WPA Encryption Cracked In 60 Seconds

carusoj writes "Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level. The earlier attack worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm."

Cool

[el_tedward]

So we'll be able to get more free wireless now?

Re:Cool

[MooseMuffin]

You'll be able to provide more free wireless too!

Re:Cool

[godrik]

My wireless network is kept open. I prefer to be sure that it is not safe than believe it is :) BTW, I call it ParasiteNet. :)

Re:Cool

[Lumpy]

I do the same but I have a coovaAP set up for the roaming to snag free WiFi near my home.

Keeps people out of my junk, and I can limit what they can do.

Re:Cool

[Chapter80]

I prefer to be sure that it is not safe than believe it is :)

"I'm safe. My secure wireless router is no where near Japan. There's no way they can pick up signals from me."

(This came from a guy who would only buy American electronics, because he really didn't want to watch Japanese game shows and doesn't speak Japanese, Thai. or Korean.)

Re:Cool

[arkane1234]

I did the same but I had people connecting and saturating the line with torrents. Meh, that got old fast, so with one swoop I locked it down, mac and all.

Re:Cool

[guabah]

Same thing on my side, wired connections are in a VLan separated from the wireless.

Re:Cool

[Shakrai]

Mac address whitelists are a waste of time. Anyone who is competent can just monitor your network long enough to discover the mac address of a trusted device and switch his device to that address. Anyone who isn't competent isn't going to be able to bypass WPA.

If you want to get really paranoid you can back up your encryption with a non-permissive firewall that will only pass traffic for your device after you authenticate with it somehow. I used to do this back in the days when WEP was our only option. I ran my network wide open (since WEP is utterly pointless) but had a Linux box setting in front of it that refused to pass traffic unless I authenticated with it.

If you want to get creative you can program the firewall to redirect all unauthenticated http requests to goatse.cx instead of dropping them. That'll teach em to try and mooch off your network without permission ;)

Re:Cool

[Cruciform]

One of my neighbors has an interesting way of leaving his network open for use. You just have to agree with his point of view.
He named his network for a dot-com that I'd never heard of. So I visited it last night. It turned out to be a fundamentalist islamic website that has a very low opinion of science, evolution, and atheists.
So just for fun I figured I'd try and guess the key to his network.
I debated whether to use "truth" or "allah" for my first attempt.
I settled on 'truth'.
Successful connection on first attempt. I almost wet myself laughing.

And then I disconnected. Because while I think the guy must be an utter moron, I don't intend to use his services for any nefarious purposes, including squishing him.

Re:Cool

[raju1kabir]

Yeah, had similar problems. Eventually I changed it to HTTP-only proxy ("connect" on 443 only) with 128kbps total available to unauthenticated users. Kind of crappy but I figured it was better than nothing.

Re:Cool

[notmyusualnickname]

Ours is 'Honeypot'.

Re:Cool

[Chapter80]

Actually no.

From wikipedia:
About 70% of the people in Taiwan belong to the Hoklo ethnic group and speak both Standard Mandarin (officially recognized by the ROC as the National Language) and Taiwanese Minnan (commonly known as "Taiwanese"

Re:Cool

[Xabraxas]

Actually you should be safe for now unless you have a weak passphrase. WPA2 with AES hasn't been broken yet.

Slashdot sucks...

[fractalVisionz]

Slashdot sucks, eat my shorts.

(Haha, we broke into your WPA v1, in less than a minute - Japanese Researchers)

Re:Slashdot sucks...

There's a button you can select labeled Post Anonymously. When you make posts such as yours, it's a good idea to select it so you're not actually known to be a douchebag.

Re:Slashdot sucks...

Jokes are supposed to be funny.

Re:Slashdot sucks...

[Duradin]

Your slashdot account is tied to your access point? You might want to look into one of those "password" things.

Wardriving?

[Abreu]

A return to the old wardriving days of yore?

Re:Wardriving?

Old?

Wardriving happens more now than it ever did.

Re:Wardriving?

[macxcool]

I don't know about that. When I scan for WAPs in town I get many that are unsecured. I don't think things have changed all that much.

How Long?

[Rod76]

I wonder how long it will take for this to be integrated into Back|Track?

Re:How Long?

[0100010001010011]

Backtrack really doesn't "do" anything, it's just an awesome integration of separate tools.

aircrack is the base package that would most probably implement this.

Re:How Long?

[Grizzley9]

Are there any good tutorials for BackTrack items? Lifehacker has done a few liveCD showings of it but never explain more than that. Would love to use it more but the lack of documentation and user friendliness leaves me wanting. /not a crypto expert

Re:How Long?

[mftb]

Manpages.

Re:How Long?

[Sir_Lewk]

If you are too oblivious to be able to look up the documentation for whatever individual security tools you want to use, then you probably have no business using them in the first place.

Re:How Long?

[cayenne8]

"Are there any good tutorials for BackTrack items? Lifehacker has done a few liveCD showings of it but never explain more than that. Would love to use it more but the lack of documentation and user friendliness leaves me wanting. /not a crypto expert"

There's tons of info out there.

Heck, start with youtube. Look for an earlier post I did where I threw in a sample link to a video showing SSL MITM and DNS spoofing...

Re:How Long?

[arkane1234]

Dear god man... it's nearly idiot proof if you can read.
It took me an hour to know how to use it, and that was the first time I knew about it.
I'm not a crypto expert either, but your not making the application, your stress testing a wireless network.
Or cracking it.. whichever :)
Burn the cd, boot off of it, and run a couple of the apps with --help. Man them, or whatever.
I did it, forgot about it, and the next time I need to use it I'll do the same...

Re:How Long?

You are a waste of time, and those that modded you up are too. If all you have to say is RTFM, then don't say anything at all ass hole.

Secure protocols for home wifi?

[tacarat]

TFA lists AES. I'm curious what else is considered useful. Anybody using hacked routers to run tomato and the like are very welcome to discuss their security thoughts.

Re:Secure protocols for home wifi?

[Hijacked+Public]

This list is still accurate, if you apply the comment on #4 up to #5 as well.

And run DD-WRT.

Re:Secure protocols for home wifi?

[v1]

It's probably not so much a matter of what base crypto they're using (a la AES, SHA, etc) but how they're implementing the key exchange when negotiating the connection. Implement good crypto wrong and you open the door. Initial negotiations between parties is a tricky, multistep affair for good security, to prevent MITM.

Re:Secure protocols for home wifi?

[Mad+Merlin]

Wired ethernet. Not only is it vastly more secure, it's also an order of magnitude or two faster than wireless.

Re:Secure protocols for home wifi?

[ColdWetDog]

Wired ethernet. Not only is it vastly more secure, it's also an order of magnitude or two faster than wireless.

No wireless? Lame.

Re:Secure protocols for home wifi?

[tacarat]

Very true, but that also defeats the purpose of having a wireless router.

Re:Secure protocols for home wifi?

[SJ2000]

Article:

Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

Re:Secure protocols for home wifi?

[Desler]

Not only is it vastly more secure, it's also an order of magnitude or two faster than wireless.

Really? Please show me this consumer-available wired ethernet that runs at 10 gigabit.

Re:Secure protocols for home wifi?

[pantherace]

I challenge you to show me a consumer available wireless that actually runs at 1 gigabit.

Re:Secure protocols for home wifi?

[Zero__Kelvin]

"Wired ethernet. Not only is it vastly more secure, it's also an order of magnitude or two faster than wireless."

I know! It makes you wonder what reason someone would have for prefering wireless, doesn't it. I mean, I can't think of a single advantage; can you?

For those with Aspergers or other difficulties picking up on these kind of things, I am being completely, 100%, totally, absolutely facetious ;-)

Re:Secure protocols for home wifi?

[John+Hasler]

> They do not work on...

Yet.

Re:Secure protocols for home wifi?

[arminw]

...Wired ethernet...

Except that crawling underneath the house with all the black widow spiders and other biting and stinging critters under there, is something that many people love very much to avoid. If I have to transfer a few gigabytes between computers, and I am in no hurry for that transfer to take place, our use a simple USB drive.

Re:Secure protocols for home wifi?

[sexconker]

Please shoe me this consumer-available wireless router that runs at 1 gigabit.

OR.

It bites both ways.

Re:Secure protocols for home wifi?

[sexconker]

Yet.
We already know AES is under attack. I bet it will fall within 2 years' time.

Re:Secure protocols for home wifi?

[Cyner]

SMC SMC10GPCIE-XFP 10Gbps Ethernet Card, available at NewEgg

Re:Secure protocols for home wifi?

[lgw]

Did you know - the ethernet protocol works on Cat5 cable that hasn't been run past spiders! The spiders are actually deprecated now, sort of like the old vampire taps. Your network is vampire-free, right?

Re:Secure protocols for home wifi?

[Sir_Lewk]

Some people actually do stuff on their LAN.

Re:Secure protocols for home wifi?

[maxume]

Do you mean WPA with AES, or just AES itself?

I'd bet $5 on the latter lasting more than 2 years (depending a little bit on how 'fall' gets defined).

Re:Secure protocols for home wifi?

[dissy]

When your options for your internet connection top out below 10mbps, does it matter that your LAN can only do 22? Or 144?

Yes, it matters.

It might not be needed for you, if all you use your PCs for is to use the internet, but not talk to each other heavily.

Others however have an internal autonomous network of machines that all talk to each other and only occasionally out to the internet.

Running a fileserver to play videos on your multiple entertainment PC devices on TVs, tossing large files around, running onsite+online backups... None of those things need an internet connection at all to do, yet there is a slight noticeable difference between doing them at 11mbit and doing them at 1000.

Re:Secure protocols for home wifi?

[An+ominous+Cow+art]

No spiders? That's madness! Who will fix the Web when it breaks?

Re:Secure protocols for home wifi?

[philmack]

I would say that the gigabit ethernet devices i have are two orders of magnitude faster than my 802.11g network actually performs most of the time.

