WPA Encryption Cracked In 60 Seconds

carusoj writes "Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level. The earlier attack worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm."

Re:Cool

[MooseMuffin]

You'll be able to provide more free wireless too!

The rat race continues..

[simp]

The question is can anything be secure in the long term if an attacker can monitor the conversation between alice and bob 24/7? Sometimes a bit of obscurity can go a long way. Good luck trying to sniff my shielded network cables. Yes, I've heard the tempest stories but I'm jumping to the conclusion that those techniques are only available to big $$ governements institutions and are not used by the random drive-by hacker (yet..)

Re:The rat race continues..

[ChrisMounce]

I'm not sure if you're calling shielded cables an example of security through obscurity, but if you did, they're not.

Knowing exactly how your cables are shielded doesn't help me snoop on anything passing through those cables.

Re:The rat race continues..

[Lord+Ender]

That's not a very intelligent question. Obviously, OTP can be secure in the long term for any definition of long term. Public key cryptography has always been secure, and probably will be until really really good quantum computers are developed. Symmetric key crypto is as secure as ever, and there's no indication this will change soon. Some cryptographic hash algorithms are less useful today, but most are still more than good enough.

So, yes, crypto can certainly be "secure" in the long term. Protocols with design flaws (like WPA-TKIP) will never be secure. The more "obscure" the protocol, the more likely it is to be insecure, as it won't benefit from peer review.

Re:The rat race continues..

[Lord+Ender]

Actually, it is a mathematical fact that OTP is perfectly unbreakable. P=NP doesn't enter into it.

Re:The rat race continues..

[gclef]

Oh, fer crying out loud, if you're going to use wikipedia notation, at least *check* wikipedia first:

The Vernam-Mauborgne one-time pad was recognized early on as difficult to break, but its special status was only established by Claude Shannon some 25 years later. He proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext

Re:The rat race continues..

[JoshuaZ]

The original question was "The question is can anything be secure in the long term if an attacker can monitor the conversation between alice and bob 24/7?" Presumably then you eventually run out of one time pads. OTP is secure iff you have either a shared source of randomness or have some other secure channel to transmit the material. And if you have a shared source of randomness you need then to have that source somehow secure. There are good reasons we don't use one time pads on a daily basis.

Re:The rat race continues..

[Chris+Burke]

No, you can't guarantee it's secure.

I meant what I said and I said what I meant.

A perfect implementation with a mathematically secure algorithm can be broken over time.

You're absolutely right, over an arbitrary amount of time it can be broken. But you can make make mathematical statements about the average complexity of doing so. You can then get a good idea of what key size you need to make it secure in the long term for whatever definition of "long term" suits your purpose, just by making a few basic assumptions such as...

You can't be sure that the government doesn't have a quantum computer ready to crack your shit. You can't be sure the space aliens aren't monitoring you.

Or that the government has doesn't psychics reading the password from my mind. Or that I don't live in The Matrix. Or that I'm not already dead!

But seriously, there's very little chance the government is sitting on giant quantum computers. The Manhatten Project was long ago. The government may still be a place where projects guilt built that push the envelope of technology, but it's really just combining existing tech with a large budget. The state of the art in materials science, fabrication, and computing technology is in private industry and universities, as is the engineering required. It's not a matter of budget or will that's keeping quantum computers big enough to rapidly crack the best public key crypto from being built tomorrow; mega-cheese is already being spent on the problem. There's just going to be a lot of time going into this research.

So, if I could mathematically guarantee it'll take on average thousands of years with today's technology to break some encryption even assuming continuing exponential growth, would you say that encryption is secure against that technology? It make only take decades for the next quantum leap (ironic pun because quantums are small) in technology to come around, but what secret are you keeping that someone will have snooped on and then kept around for 20 years hoping quantum computers would come around to let them read it, yet that you're sending over the internet so it gets snooped in the first place. Hell even national security/political secrets aren't that sensitive and they at least exercise physical security as well. Since we already know of algorithms that are similarly secure against quantum computers, isn't having however many years or decades of knowing your secret is safe enough when you can switch as soon as it is necessary?

Let me put it this way: I may not be able to guarantee in the sense of ensure, but I would be happy to insure the security of certain algorithms for a reasonable monthly premium. :)

You can't even be sure your hat is made of genuine tin foil!

