuffed. :-)

    1. Re:A crack by MadMidnightBomber · · Score: 4, Insightful

      It's right to make a fuss of this. It's wrong to suggest the WPA (or, by unsaid extension) WPA2 are "broken". Even if they were, we have no viable alternative just yet, anyway, so you're stuffed. :-)

      Er, they have found a weakness in TKIP in WPA1 which is not present when using WPA2/AES. It covers all this in the Ars Technica article.

      --
      "It doesn't cost enough, and it makes too much sense."
  5. ARSTECH only spits back what others already have by Anonymous Coward · · Score: 2, Insightful

    They have people 'reporting' for them that have no degrees in the computer sciences, nor even certifications in the art & sciences of computing, let alone years to decades of hands on experience in computers in the trenches actually doing the job. Jeremy Reimer being a prime example thereof in fact. This makes them good? I know not. Anyone can re-report what has already been posted up from other sources after all. That does not take brains, nor is it indicative of quality original work either.