Unfortunately, those same gigabgit ethernet devices are at least two orders of magnitude faster than the local cable isp on even the very best of days.

~Phil

Re:Secure protocols for home wifi?

[arkane1234]

600 Mbit/s is the net throughput which even before converting to gross throughput only equates to 75MBytes/s. Most harddisks can push 75MBytes/s.
Of course the real world kicks in and the gross throughput always comes in, which will definitely be less than 75MBytes/s.
It is hard to compare wired to wireless since the very transmission methods hamper the ability to run apples to apples. Large compression over wireless doesn't run as well as large compression over wired since the back-end seems to compress on some modules of routers as well. I've ran into this on several occasions. .11G is slow, let's just admit it and move on... 11n is much faster (double faster) as you said. But, the nice thing is that both have a purpose, and can exist together in harmony. There is no "omg, liek we s000 need to liek get rid of wireless" or any such thing. People are just tired of other's trying to say that "the end is neigh" for wired networks. Kind of like saying "the end is neigh" for food since we have pills with the same nutrition.

Re:Secure protocols for home wifi?

[epine]

For those with Aspergers or other difficulties picking up on these kind of things, I am being completely, 100%, totally, absolutely facetious ;-)

Fortunately, it's easy to multitask facetiousness sitting outside on the desk with your laptop and a parasol in your drink.

Few of the reasons for wireless involve a sustained effort to get some real work done, unless your portable setup involves dual displays at eye level with the keyboard at elbow level.

For a lot of people a wireless router is the indoor complement of taking your textbooks on a beach vacation, for those who can't handle being 100% certain which one they're doing.

Re:Secure protocols for home wifi?

[epine]

s/desk/deck

My turlexia is acting up again: replacing current words with prospective future words.

Re:Secure protocols for home wifi?

[bemymonkey]

There's also 300MBit 802.11n wireless - just don't go expecting 300mbps of actual throughput. If it's anything like 802.11g, it'll probably hit 30-60% of that... 10-20% if you're unlucky enough to live in an area so densely populated with WiFi that there's no free non-overlapping frequencies.

Re:Secure protocols for home wifi?

[Vancorps]

There's no mention of how this interacts with 802.1x authentication. For my WIFI network it's WPA with TKIP, but then you have to authenticate before you can talk which requires a certificate be installed on the machine. I have a group policy which grants all domain computers a key which they can't export. It's hard to tell if this extra step makes my wifi world a safer place or if they can just sniff that too.

Of course enough devices support WPA2 with AES now that I can probably switch the private wifi over to it. The real bear becomes providing public wifi for people that come to the office for a visit. Right now I've resorted to just giving them a cable hooked to a public VLAN. Going to have to implement some sort of access controller for them I think with a web portal for company employees to request keys for their guests.

Re:Secure protocols for home wifi?

[owlstead]

"I challenge you to show me an internet connection or even a hard drive that can get anywhere near a gigabit of throughput."

Book a flight to Amsterdam and I'll show you my Intel consumer SSD that runs at 250 MB/s *continuously*. In a cheap laptop with gigabit LAN. Or of course my RAM drive where I unzip movies to.

Besides, there is such a thing called latency, which I like to be low for any kind of application. Speed helps for that.

Re:Secure protocols for home wifi?

[v1]

. I have a group policy which grants all domain computers a key which they can't export.

"which they aren't supposed to export". Client side security is not real security.

Not saying it's going to create a specific problem for you here, just keep that in mind when you read things like that. Never trust the client.

Re:Secure protocols for home wifi?

[kryptKnight]

Wired ethernet. Not only is it vastly more secure, it's also an order of magnitude or two faster than wireless.

Comments like this show up in nearly every thread about wifi, and it's about time people stop modding them up. Ethernet is not a direct substitute for wireless networking. If it was, wifi never would have been invented.

The advantages of wireless are pretty obvious, and the disadvantages are pretty minimal. The 600 Mbits/sec an n-router provides is more than enough for most uses, and most people don't actually need unbreakable encryption.

Of course wired LAN is still relevant, but suggesting everyone revert just because is trite and pointless.

Re:Secure protocols for home wifi?

[TheRaven64]

And how many wired networks actually run at 1Gb/s? When I plug my laptop's GigE wired network port into a 34Gb/s Internet uplink, the bottleneck is my hard drive, not the network connection. Even under optimal conditions, most GigE connections won't hit more than 500Mb/s and under common conditions they're often closer to 200Mb/s.

Re:Secure protocols for home wifi?

[TheRaven64]

Most harddisks can push 75MBytes/s.

Please let me know where you are buying hard disks. I want to put some business their way.

Re:Secure protocols for home wifi?

[marcansoft]

Timing buffered disk reads: 242 MB in 3.00 seconds = 80.65 MB/sec

And this is a *laptop* drive, and not a huge one at that (WD Scorpio Black 320 GB). Large desktop SATA drives average 100MB/s these days and can peak at over 120MB/s.

Re:Secure protocols for home wifi?

[marcansoft]

I doubt it. AES has been under attack ever since it showed up (that's the point). It's held up for 8 years so far and there are still no practical attacks, so it probably won't be practically broken for a long while.

There's a long road from the current attacks on AES to the practical exploitability of something like WEP. WPA TKIP is a hack on top of the WEP algorithm to let old devices get firmware updates to support WPA (it's really just WEP with different key mixing and some extra checks). It's never been a serious contender in my book, and it has already been deprecated for some time. Nothing more than a stopgap solution until devices with AES hardware showed up.

Re:Secure protocols for home wifi?

[centuren]

Wired ethernet. Not only is it vastly more secure, it's also an order of magnitude or two faster than wireless.

Quite inconvenient to set up with my *INSERT WIFI ENABLED SMART PHONE HERE*.

Re:Secure protocols for home wifi?

Tomato handles AES too.

Re:Secure protocols for home wifi?

[SJ2000]

I'm only quoting the article in response to grandparent saying AES was listed, which it wasn't.

Re:Secure protocols for home wifi?

[cjb658]

I always wondered why ethernet always is incremented in powers of 10. Why not 2gbps, 5gbps, etc?

Re:Secure protocols for home wifi?

[mooterSkooter]

Yeah, but I really enjoyed wiring up my house, with the drilling and the cabling and the screwing. It made me feel like a real man.

I later added wireless to the network, purely for my WII because it didn't have an ethernet port on it!

so, uh,

[JeanBaptiste]

where can I procure this to give it a test drive myself?

Re:so, uh,

[rawls]

The original paper is here

I'm safe.

[rawls]

Lucky for me, I use WEP, so I'm safe.

Re:I'm safe.

[HTH+NE1]

It was written for publication by The Maximegalon Institute of Slowly and Painfully Working Out the Surprisingly Obvious.

You don't want to know how the acronym is spelled in the Maximegalon native tongue.

Re:I'm safe.

[Jonwww]

Hopefully WEP 64bit

Re:I'm safe.

[marcansoft]

Tell that to Nintendo, who thoughtfully decided not to implement WPA on the Nintendo DS. Even on the DSi WPA only works for DSi games (of which there are very few). It's ridiculous that WEP-only hardware is still being manufactured and sold to this day.

Re:I'm safe.

[cjb658]

I put WEP on my router. I don't mind people using it, just as long as they're not n00bs.

Re:I'm safe.

[dbIII]

That was one of the things I was going to check out before getting a DSi to replace my DS. It does seem a little bizzare that WPA works in some cases but not others. If the hardware can handle it why not use it to connect to access points?
I wonder if the homebrew community is doing anything with this yet.

Re:I'm safe.

[marcansoft]

Nintendo loves the ancient concept of having games statically link the system libraries and drivers (they still do that, even for the Wii). That's the reason - each WiFi-enabled game includes a copy of the WiFi setup screen and talks directly to the hardware. They've (shortsightedly) defined the DS hardware to support WEP only, and they can't change that now without breaking existing software.

I've already ranted about this before. Basically, Nintendo has locked themselves out of practically any update or improvement on both the DS and Wii fronts. For example, they will never be able to improve upon the Wii home menu, since a copy of it is bundled with every game and they can't replace it. The only exception to this rule are the IOS drivers for Wii titles, which are upgradable, but they make up for that by using retardedly low-level interfaces for them and apparently having policies in place of never touching existing versions of IOS except for security purposes (i.e. closing exploits). This is, say, why a system-level all-game background WiiSpeak VoIP will never, ever happen.

Re:I'm safe.

[catxk]

As long as there is hardware around which only supports WEP (basically, every other laptop produced before 2005) it would be stupid (from a profit/marketing perspective) to sell an access point which does not support WEP.

The rat race continues..

[simp]

The question is can anything be secure in the long term if an attacker can monitor the conversation between alice and bob 24/7? Sometimes a bit of obscurity can go a long way. Good luck trying to sniff my shielded network cables. Yes, I've heard the tempest stories but I'm jumping to the conclusion that those techniques are only available to big $$ governements institutions and are not used by the random drive-by hacker (yet..)

Re:The rat race continues..

[vadim_t]

The question is can anything be secure in the long term if an attacker can monitor the conversation between alice and bob 24/7?

Well, yeah. That's the whole point of protocols like SSL, and tools like GPG. Though they're not magical and you need to pay attention and not blindly click "Ok" to every self-signed cert.

Yes, I've heard the tempest stories but I'm jumping to the conclusion that those techniques are only available to big $$ governements institutions and are not used by the random drive-by hacker (yet..)

From what I heard, TEMPEST is doable on hardware like monitors for very cheap. Your shielded cables aren't going to be much good there, and the keyboard's cable is probably not shielded either. I don't think it's common in wardriving yet, though.

Re:The rat race continues..

[Nerdfest]

You can reduce risk by changing keys regularly, although it's not really necessary for your average wireless user.

Re:The rat race continues..

[ChrisMounce]

I'm not sure if you're calling shielded cables an example of security through obscurity, but if you did, they're not.

Knowing exactly how your cables are shielded doesn't help me snoop on anything passing through those cables.

Re:The rat race continues..