Oh, but now there you're just wrong. I have ensured that my hat is genuine tin foil through neural-quantum scanning ('psychic transmutation' for laymen). And here, I mean my tinfoil hat is genuine both in the sense of being absolutely pure elemental tin and in the sense of being extremely sincere.

If the government could defeat that... Well then believe me, they would not be trying so hard to find and stop me, nor would they be failing so badly.

Re:Secure protocols for home wifi?

[Mad+Merlin]

Wired ethernet. Not only is it vastly more secure, it's also an order of magnitude or two faster than wireless.

Re:Secure protocols for home wifi?

[pantherace]

I challenge you to show me a consumer available wireless that actually runs at 1 gigabit.

Re:How does the VPN help?

[NitroWolf]

Are you *positive* that the VPN connection is uncrackable? If it's going over wireless, then if someone is recording the cyphertext, they will be able to recover the VPN cyphertext out of the WPA cyphertext. If they then know of a way to recover the 'cleartext' from the VPN cyphertext, then you are still leaking your data. If the VPN system is so secure, why aren't we using it for the wireless connection? That is, make the wireless network a VPN using the same algorithms you use for your VPN?

While I am not commenting on the security or lack of security in a VPN connection, I believe I can answer this. The simple fact is, most routers can't handle the encryption load of a full blown VPN, especially one with multiple users. Even dedicated routers that are made to handle this can only handle 5 or 10 at a time until you start plopping down the big bucks for the serious VPN routers.

So using VPN level of encryption on a home router is not going to happen until processing power is increased dramatically on the cheap CPUs they use.

Re:Secure protocols for home wifi?

[John+Hasler]

> They do not work on...

Yet.

Re:Wardriving?

Old?

Wardriving happens more now than it ever did.

Re:How about free secure wireless?

How is manually entering a MAC address into your router's configuration easier than entering a password into your friend's laptop?
IMHO that's *more* work, and does not even quality being called "not much security", it's none at all. MAC access lists don't even qualify as a security mechanism.

WPA2-AES is good. Use it.

Re:Experiences

[krenaud]

What? A 7 year old Linksys WRT54G can handle 24-30Mbps with AES encryption, current versions are even faster, and if you choose wisely you can find 80-90Mbps home routers from Dlink/Netgear today.

These routers are more than adequate for more than "light surfing".

Re:How about free secure wireless?

[Jurily]

As they say, locks are only good for honest people.

The main reason you want a strong lock is not because they're unbreakable, but because your neighbor should be the easier target.

Re:mac address whitelist filters?

[CrashandDie]

Because they are transmitted bright and clear all over the place? Whitelisting the authorised MAC addresses assumes that you do not trust the encryption (or there is none). If you assume the encryption is broken, you assume anyone can listen to the network and intercept any and all MAC addresses being transmitted (in [nearly?] every single packet).

Re:It wasn't broken

They've found a way to decrypt TINY packets only a few bytes long (like ARP) and inject fake ones of the same length.

So no real traffic sniffing, and definitely no WPA key recovery.

I cant see really how this would be a useful tool in aircrack as you have no way of doing anything else with the network!

Re:How Long?

You are a waste of time, and those that modded you up are too. If all you have to say is RTFM, then don't say anything at all ass hole.

Re:Cool

[Shakrai]

Mac address whitelists are a waste of time. Anyone who is competent can just monitor your network long enough to discover the mac address of a trusted device and switch his device to that address. Anyone who isn't competent isn't going to be able to bypass WPA.

If you want to get really paranoid you can back up your encryption with a non-permissive firewall that will only pass traffic for your device after you authenticate with it somehow. I used to do this back in the days when WEP was our only option. I ran my network wide open (since WEP is utterly pointless) but had a Linux box setting in front of it that refused to pass traffic unless I authenticated with it.

If you want to get creative you can program the firewall to redirect all unauthenticated http requests to goatse.cx instead of dropping them. That'll teach em to try and mooch off your network without permission ;)

Re:How about free secure wireless?

That's borderline retarded. The security isn't worth a damn and those who bypass it won't even be traceable via their MAC address, because you made them imitate your computer.