[Lord+Ender]

That's not a very intelligent question. Obviously, OTP can be secure in the long term for any definition of long term. Public key cryptography has always been secure, and probably will be until really really good quantum computers are developed. Symmetric key crypto is as secure as ever, and there's no indication this will change soon. Some cryptographic hash algorithms are less useful today, but most are still more than good enough.

So, yes, crypto can certainly be "secure" in the long term. Protocols with design flaws (like WPA-TKIP) will never be secure. The more "obscure" the protocol, the more likely it is to be insecure, as it won't benefit from peer review.

Re:The rat race continues..

[Chris+Burke]

The question is can anything be secure in the long term if an attacker can monitor the conversation between alice and bob 24/7?

Yes. It's a basic assumption in communication security that your communication medium is insecure and can be monitored or modified at will by an attacker.

You can design an authentication/key exchange protocol so that the only way to access the data is to break the encryption algorithm, or via social engineering.

You can design an encryption algorithm so that it cannot be broken except by a brute force attack in an infeasible amount of time, meaning like 1000 years assuming Moore's Law continues unabated the whole time and major world governments want your data.

It's just a tricky thing to get right. And sometimes (WEP) it seems like they weren't even trying.

Re:The rat race continues..

[JoshuaZ]

We don't know this at all. The relevant issue is whether P=NP. The question roughly asks whether there are problems whose solutions can be verified quickly but cannot have solutions found quickly. No one knows although most people who have thought about it suspect that P is not NP so fundamentally secure encryption is possible by classical means. But someone might find a really clever way of reducing NP problems tomorrow and it would all break down. Note that having quantum computers doesn't necessarily make all classical public key crypto insecure. It does mean that all public key crypto that relies on factoring being difficult will be insecure (since factoring can be done quickly on a quantum computer using Shore's algorithm).

Re:The rat race continues..

[Lord+Ender]

Actually, it is a mathematical fact that OTP is perfectly unbreakable. P=NP doesn't enter into it.

Re:The rat race continues..

[xianthax]

"Shielded Network Cables"

have virtually no impact on emissions from the cable, and do have no impact if your equipment doesn't have shielded connectors which is unlikely, a shield that is not properly grounded will create higher emissions and increase external noise pickup. Shielding on Ethernet cables is to limit noise going into the wire, and is only effective at lower frequencies, its mostly for keeping 50/60Hz mains noise off the wires.

You could install ferrites on the cable to limit common mode noise but i don't see a security benefit to that.

The EM field from a network cable is already _extremely_ low do to it being a differential signal carried on a twisted pair i'd be extremely impressed if you could enough of a field to pick up the differential mode signal without physical contact with the bare wires. if you are getting emissions you are better off solving that problem with higher quality cable with lower resistance copper and tighter / more consistent twists in the pairs. If your getting high emissions your probably having trouble getting data through the cable anyway, if the EM fields aren't canceling you aren't getting a clean differential mode signal out the other end.

Re:The rat race continues..

[Mad+Merlin]

Actually, it is a mathematical fact that OTP is perfectly unbreakable. P=NP doesn't enter into it.

Only with sufficiently good random number generation.

Re:The rat race continues..

[theapeman]

The principles of Public Key Cryptography are still secure (at the moment). But the practice is not. Whatever key size you choose will only be secure for some period of time. Only a few years ago people were using quite short keys (1K bits). These are no longer secure. Anything using such keys can possibly now be broken (with some effort). If you relied on 512 bit keys then your 'long term' has already expired.

Re:The rat race continues..

[sexconker]

BluRay is cracked.
They're in "update ban list, update crack" mode right now, so new titles take a day or two to recrack, but they'll soon have an entire clone of the java vm to completely crack bluray.

StarForce games? Splinter Cell? Son, check the torrents. They're there.

WM DRM hasn't been cracked because you don't need to - you just install the Japanese WMP and away you go! Plus, there's no content provided in WMV format that anyone cares about.

Re:The rat race continues..

[sexconker]

No, you can't guarantee it's secure.

A perfect implementation with a mathematically secure algorithm can be broken over time.

You can't be sure that the government doesn't have a quantum computer ready to crack your shit. You can't be sure the space aliens aren't monitoring you.

You can't even be sure your hat is made of genuine tin foil!

Re:The rat race continues..

[gclef]

Oh, fer crying out loud, if you're going to use wikipedia notation, at least *check* wikipedia first:

The Vernam-Mauborgne one-time pad was recognized early on as difficult to break, but its special status was only established by Claude Shannon some 25 years later. He proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext

Re:The rat race continues..

[Lord+Ender]

True, but for practical purposes, it doesn't even have to be random. It just has to be unpredictable to your attacker ;-)

Re:The rat race continues..

[JoshuaZ]

The original question was "The question is can anything be secure in the long term if an attacker can monitor the conversation between alice and bob 24/7?" Presumably then you eventually run out of one time pads. OTP is secure iff you have either a shared source of randomness or have some other secure channel to transmit the material. And if you have a shared source of randomness you need then to have that source somehow secure. There are good reasons we don't use one time pads on a daily basis.

Re:The rat race continues..

[zlexiss]

So, you use your last OTP encoding to transfer the new set of pads securely?

Re:The rat race continues..

[Lord+Ender]

Fun fact: In one of Vernor Vinge's books, all crypto is cracked, so one of the big-money industries is in shipping OTP datasets across the universe. How cool is that?

Re:The rat race continues..

[JoshuaZ]

Doesn't work. You can't transmit this way more bits than your pad started with. So you end up with just as many bits worth of shared random data that you started with.

Re:The rat race continues..

[HTH+NE1]

You can reduce risk by changing keys regularly, although it's not really necessary for your average wireless user.

I rotate my keys periodically. It helps keep people from figuring out my passwords based on what keys have the most wear.

And not only does it keep touch-typists from using my computer, but I can also type in rot-13 jurarire V jnag.

Re:The rat race continues..

[Lotana]

Now I know exactly what "security by obscurity means. It had previously disembowelled me.

Wow. Must of been quite painful to have your guts removed and survive afterward. To have it done by a concept is even more impressive.

Re:The rat race continues..

[FireFury03]

I have to disagree. When GSM came out, analog phone cloning was a constant threat. However, it has yet to be cracked on any widespread basis. It is a highly closed protocol, and has yet to be truly cracked.

GSM has been cracked in a number of ways. Firstly, it is possible to clone GSM phones. Secondly, GSM's encryption does very little to protect you from a determined eavesdropper because it is trivial for someone to set up a fake base station since GSM phones do nothing to authenticate the base station they are connecting to.

Same with almost any DRM implementation in the past several years. Blu-Ray has yet to be cracked

Most of the DRM systems in use today have been cracked to some extent, including AACS (which is used on BluRay). For a long while AACS has certainly been broken enough to make it useless to prevent copyright infringement; its currently only useful for annoying legitimate consumers who want to exercise their fair use rights.

Windows Media DRM has yet to be cracked after the patch in 2007.

This demonstrates the problem quite well - you have to continually patch the encryption algorithm you use every time someone cracks it. In many systems this simply isn't possible.

One system that springs to mind that has done very well over the years is DVB-CSA, which has existed for 15 years and has been pretty much open for the past 7. The stakes are pretty high for this (think: free access to every subscription TV channel with absolutely no chance of a fix for many years) to be cracked and no one has managed to do it yet despite knowing exactly how the algorithm works.

Security through obscurity works and works well.

Not really, pretty much all the examples you have cited show that security through obscurity fails pretty frequently compared to peer reviewed, well thought out algorithms.

The people who make it just have to know their stuff. If you compare an open cryptosystem to a closed one where the DMCA can be used to smash any and all attempts at breaking it, the closed one (satellite TV is another example) wins every time for long term protection.

I hate to break it to you, but pretty much all the proprietary satellite TV encryption algorithms have been broken to some extent. Many of them have been well and truly broken and can be decrypted entirely in software. Occasionally you come across a system like NDS VideoGuard, which is as well understood as any open system, but appears to be well designed enough that it hasn't been outright broken (the algorithm has been implemented in software, but still needs to talk to a viewing card. The viewing card itself isn't really an example of security through obscurity, just a really good "locked box" to keep the secret keys in).

Over time (often a very short amount of time), any closed system will become as well understood as a open system. So the only way these systems can hope to stand up to attack is through a good design rather than through being kept secret. It is true that some closed systems do have a good design, and becoming well understood hasn't been a problem. However, it is also true that a great many closed systems have a terrible design and become useless as soon as they have been analysed - if you choose a well known, open, peer reviewed algorithm, you have a much better chance of it having a good robust design.

In summary: there is only a very short-term gain in using a closed system over a peer reviewed system, and the long-term risk of using a closed system is much higher.

Re:The rat race continues..

[Chris+Burke]

No, you can't guarantee it's secure.

I meant what I said and I said what I meant.

A perfect implementation with a mathematically secure algorithm can be broken over time.

You're absolutely right, over an arbitrary amount of time it can be broken. But you can make make mathematical statements about the average complexity of doing so. You can then get a good idea of what key size you need to make it secure in the long term for whatever definition of "long term" suits your purpose, just by making a few basic assumptions such as...

You can't be sure that the government doesn't have a quantum computer ready to crack your shit. You can't be sure the space aliens aren't monitoring you.

Or that the government has doesn't psychics reading the password from my mind. Or that I don't live in The Matrix. Or that I'm not already dead!

But seriously, there's very little chance the government is sitting on giant quantum computers. The Manhatten Project was long ago. The government may still be a place where projects guilt built that push the envelope of technology, but it's really just combining existing tech with a large budget. The state of the art in materials science, fabrication, and computing technology is in private industry and universities, as is the engineering required. It's not a matter of budget or will that's keeping quantum computers big enough to rapidly crack the best public key crypto from being built tomorrow; mega-cheese is already being spent on the problem. There's just going to be a lot of time going into this research.

So, if I could mathematically guarantee it'll take on average thousands of years with today's technology to break some encryption even assuming continuing exponential growth, would you say that encryption is secure against that technology? It make only take decades for the next quantum leap (ironic pun because quantums are small) in technology to come around, but what secret are you keeping that someone will have snooped on and then kept around for 20 years hoping quantum computers would come around to let them read it, yet that you're sending over the internet so it gets snooped in the first place. Hell even national security/political secrets aren't that sensitive and they at least exercise physical security as well. Since we already know of algorithms that are similarly secure against quantum computers, isn't having however many years or decades of knowing your secret is safe enough when you can switch as soon as it is necessary?

Let me put it this way: I may not be able to guarantee in the sense of ensure, but I would be happy to insure the security of certain algorithms for a reasonable monthly premium. :)

You can't even be sure your hat is made of genuine tin foil!

Oh, but now there you're just wrong. I have ensured that my hat is genuine tin foil through neural-quantum scanning ('psychic transmutation' for laymen). And here, I mean my tinfoil hat is genuine both in the sense of being absolutely pure elemental tin and in the sense of being extremely sincere.

If the government could defeat that... Well then believe me, they would not be trying so hard to find and stop me, nor would they be failing so badly.

Re:The rat race continues..

[petermgreen]

Indeed, iff the pad is both perfectly random and perfectly protected from exposure then one time pads are perfectly unbreakable.

Both of these issues are problems in reality though,

Firstly you need real randomness for your pad, PRNG output DOES NOT cut it. If you use a PRNG then you effectively have a stream cipher with a key consisting of knowlage of the prng and the seeding information fed to the prng.

Distribution is also a big problem since you need as much key as data you can't use one time pad encryption to distribute your new pads, so you need physically secure communications to transfer the pad.

Re:The rat race continues..

[NoOneInParticular]

Unpredictable is as good a definition of random as any, and probably better than most.

Re:The rat race continues..

[raju1kabir]

Doesn't work. You can't transmit this way more bits than your pad started with. So you end up with just as many bits worth of shared random data that you started with.

Perhaps a naïve question, but if your new set of pads are random and of fixed size (so you don't need header/directory information), why can't you concatenate them, and then re-use your last pad as many times as necessary to transmit the concatenated message? Since the data being sent are random, this re-use shouldn't provide any information about the key.

Re:The rat race continues..

[Sique]

Because then an attacker could then XOR two arbitrary encrypted blocks and thus cancel out the OTP entirely, being left with the XOR of the two plaintext messages, facilitating plain text attacks.

Never ever use a OTP twice, that's why it is called an ONE TIME pad!

Re:The rat race continues..

[raju1kabir]

Because then an attacker could then XOR two arbitrary encrypted blocks and thus cancel out the OTP entirely, being left with the XOR of the two plaintext messages, facilitating plain text attacks.

The "plaintext" messages in this case are random noise. Assuming my random is in fact random, what sort of plaintext attack can be carried out against that?

Re:The rat race continues..

[Sique]

No, they are not. They are an XOR of two plaintext messages. If you XOR it with a part of the known plaintext, it will result in a part of the plaintext of the other message.

Re:The rat race continues..

[Sique]

Or to be more specific:

Let's call the first OTP P1 and the new one P2.

We encrypt Message M1 with P1 by using M1^P1, then we send the new Pad P2 as P1^P2. Finally we send M2 encrypted with P2.

To guess a part of M2 with a known part of M1, you just do:

(M1^P1)^(P1^P2)^(P2^M2), and you get M1^(P1^P1)^(P2^P2)^M2 = M1^M2.

So each part of M1 you already know reveals a part of M2.

Re:The rat race continues..

[sshir]

So, if I could mathematically guarantee it'll take on average thousands of years with today's technology to break some encryption

Where is this coming from? Currently mathematically we can only calculate time of brute force attacks.

That's the thing with crypto - nobody can say if particular (regular, non OTP kind) encryption method is 100% safe. That's why they make them open standards just to make sure that as many people as possible look at them, thus improving chances that algorithm in question does not have flaws.

Again, nobody can be sure that AES, for example, was not broken by some genius sitting in an underground lab somewhere. All we can say is that probability of that is low.

Re:The rat race continues..

[WhiteDragon]

That was A Fire Upon the Deep. One of my favorite books of all time.

Re:The rat race continues..

[raju1kabir]

Gotcha. Makes sense, I should have thought of that.

Time to start working on WPA3?

[JSBiff]

So, does this mean it's time to start working on whatever the replacement will be for WPA2? WPA is broken. . . but at least we can use WPA2 (for now). I'm guessing WPA2 will someday be broken, so we need to have something to replace it which has not (yet) been broken. Seems like wireless security rests on a never-ending game of move the goal, before the goal is reached (where the 'goal' for crackers is to crack the 'current' security protocol).

Although, thinking about this more, it makes me wonder - does anyone ever 'record' encrypted traffic from targets of interest, in the hopes that, maybe right now they can't crack it, but maybe in 2 or 3 years, they'll be able to crack it, and if they have a 'recording' of the cyphertext, which they can later decrypt, they can get possibly interesting info/data (data could very easily still be useful and interesting 3 or 5 years from now, particularly things like state/corporate secrets, but even more mundane info like people's social security numbers, answers to online password 'reset' security questions, etc).

I suppose that if I could think of it, someone else already has, and already is doing it.

So, from that standpoint, even if the security researchers stay 'ahead' of the blackhats, the blackhats can still get useful info within a relatively useful amount of time. Just because you've upgraded to WPA2 or WPA+AES, doesn't mean you're completely protected, if someone snagged encrypted traffic in the past which was 'secured' by TKIP.

Re:Time to start working on WPA3?

[arndawg]

That's why if you have really important information going through the wireless. You either A) Use a VPN tunnel or B) Don't use wireless.

Re:Time to start working on WPA3?

[Nerdfest]

I believe TKIP is used for key exchange. Upgrade to WPA/AES or WPA2 /AES and change your keys.

Re:Time to start working on WPA3?

[owlstead]

Don't forget that both WEP and WPA/TKIP are using proprietary algorithms and stream ciphers. Using proprietary crypto has always been a bad thing, and using it with a stream cipher is worse. WEP/WPA failing so fast does not mean that WPA2 using the much safer AES standard (in a security proven mode) should fail as fast.

If you look at the Wikipedia site you can quickly see that TKIP was implemented for easy upgrades of WEP. Seems they took it a bit too easy.

Re:Time to start working on WPA3?

[smellsofbikes]

Although, thinking about this more, it makes me wonder - does anyone ever 'record' encrypted traffic from targets of interest, in the hopes that, maybe right now they can't crack it, but maybe in 2 or 3 years, they'll be able to crack it, and if they have a 'recording' of the cyphertext, which they can later decrypt, they can get possibly interesting info/data (data could very easily still be useful and interesting 3 or 5 years from now, particularly things like state/corporate secrets, but even more mundane info like people's social security numbers, answers to online password 'reset' security questions, etc).

One of the parts of Neal Stephenson's "Cryptonomicon" I enjoyed the most was when one character sent another character a message encoded with, as I recall, 4096-bit security, and the character receiving it, while his computer was decoding it, went through the mental gymnastics of comparing the speed of prime factoring algorithms, taking into account Moore's Law and how many new computers were coming online, to conclude that whatever was in the message, it was meant to stay secret for at least 40 years, as opposed to the sender's usual 10 year threshold, making the recipient particularly nervous about the contents.

Re:Time to start working on WPA3?

[arminw]

...doesn't mean you're completely protected....

There has never been a lock and there never will be that would keep a determined intruder out of your house or even a safe. Likewise, there will never be a totally secure computer network or any other form of communication. Besides, how many /.ers have information the NSA would spend a lot of money to get? If someone desperately wants to have your personal information, such as your Social Security number and bank data, there are probably many easier ways to get that, than to break into your wireless network and after that into your computer.

Re:Time to start working on WPA3?

[Darinbob]

We knew WPA was broken when it was released. It was inconvenient to wait for better IEEE security standards, so the WPA standardized on what was already implemented (which was still much better than what was out there). Ie, convenience trumps security, because wireless is all about convenience. WPA2 isn't that much better in this regard.

Re:Time to start working on WPA3?

[monkeySauce]

Don't forget that both WEP and WPA/TKIP are using proprietary algorithms and stream ciphers. Using proprietary crypto has always been a bad thing, and using it with a stream cipher is worse.

The real problem with proprietary ciphers is that they are usually secret black boxes. RC4 may be proprietary but it is no more secret than say, CSS. The difference is CSS was revealed to be crap where RC4, even after it was "outed" was found to be pretty decent for its time. I definitely agree that proprietary ciphers that aren't open for review shouldn't be trusted for anything, but that's really not relevant to problems with RC4 in WEP/WPA. RC4 had a good run but is showing its age, so it's time to move on to newer, better ciphers.

If you look at the Wikipedia site you can quickly see that TKIP was implemented for easy upgrades of WEP. Seems they took it a bit too easy.

You call it "easy upgrades" but the point of WPA was to fix the glaring problems with WEP in a way that could be implemented on most existing hardware designed for WEP. It was always meant to be an intermediate solution until that hardware was replaced with newer devices supporting WPA2, etc. If that was too easy, you think they should have skipped WPA and gone right to WPA2, requiring everyone to buy new access points and adapters right away?

In response to GP: you're never "completely protected" no matter what and security is a process not a product. (Meaning; you always have to be working on the next protocol or cipher. The last one will be broken eventually).

Re:Time to start working on WPA3?

[Vellmont]

Seems like wireless security rests on a never-ending game of move the goal, before the goal is reached (where the 'goal' for crackers is to crack the 'current' security protocol).

Not really. WPA relies on the same RC4 algorithm that was used in WEP. WPA on RC4+TKIP was little more than a patch so access points could use the same hardware with a few software modifications. It's been known for years that RC4 is a particularly weak algorithm.

It's possible that AES might someday be cracked. It's possible ANY algorithm might someday be cracked (including anything a VPN or SSL based connection uses). There's really nothing different here between "wireless encryption" and anything else.

People that actually worry about the strength of AES vs 3DES or whatever have missed the point. They're both very strong algorithms. So strong in fact that a real attacker will find a different approach than try to directly break the algorithm. Which do you think is stronger, the locks on your doors, or your encryption algorithm? The point of security is to make something hard enough to not be worth the effort, not to make the system "perfect". Focusing on one aspect of security without looking at the system as a whole as well as the threats is pure folly.

TKIP | AES

[whoisisis]

So, TKIP broken, not AES. Wonder if the WEP AES implementation is broken somehow ?

yep....

[Em+Emalb]

That's why I don't even bother with passwords on my wireless at ... Hello Friends! Please to hand over your credit and debit card informations at this time, I am thanking you not a lot. My name is Desmund Boutrous-Boutrous Gali Johnson IV and I have some news of the not so happy sort. Your uncle, and my business mentor and/or friend, McGuyver has been known to be passed away at this time going forth.

Please to send me monies by any means as possible soonest.

Wamerst thoughts and heated Regards, BBGIV

(that's about how long it would take to crack it. Damn.)

How about free secure wireless?

[TheLink]

But what if I want to provide free AND secure wireless in a user friendly way? What about the people who want to provide free wifi that doesn't allow users to eavesdrop on each other's traffic?

WiFi security is pretty dismal.

There's nothing at the level of https - where users can have confidential connections without messing about too much - no need even for "username and password".

With WiFi, either users have zero security, or they have to enter a username and password (and possibly jump through other hoops).

I'd love to know if there's an existing way and I'm missing something. Forcing users to use IPSEC does not count as "not jumping through hoops".

Yes I know, https users still have to beware of MITM attacks, but at least fix WiFi to the https level.

Re:How about free secure wireless?

[bhima]

Someone explained to me a good way which required 3 wireless routers...

I've long since forgotten what he said... pity that.

Re:How about free secure wireless?

[arminw]

...With WiFi, either users have zero security, or they have to enter a username and password...

As they say, locks are only good for honest people. The crooks will always be able to break in. I have set my AP up to only allow a short list of MAC addresses to connect to my network. I understand that this is not much security to seasoned hacker, but prevents casual war drivers from connecting to my network. When a friend comes over and wish us to connect to a network, I just and his or hers MAC address to the permitted list. It also means that I now have one less password to deal with.

Re:How about free secure wireless?

[element-o.p.]

WiFi AP to a wired router running OpenVPN? It's my preferred method. It still may not count as "not jumping through hoops", but it's about the best I can think of right now.

Re:How about free secure wireless?

[sukotto]

You only really need two...

1) Set up router A as an open access point and have it connect to your ISP
2) Set up router B as a private, secure access point
3) Hook up the rest of your network to router B
4) Set up router A to give traffic from B priority over any other traffic
5) Have router B connect to router A.

Secure for you and free for anybody that wants to use it.

Re:How about free secure wireless?

How is manually entering a MAC address into your router's configuration easier than entering a password into your friend's laptop?
IMHO that's *more* work, and does not even quality being called "not much security", it's none at all. MAC access lists don't even qualify as a security mechanism.

WPA2-AES is good. Use it.

Re:How about free secure wireless?

[sexconker]

Fool.
Then people who DON'T EVEN BOTHER TO SPOOF A MAC can just sit and grab signals out of the air.

All unencrypted (at the wireless level - SSL stuff is still SSL obviously).

Re:How about free secure wireless?

[lateralus_1024]

I've been told by my work's IT department to VPN into work and then do any kind of browsing that I want to do when I'm in a free/insecure wifi spot. Thus having a more secure connection while at a coffee shop or something.

I've yet to do this because I'm not sure they're prepared for 4chan showing up in their logs. The repercussions could negatively impact the paycheck scheme i've got going.

Re:How about free secure wireless?

[Fast+Thick+Pants]

And don't forget to set them for different channels.

Alternately, if you run dd-wrt, you can try setting up mutltiple virtual wireless networks and have them broadcast separate SSIDs so it looks like you've got two routers.

Re:How about free secure wireless?

[Jurily]

As they say, locks are only good for honest people.

The main reason you want a strong lock is not because they're unbreakable, but because your neighbor should be the easier target.

Re:How about free secure wireless?

[NoCowardsHere]

That's not free secure wireless. That's free wireless OR secure wireless. The open network isn't secure, and the secure network isn't open.

I want to see a system that provides both to the same user: anyone can connect to the router without entering a username or password, but can't snoop the traffic of any other users of the same access point.

Re:How about free secure wireless?

[gnud]

Yay solidarity! =)

Re:How about free secure wireless?

[cayenne8]

"Yes I know, https users still have to beware of MITM attacks, but at least fix WiFi to the https level."

Or...you can have some fun and USE WiFi to cause your own MITM attacks...

Re:How about free secure wireless?

[yincrash]

What about just having a secure router set up and another access point setup separately that is not connected to anything but just broadcasts the secure wireless's key?

Re:How about free secure wireless?

[arminw]

..but because your neighbor should be the easier target...

Actually, there are a number of free WiFi networks in our area that somebody could use automatically. Allowing only certain addresses to connect, makes our network only a tiny bit harder to use than the entirely open networks. For the longest time, our network was entirely open, but I noticed that someone was downloading large files. Putting the simple MAC number security in, stopped that sort of thing.

Re:How about free secure wireless?

[dougisfunny]

The only way I can think of doing it would be setting up two routers, one open with no security which hands out certificates or credentials access to the second which is secure, something like registering RADIUS credentials.

The way https works is by having certificates already install on the computer which say "I trust verisign" and then verisign signs the web site owners certificates. So there was fuss on the client, only not for the user, the fuss was done by the browser creators. You'd need a more sophisticated setup in order to do something similar. And a trusted signer, and the access point would need to go to the trusted signer to sign... and it would be a lot more fuss.

Re:How about free secure wireless?

[oatworm]

Ah - the "If you want to outrun a bear, the key is not to outrun the bear - it's to outrun the person behind you" principle. That sort of wisdom ranks up there with, "Women are like square roots - if they're under 16, you should do them in your head."

Take that however you will.

Re:How about free secure wireless?

[Jurily]

Ah - the "If you want to outrun a bear, the key is not to outrun the bear - it's to outrun the person behind you" principle.

If you gain enough speed, you will also outrun the bear. The fact that others don't is not your concern in this context, and there's nothing you can do about it anyway.

Re:How about free secure wireless?

[oatworm]

Brown bears run at speeds approaching 40 miles per hour. No human has run faster than 25. You're not outrunning the bear. Not alone, anyway. ;-)

Re:How about free secure wireless?

[Fast+Thick+Pants]

That's not free secure wireless. That's free wireless OR secure wireless. The open network isn't secure, and the secure network isn't open.

Ah, I understand now. Reading back, that's what TheLink (130905) was asking for too.

The closest thing I can think of would be to have the PSK included in the SSID (PSK=123abc456def, SSID=Password123abc456def).

I know better than to believe everything I read, but according to ctuffli's post on this page, your secure network isn't secure either -- users can still sniff each other's traffic with a little luck and a little math.

Re:How about free secure wireless?

[Jurily]

You have the option to find a road and get in your car between bear attacks.

Re:How about free secure wireless?

[oatworm]

Yeah, but you have to outrun the bear long enough to get to the car. It's the classic chicken-or-the-bear problem.

Re:How about free secure wireless?

[LeDopore]

There's nothing at the level of https - where users can have confidential connections without messing about too much - no need even for "username and password".

It would be great if you could have this kind of security without any exchange of credentials, but it's just not possible. With https, every site's public key is signed by a certificate authority; this kind of public key infrastructure (probably) wouldn't be practical with routers, and without it you're always vulnerable to a man in the middle attack.

Re:How about free secure wireless?

[TheRaven64]

I use MAC address filtering for a similar reason. It's pretty trivial to bypass, but it requires people to actively do so. I don't mind people using my WiFi, but if they do something illegal then I want to be able to show that I took steps to prevent it. If they bypassed them then they've committed two crimes instead of one.

Re:How about free secure wireless?

[somersault]

Take that however you will.

Considering the first is pretty wise, I'm not sure how to take it. Not doing them at all is always an option.

PS Is it weird that I still enjoy doing them when they're over 64?

Re:How about free secure wireless?

[oatworm]

What you do with your square roots is entirely your business. ;-)

Re:How about free secure wireless?

[Shakrai]

You don't have to outrun it if you've got one of these.

Firearms. Much more useful than a camera.

Re:How about free secure wireless?

That's borderline retarded. The security isn't worth a damn and those who bypass it won't even be traceable via their MAC address, because you made them imitate your computer.

Re:How about free secure wireless?

[centuren]

You only really need two...

1) Set up router A as an open access point and have it connect to your ISP
2) Set up router B as a private, secure access point
3) Hook up the rest of your network to router B
4) Set up router A to give traffic from B priority over any other traffic
5) Have router B connect to router A.

Secure for you and free for anybody that wants to use it.

Probably implied, but whitelist on router B.

Re:How about free secure wireless?

[taucross]

Hahaha how old are you?

Re:How about free secure wireless?

[sumdumass]

One way of doing it with one router would be to set a proxy up as a gateway with an automatic script that redirects all port 80 traffic to an ssl connection. I believe the dd-rt can do this (maybe tomato I don't remember which I messes with last).

Anyways, when your browser finds the proxy, it redirect your connection to a ssl connection which encrypts your traffic while allowing auto detect. It would suck for FTP (doesn't play well with proxies) and some other traffic. but it would essentially get your a secure open connection to some degree.

Re:How about free secure wireless?

[NoCowardsHere]

Ahh, this is something I've been wondering for a while... can one user on a WPA network see other users' traffic? The page you link to indicates that if you capture the initial connection you can derive the key for the session. If this is true, it seems like a severe and completely unnecessary weakness... I'm pretty sure that algorithms to prevent that have existed for decades (Diffie-Helman shared secret generation, for example).

Re:How about free secure wireless?

[Sabriel]

Just don't miss your first shot with that pocket howitzer. The recoil's almost as bad as the bear. :)

Re:How about free secure wireless?

[rubycodez]

have you seen the exhibits in some of our national parks of car doors ripped open by bears? you not only have to get to the car, you have to start it and get it to over 40MPH if the bear is intent on having you for dinner or play.

Re:How about free secure wireless?

[Shakrai]

Well, a .357 magnum will stop a grizzly..... if you have good shot placement. That's going to be a little tough when you have a 1,000 pound animal charging you and only seconds to react though. For a handgun I wouldn't want anything smaller than a .44 magnum if I'm going to be backpacking in grizzly country. A rifle would be much better but those are harder to tote around all day and generally can't be brought into action as quickly.

One of these days I'm going to go on a backpacking trip through Alaska. I'll probably invest in a .44 magnum for the occasion. The Model 500 would be a neat toy to have but it's hugely expensive and utterly impractical for any application that I would have besides saving my ass from a grizzly bear.

Bear mace is also a good investment. The majority of bear encounters are just threat displays and end without an attack. Mace is arguably better than a firearm in these scenarios. I'd still want a firearm on the off chance that I run into one that is interested in making me lunch though. I'll either stop him or I'll get him from the grave when the SOB dies a few weeks later from infection ;)

Re:How about free secure wireless?

[rgo]

I've tried doing this, while also using the router as repeater client. The problem is that although you've got 2 wireless networks with one router, they aren't isolated, leaving your LAN exposed.

Re:How about free secure wireless?

[Alpha830RulZ]

I guided fishing trips in Alaska for 10 years. And have been mauled by a bear, but that is another story. In Alaska the wisdom is, if you carry a .44 magnum, which I did, you should file the front sight down, so it doesn't hurt so bad when the bear stuffs it up your ass. I had a .44 magnum Ruger redhawk with a 7" barrel in a shoulder holster, but I always figured that was for getting even rather than protecting myself.

We carried 12 gauge shotguns, with a firecracker shell as the first load, a slug as the second shell, followed by 00 buckshot. In 3" magnum. We used the firecracker shells often, never used anything after. A lot us also carried handguns, but we didn't delude ourselves that they were sufficient for primary protection.

Re:How about free secure wireless?

[Shakrai]

I've heard that expression but not in relation to the .44 magnum. Interesting to hear it from someone who has been out there. What of the .500 S&W Magnum? Was that around when you were guiding trips?

I would much prefer a high powered rifle over any handgun but they aren't nearly as easy to carry. I would imagine that would apply even more for a fishing expedition -- are you going to wade into the middle of a stream with a rifle or shotgun slung over your back? Doesn't do you much good if you leave it on shore.

I'd feel secure enough with mace for the most part. My fear is running across the one bear in a thousand that thinks humans are lunch or accidentally surprising mama bear with the cubs. I'd really hate myself if I had to kill her but the choice between her or me is not a hard one to make.

Re:How about free secure wireless?

I can easily do square roots in my head well into the low hundreds... ah wait... shit.

Re:How about free secure wireless?

[raju1kabir]

The problem is that although you've got 2 wireless networks with one router, they aren't isolated, leaving your LAN exposed.

No, you can run separate VLANs and subnets and there's no reason they need to see each other.

Re:How about free secure wireless?

[fractoid]

How is manually entering a MAC address into your router's configuration easier than entering a password into your friend's laptop?

It requires access to the router rather than just access to a device not under his control.

Re:How about free secure wireless?

[fractoid]

Depends how long you need to sustain that speed. The fastest recorded human running speed is 48km/h, or just shy of 30mph.

Bears are cool. When I grow up I want to be a bear.

Re:How about free secure wireless?

[fractoid]

After that you can technically do them on paper, but... not so fun.

Re:How about free secure wireless?

[Maelwryth]

Ahhhhhh, yes. And I suppose you think tying two 14 year olds together doesn't make them a 28 year old with two teenage pussies as well?

Re:How about free secure wireless?

[RedWizzard]

Brown bears run at speeds approaching 40 miles per hour. No human has run faster than 25. You're not outrunning the bear. Not alone, anyway. ;-)

Just to be needlessly pedantic I must point out that top sprinters are slightly faster than 25mph. For example Bolt peeked at about 27.3mph in both the 100m and 200m finals in the World Championships this year.

Obviously even he'll still get run down by the bear though.

Re:How about free secure wireless?

[Nyder]

hmm, jailbait and free wifi?

god i love america!

Re:How about free secure wireless?

[sjames]

It's exactly another case where authentication and encryption have been conflated by an industry, just like the silly can't have https without a certificate business.

Ideally, client and AP would exchange public keys then use that to exchange a session key and use real crypto on a per client basis from there, authenticated or (optionally) not.

Re:How about free secure wireless?

[cbiltcliffe]

And then somebody can connect to your insecure one, and use ARP poisoning to sniff all the traffic between your secure network and the Internet.

Remind me not to hire you to set up a secure network.

Re:How about free secure wireless?

[cbiltcliffe]

Don't think that's possible, without adding an SSL layer to 802.11, which would also require that each network card or driver have a public/private key pair.
And it would have to be generated automatically during install, rather than being fixed as part of the driver download.

And since we've already got secure 802.11, I doubt any researchers are going to get to work doing something like this, especially since it would, I expect, break backwards compatibility.

Having said that, Belkin makes a wireless router with dual 802.11.
One key gives access to the private network, and a second allows access to only the Internet.
Of course, you still have to enter a key, and non-private users would still be able to use ARP poisoning tricks and such, but it's sort of along the lines of what you want, I think.

Simply set the public encryption key as part of the SSID, and keep the private one to yourself. You'll have a safe network, and others will be able to get the key from the SSID to access the Internet with encryption.

Of course, since an attacker would also be able to get the encryption key from the SSID, it doesn't do you much good to keep things secure for your other users......

Re:How about free secure wireless?

[shervinemami]

so whats the square root of 5? i don't think the pedophile manual has that one!

Re:How about free secure wireless?

[shervinemami]

and by then, your WPA Encryption would be the last of your worries!

Re:How about free secure wireless?

[oatworm]

Sure it does. It's on page 2.24.

Re:How about free secure wireless?

[Alpha830RulZ]

There is -no- handgun that is adequate for bear protection, IMHO. The .500 is too big for me to shoot comfortably, and you need to be comfortable with any gun you are going to carry. I am quite comfortable with a .44. As I said, though, I don't delude myself that the .44 is going to stop a charging bear.

A grizzly bear can function for multiple seconds after a direct shot to the heart - they have incredible anerobic capability. To take down a bear, you need to break the shoulders, hit the brain, or hit the spine. A 12 gauge with 3 inch shells and slugs is sort of the entry price to that level of power.

We carried handguns to use on the bear that is mauling someone else. If a bear is charging you, you need a shotgun with slugs, or a 30-06 or better. We carried a shotgun on every raft, plus other assorted hardware. If a bear is already charging you though, odds are that your goose is cooked. You need someone else to have a gun, so he can kill the bear before the bear finishes killing you.

At the end of the day though, we used good camp discipline, traveled in pairs, making lots of noise, and never had an issue. Lots of good stories, though.

As usual

[trifish]

And the most important piece of information comes at the very end of the summary (just not to diminish the sensation or prevent FUD):

They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

How does the VPN help?

[JSBiff]

Are you *positive* that the VPN connection is uncrackable? If it's going over wireless, then if someone is recording the cyphertext, they will be able to recover the VPN cyphertext out of the WPA cyphertext. If they then know of a way to recover the 'cleartext' from the VPN cyphertext, then you are still leaking your data. If the VPN system is so secure, why aren't we using it for the wireless connection? That is, make the wireless network a VPN using the same algorithms you use for your VPN?

Re:How does the VPN help?

[NitroWolf]

Are you *positive* that the VPN connection is uncrackable? If it's going over wireless, then if someone is recording the cyphertext, they will be able to recover the VPN cyphertext out of the WPA cyphertext. If they then know of a way to recover the 'cleartext' from the VPN cyphertext, then you are still leaking your data. If the VPN system is so secure, why aren't we using it for the wireless connection? That is, make the wireless network a VPN using the same algorithms you use for your VPN?

While I am not commenting on the security or lack of security in a VPN connection, I believe I can answer this. The simple fact is, most routers can't handle the encryption load of a full blown VPN, especially one with multiple users. Even dedicated routers that are made to handle this can only handle 5 or 10 at a time until you start plopping down the big bucks for the serious VPN routers.

So using VPN level of encryption on a home router is not going to happen until processing power is increased dramatically on the cheap CPUs they use.

Re:How does the VPN help?

[patrickthbold]

As far as I know, there is nothing that is reasonable to use that is proven to be secure. Lots of things are very likely to be secure. Often you are trying to balance the convience of a protocol with its security.

Re:How does the VPN help?

[mcrbids]

Are you *positive* that the VPN connection is uncrackable?

No, and nobody ever is. Which is why security protocols are so conservatively deployed. Protocols are proposed and analyzed by lots of people who are (hopefully) much smarter than you or I. Protocols that withstand years of this scrutiny and review are slowly trusted more and more (EG: SSL) over other protocols that get picked apart. (like WEP)

If it's going over wireless, then if someone is recording the cyphertext, they will be able to recover the VPN cyphertext out of the WPA cyphertext. If they then know of a way to recover the 'cleartext' from the VPN cyphertext, then you are still leaking your data.

This whole paragraph makes no sense at all, and makes it clear that you do not understand encryption, especially dual-key cryptography. Please RTFM.

If the VPN system is so secure, why aren't we using it for the wireless connection? That is, make the wireless network a VPN using the same algorithms you use for your VPN?

WEP, WPA, and AES are protocols that logically establish a sort of Virtual Private Network on otherwise public radio waves. The main difference between these protocols and a true VPN is that they aren't layered on top of IP, like a VPN, but are instead layered on the datagram protocol of the radio signal itself. The problem is that WEP was quickly implemented and was never really peer reviewed. Thus, it had numerous flaws that were discovered very quickly.

From a security standpoint, WEP is sort of like locking your ground-floor window. It allows you to announce your intention of privacy, but it's quite easily compromised by somebody with the digital equivalent of the nearest rock.

Re:How does the VPN help?

[JSBiff]

If it's going over wireless, then if someone is recording the cyphertext, they will be able to recover the VPN cyphertext out of the WPA cyphertext. If they then know of a way to recover the 'cleartext' from the VPN cyphertext, then you are still leaking your data.

This whole paragraph makes no sense at all, and makes it clear that you do not understand encryption, especially dual-key cryptography. Please RTFM.

Perhaps you just didn't understand the paragraph. The post I was responding to suggested layering a VPN on top of the WPA2 or whatever wireless security, right? So, that, to me, logically implies if I'm using the VPN, my "secret" text first goes through the VPN layer and becomes cyphertext1 (that is, it's encrypted by the vpn), then it gets passed to the wireless network driver, and gets encrypted again using the wireless crypto protocol, and becomes cyphertext2. That is, cyphertext2 is an encryption of a cyphertext.

So, WPAx gets 'broken', so the attacker 'decrypts' cyphertext2, and discover that the decryption now gives them cyphertext1, right? Now, that means that as long as the security algorithm used by the VPN to create cyphertext1 was truly secure, the best case scenario is that the attacker has to do a brute-force key-search, to recover the text (and such a brute-force key search is impractical, so if that's the best they can do, the secret is secure, BUT, if the VPN is not really secure, because there is some weakness in the VPN algorithm, then they could potentially decrypt cyphertext1 as well. See, that makes some kind of sense, doesn't it? NOTE: I'm not saying the VPN algorithms *are* weak like WEP and WPA/TKIP, I'm just asking what makes people so confident in the VPN system, when it was discovered within a few years of the 'standardization' of WEP and WPA how to break them?

We were told all along that WEP was secure, until it was discovered it wasn't, then told WPA was secure, until it was discovered it wasn't. So, what's next?

Re:How does the VPN help?

[0100010001010011]

I route my OpenVPN traffic through an SSH port forward routed through an OpenVPN connection routed through an SSH port forwarded connection routed through an OpenVPN connection routed through an SSH port forwarded connection routed through an OpenVPN connection routed through an SSH port forwarded connection routed through an OpenVPN connection routed through an SSH port forwarded connection routed through an OpenVPN connection routed WEP.

Re:How does the VPN help?

[gad_zuki!]

>If they then know of a way to recover the 'cleartext' from the VPN cyphertext

Thats quite a jump. I'd like to see some cites that IPSEC cracking is this easy. The idea behind VPN is that, yes, your potential attackers can see all the cyphertext they want, but cannot decypher or compromise the tunnel (outside a DDOS).

Re:How does the VPN help?

[Vellmont]

So using VPN level of encryption on a home router is not going to happen until processing power is increased dramatically on the cheap CPUs they use.

Huh? You speak as if "VPN encryption" is an algorithm who's security and performance can be measures against "Wireless Encryption".

The fact is that "VPN Encryption" could be the same damn algorithm that the wireless router uses (AES). It could be a poor algorithm with weak encryption. The truth is there's no single thing called "VPN Encryption".

Re:How does the VPN help?

[Clandestine_Blaze]

I'll second this.

Wireless VPN is not where it needs to be. If you have something THAT secure, just don't communicate wirelessly. Set up a wired VPN connection.

This reminds me of the Verizon FIOS guy who came over to install FIOS for our house. He noticed that I was using WPA2 encryption and a MAC Address filter, and said something like "If you're this paranoid about security, you shouldn't even be on the Internet".

Re:How does the VPN help?

[arndawg]

It's not like the routers have to handle the decryption. I mean. Home routers? What do home-users got that's so freaking important that a hacker want to store their data over n-years. Client With VPN Certificates-> Logon to Wireless with WPA2 or whatever-> only allowed to connect to VPN server running somewhere -> PROFIT
Sometimes you just gotta say, good enough. Or another solution would be do isolate your walls with tinfoil. That way no-one can listen!

Re:How does the VPN help?

[raju1kabir]

I'm just asking what makes people so confident in the VPN system, when it was discovered within a few years of the 'standardization' of WEP and WPA how to break them?

For one thing, the stakes are higher with widely-deployed open VPN protocols and ciphers. Institutions with huge amounts on the line have relied on them. Nobody except consumers and traveling salesmen has depended on WEP/WPA to do anything other than keep bandwidth leechers out.

Higher stakes means more motivation to discover a flaw. So far that hasn't happened with the mainstays, despite other protocols dropping left and right.

Nothing is for certain, but for now I'm reasonably confident in my VPN.

Re:How does the VPN help?

[gad_zuki!]

My PoS linksys with ddwrt can do ssh tunnels that are just as demanding as VPN. Heck, compared to a DES-based IPSEC tunnel an ssh AES tunnel is more demanding.

It wasn't broken

[mx_mx_mx]

They have just found a way to decrypt a packet using the WEP chopchop algorithm. Master key can't still be recovered. Move along, this isn't news

Re:It wasn't broken

They've found a way to decrypt TINY packets only a few bytes long (like ARP) and inject fake ones of the same length.

So no real traffic sniffing, and definitely no WPA key recovery.

I cant see really how this would be a useful tool in aircrack as you have no way of doing anything else with the network!

Wireless Routers

[Wowlapalooza]

Minor nitpick with the article: WPA is a general wireless security protocol[1] which isn't limited to wireless routers. Regular APs (Access Points) use it, as of course do wireless clients.

[1] Actually, to nitpick myself, WPA isn't even technically a protocol, it's a certification program which confirms that particular devices implement the IEEE 802.11i standard

Re:mac address whitelist filters?

[radish]

MAC filters are worthless, always have been (it's trivial to change the MAC on a device to a whitelisted one). And I don't see any evidence that WPA2/AES is "fast becoming insecure", as this attack specifically doesn't work against that setup.

hacked in 60 seconds...

[Coraon]

I sense a Jerry Bruckheimer movie staring Angelina Jolie. its gone in 60 seconds meets hackers.

Aircrack

[dandart]

So is this a new way to crack the handshake once you've got it or is it to hack straight in?

Sneakernet key exchange?

[John+Hasler]

n/t

Experiences

[Sj0]

After spending some time working with crappy home routers, I've decided encryption isn't worth the hassle. If I want to ensure my communication isn't intercepted by a hostile third party, I'll use a wire instead. If I want to limit access to the internet, I'll use a MAC ACL instead. The routers aren't hefty enough to deal with anything more than light surfing with encryption active.

Re:Experiences

[krenaud]

What? A 7 year old Linksys WRT54G can handle 24-30Mbps with AES encryption, current versions are even faster, and if you choose wisely you can find 80-90Mbps home routers from Dlink/Netgear today.

These routers are more than adequate for more than "light surfing".

Re:Experiences

[Sj0]

Sure, it can handle it, but it can't handle it well. Connections start bugging out and eventually you end up with problems.

Horribly engineered devices, consumer wireless routers.

I was having continuous problems doing simple things like trying to watch streaming video with my old dl-514 with any sort of encryption enabled. Multiple firmwares didn't resolve the problem completely, so I tried removing encryption and using access control lists to prevent casual unauthorized use. Right away I found a much more stable, usable connection. Throughput didn't change, but connection stability did.

Re:Experiences

[slyborg]

Trivial on a lot of platforms to MAC spoof, so your ACL won't do anything for you security-wise against anybody that knows what they're doing.

Re:Experiences

[gujo-odori]

I have a 2003 vintage WRT54G running WPA2-Personal/AES and it has absolutely no stability issues. My cable connection is 15 mbps down and I routinely get as close to that wire speed as protocol overhead allows for. Yesterday, I downloaded an ISO image at 1.3 - 1.4 MB/sec sustained. Maybe the trouble is that you have a DL-514 instead of a WRT54G originally mentioned

After all, everybody knows that a device with as many blinkenlights as the WRT54G has to be better, right? :)

Re:Experiences

[Sj0]

Most of the models of the era are bad. I had a few brands, and it wasn't common to find much stability.

Re:Experiences

[Sj0]

The WRT54g is sort of legendary though, thanks to the open source linux firmware. It only makes sense that it would work better.

Other linksys routers weren't as great, however. I've never had a great connection from anything but a commercial grade wifi router.

Re:Experiences

[Sj0]

On an aging router such as the DI-514 without WPA2 or WPA-AES support, I'd argue the ACL is more secure in reality than WEP.

Why?

Because WEP is a standard basic security practice, and easily breakable using software available using 2 seconds on Google. By contrast, ACLs are almost never used, so unless you're someone who legitimately knows what they're doing, it just looks like you can't log into the network, compared to "Hey everyone, guess what encryption is used on this network!!"

I agree that if you know what to look for it's far easier, but the people who know what to look for are in a large minority of people who could conceivably hack a wifi network for access.

Re:Experiences

[atomic-penguin]

Here's the thing about wireless signals, they tend to broadcast for a fairly wide range, of course it depends on the transmit strength. However, bypassing your non-encrypted wireless signal with a MAC ACL is as easy as doing this.

tcpdump -s 1500 -n -l -w - -i wlan0

Oh lookey, a MAC address!

ifconfig wlan0 hw ether 00:AA:BB:CC:DD:EE

Then you can proceed to run dhclient, or just take the poor schmuck's IP from the traffic you sniffed earlier. Not convinced? Try it at a Borders or Starbucks next time with a laptop. They run a pay-as-you-go wireless on MAC address authorization.

WEP and TKIP may not be secure, but at least someone has to attack it. I don't have to do anything, except passively listen to the wireless waves coming from your wireless NIC and Access Point, in order to bust your "secure" setup.

Re:Experiences

[krenaud]

I agree, most consumer routers are crap. But, WRT54GL is still a very good choice if 801.11g is enough for your needs and D-Link DIR-655 & 855 are reasonable choices for 11n. Most other D-Link routers are really bad, especially 614, 624 and 514.

Re:Experiences

[heeen]

I don't know, my tiny dated Netgear WGR614 router can handle a DVB-S Stream over http over WPA no problem.

Re:Experiences

[Sj0]

A passive attack is still an attack.

As far as I'm concerned, there's no functional difference betweeen a series of easy to crack encryption methods. Who cares that it's a passive attack if the alternative is to type "WEPCRACK" into your command line to get the password? or "WPACRACK"?

Re:Experiences

[gujo-odori]

Well, kind of. Mine is a regular 54G running standard firmware (all it's capable of), not a 54G-L.

My wireless connections at home are actually more reliable than my commercial-grade wireless connection at work, (not that the ones at work are bad, but I do have problems from time to time; at home, it's totally rock-solid. I've had to reboot the thing due to a problem with the connections only once, and I've been using it for years).

Re:Experiences

[atomic-penguin]

The point is you have a false sense of security by using MAC address access controls. MAC access controls do not direct the radio waves to your MAC address only, anyone can still sniff them out of the air. Chances are a real attacker will listen in to the wireless signals and will eventually get some valuable private information. That is so much more valuable than getting Internet access.

Re:Experiences

[Sj0]

The point is you have a false sense of security using most other encryption as well, so it's stupid as hell to treat wireless as a secure line in the first place. Treat it as inherently insecure and stick to wired signals for important data.

Re:mac address whitelist filters?

[mlts]

There is always WPA2-Enterprise which requires a RADIUS server. The advantage is that there is no need to worry about one "master" key. The disadvantage is that if a username/password combination is guessed, one can get on the network.

I have a better security...

[AmigaHeretic]

I don't know why people insist on using WEP, WPA, WPA2, etc..

I just made my SSID "Logon for only $3.99 per minute"

Haven't ever seen my neighbors log on even once.

_

Re:I have a better security...

[mungewell]

I have mine set to 'I read your email'.

Re:I have a better security...

[Dwedit]

How about a network named "56K AOL Dialup"?

Re:I have a better security...

[Dan541]

Win32.trojan seems to discourage people as well.

Not new

[MobyDisk]

TKIP was fundamentally broken, by design. We knew that. TKIP was invented as an intermediate encryption that could run on the same hardware that WEP ran on. It allowed router manufacturers to use something better than WEP without having to beef-up their hardware. It worked well, and bought several years before it was completely broken. Anyone who has a router using TKIP bought at a bad time, and is stuck with something that's only a little better than WEP. The solution is to buy a router that supports WPA2, which has real AES encryption.

Re:Not new

[/dev/trash]

Are you with Cisco or Netgear?

Re:Not new

[MobyDisk]

Neither. My post was based on my recollections + reading the Wikipedia article. It was just an attempt to hold back the "OMG, the sky is falling!" FUD.

For the record, I have a Linksys at home. :-)

Re:mac address whitelist filters?

[bk2204]

Well, you have the same problem with WPA2-Personal, except in that case there's no need to guess a username, only a password. You could say the same for pretty much anything that requires a username and password.

The benefit of using RADIUS is that you can have separate username/password pairs, and thus you can grant or restrict access individually without having to change the password each time.

Re:mac address whitelist filters?

[CrashandDie]

Because they are transmitted bright and clear all over the place? Whitelisting the authorised MAC addresses assumes that you do not trust the encryption (or there is none). If you assume the encryption is broken, you assume anyone can listen to the network and intercept any and all MAC addresses being transmitted (in [nearly?] every single packet).

Other protocols available

[azrider]

TKIP was fundamentally broken, by design. We knew that. TKIP was invented as an intermediate encryption that could run on the same hardware that WEP ran on.

TKIP (Timed Key Interchange Protocol, for those who don't know) does have a weak spot. This is that the new key is sent out from the access point on a regular basis. Cisco's implementation (supported by most companies that supply 802.11a equipment) makes two changes. One is that the time value set is a maximum value (the key change interval is actually random). The other is that the new key is sent via the encrypted session. You therefore have to have cracked the old key to receive the new key.

It will be interesting to see if that is discussed when the paper is presented.

Re:mac address whitelist filters?

[Firethorn]

The disadvantage is that if a username/password combination is guessed, one can get on the network.

Isn't that generally a problem with any system?

Still, WPA2 w/RADIUS can be smart card enabled, so that helps.

Re:mac address whitelist filters?

[genik76]

MAC address filters are not worthless, as they can add something to the existing security. Firstly, if the attacker is dumb or lazy enough, he doesn't acquire the whitelisted MAC addressses. Secondly, if he manages that, the users of the compromised MAC addresses receive a warning signal when the computer says "IP address is already in use" (or something similar, depending on system and configuration). Thirdly, if all previous points fail to produce a reaction, the administrator can see what's going on from the router's log files.

Re:mac address whitelist filters?

[oatworm]

My security plan is turtles all the way down!

Re:mac address whitelist filters?

[radish]

They're broadcast in the clear.

Re:mac address whitelist filters?

[radish]

Firstly, if the attacker is dumb or lazy enough, he doesn't acquire the whitelisted MAC addressses

Defending against idiots is easy.

Secondly, if he manages that, the users of the compromised MAC addresses receive a warning signal when the computer says "IP address is already in use" (or something similar, depending on system and configuration).

Except they don't - who said anything about IP addresses? Sure ARP could start getting confused, but it's not hard to monitor traffic for a few days to harvest MACs and then wait for one to go offline before "borrowing" it without anyone knowing. Try it - change the MAC on one of your machines to create a conflict but give it a unique static IP within your subnet (as DHCP certainly gets messed up with a MAC collision). It's surprising how much works...

Thirdly, if all previous points fail to produce a reaction, the administrator can see what's going on from the router's log files.

Now you're assuming an expert admin who actually proactively checks logs and knows how to interpret them. Such a person wouldn't use a MAC filter in the first place :)

Re:mac address whitelist filters?

[petermgreen]

Listen until they appear on the network.

Re:Nomenclature Confusion

[Chris+Burke]

How is this hard to understand or explain?

Most people don't know that there's a difference between an encryption protocol and an encryption algorithm (somewhat understandable, in the broadest sense both are algorithms). Why don't more people explain? Don't know.

And more importantly, and worse!, why do manufacturers get it wrong?

I blame marketing. :)

Re:SSH

[angelbunny]

If your computer is exploitable it could be rooted and then the ssh is pointless.

Re:SSH

[Prof.Phreak]

Why care about wireless security anyway? I mean, if it's important, it should be done over SSL, SSH, or VPN. If not, then why aren't you worried about your ISP (or a dozen routers along the way) reading your non-encrypted packets?

The only reason I see to "securing" wifi is to ensure your neighbours don't torrent stuff over your connection.

Re:Mac filtering

[yahwotqa]

Yeah, you just keep using that setup. Do not worry a thing, it's secure enough. Honest!

Re:mac address whitelist filters?

[uninformedLuddite]

If you actually want to see the MAC addresses on a network being broadcast quite clearly try using ethereal. It's also educationamable.

Re:Mac filtering

[uninformedLuddite]

You must be the local Internet Porn Gateway

Why are they a waste?

[coryking]

Mac address whitelists are a waste of time

Yeah you gotta know what you are doing, but if you are in an environment dense enough that an open wireless connection will be mooched off of, even a competent person will not bother you. There is always somebody running an unsecured access point. Why waste time trying to mess with your laptops MAC address when you just connect to "linksys" two apartments over?

In the past, I would whitelist MAC addresses but I stopped for a far better reason than yours--they are a pain in the ass when you've got friends over. Much better to just have an easy to remember password.

Anybody that wants to get into *your* wireless network *specifically* will find a way--MAC whitelist or not. Anybody looking for an open access point to just get on the net will move on if you block based on MAC address even if they are a hard-core nerd.

In other words, security through obscurity does have merit. It weeds out all the casual passer bys. It does not weed out somebody who is targeting you specifically. Course, I'm not sure whitelists are security through obscurity :-)

Another weak password crack?

[midnighttoadstool]

If TKIP really broken or is this yet another weak-password story.

screw encryption

[homes32]

step 1. setup unencrypted wireless router
step 2. setup linux box running DHCP, IPTABLES, Squid, morgify
step 3. configure linux box using instructions at http://www.ex-parrot.com/pete/upside-down-ternet.html
step 4. ?????
step 5. Profit!!!!!!!!

Wii and WPA2

[Cato]

Nintendo disagrees with you about the Wii - it does support WPA2/AES apparently: http://www.nintendo.com/consumer/systems/wii/en_na/onlineWirelessRouterWEPWPA.jsp

Re:Wii and WPA2

[marcansoft]

I never said it didn't. The DS doesn't support WPA; the Wii does. I only mentioned the Wii in relation to the broader issue of hardcoding everything into games.

Dang, thought I was logged in...

[gosand]

didn't notice this was posted as AC

Glenn Fleishman

[eggboard]

I've looked through the comments, and I cannot tell whether anyone has read the paper linked or is commenting on the summary. The summary, derived from news coverage, is incorrect.

The exploit works only to recover a single MIC encryption key which is distinct for each packet. It allows a packet intended for a client to be falsified, but the packet has to be short and mostly known, like an ARP packet. The researchers require that they act as a physical man in the middle, as a relay between an access point and a client, where the client cannot receive signals from the access point.

It's very clever, but it doesn't involve breaking TKIP per se; it has nothing to do with key recovery for network encryption.

Re:Glenn Fleishman

[midnighttoadstool]

Excellent. Thanks for that.

In time encryption will fail...

[logfish]

With news like this, why do we think that the ATM system is still safe? And when will they come up with a better encryption for that?