Slashdot Mirror
WPA Encryption Cracked In 60 Seconds
carusoj writes "Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level. The earlier attack worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm."
You'll be able to provide more free wireless too!
TFA lists AES. I'm curious what else is considered useful. Anybody using hacked routers to run tomato and the like are very welcome to discuss their security thoughts.
"Common sense will be the death of us all"
Backtrack really doesn't "do" anything, it's just an awesome integration of separate tools.
aircrack is the base package that would most probably implement this.
Lucky for me, I use WEP, so I'm safe.
My wireless network is kept open. I prefer to be sure that it is not safe than believe it is :) BTW, I call it ParasiteNet. :)
So, does this mean it's time to start working on whatever the replacement will be for WPA2? WPA is broken. . . but at least we can use WPA2 (for now). I'm guessing WPA2 will someday be broken, so we need to have something to replace it which has not (yet) been broken. Seems like wireless security rests on a never-ending game of move the goal, before the goal is reached (where the 'goal' for crackers is to crack the 'current' security protocol).
Although, thinking about this more, it makes me wonder - does anyone ever 'record' encrypted traffic from targets of interest, in the hopes that, maybe right now they can't crack it, but maybe in 2 or 3 years, they'll be able to crack it, and if they have a 'recording' of the cyphertext, which they can later decrypt, they can get possibly interesting info/data (data could very easily still be useful and interesting 3 or 5 years from now, particularly things like state/corporate secrets, but even more mundane info like people's social security numbers, answers to online password 'reset' security questions, etc).
I suppose that if I could think of it, someone else already has, and already is doing it.
So, from that standpoint, even if the security researchers stay 'ahead' of the blackhats, the blackhats can still get useful info within a relatively useful amount of time. Just because you've upgraded to WPA2 or WPA+AES, doesn't mean you're completely protected, if someone snagged encrypted traffic in the past which was 'secured' by TKIP.
The original paper is here
I do the same but I have a coovaAP set up for the roaming to snag free WiFi near my home.
Keeps people out of my junk, and I can limit what they can do.
Do not look at laser with remaining good eye.
And the most important piece of information comes at the very end of the summary (just not to diminish the sensation or prevent FUD):
They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.
They have just found a way to decrypt a packet using the WEP chopchop algorithm. Master key can't still be recovered. Move along, this isn't news
Linux forever
I'm not sure if you're calling shielded cables an example of security through obscurity, but if you did, they're not.
Knowing exactly how your cables are shielded doesn't help me snoop on anything passing through those cables.
MAC filters are worthless, always have been (it's trivial to change the MAC on a device to a whitelisted one). And I don't see any evidence that WPA2/AES is "fast becoming insecure", as this attack specifically doesn't work against that setup.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
Are you *positive* that the VPN connection is uncrackable? If it's going over wireless, then if someone is recording the cyphertext, they will be able to recover the VPN cyphertext out of the WPA cyphertext. If they then know of a way to recover the 'cleartext' from the VPN cyphertext, then you are still leaking your data. If the VPN system is so secure, why aren't we using it for the wireless connection? That is, make the wireless network a VPN using the same algorithms you use for your VPN?
While I am not commenting on the security or lack of security in a VPN connection, I believe I can answer this. The simple fact is, most routers can't handle the encryption load of a full blown VPN, especially one with multiple users. Even dedicated routers that are made to handle this can only handle 5 or 10 at a time until you start plopping down the big bucks for the serious VPN routers.
So using VPN level of encryption on a home router is not going to happen until processing power is increased dramatically on the cheap CPUs they use.
Actually, it is a mathematical fact that OTP is perfectly unbreakable. P=NP doesn't enter into it.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
I prefer to be sure that it is not safe than believe it is :)
"I'm safe. My secure wireless router is no where near Japan. There's no way they can pick up signals from me."
(This came from a guy who would only buy American electronics, because he really didn't want to watch Japanese game shows and doesn't speak Japanese, Thai. or Korean.)
I don't know why people insist on using WEP, WPA, WPA2, etc..
I just made my SSID "Logon for only $3.99 per minute"
Haven't ever seen my neighbors log on even once.
_
Are you *positive* that the VPN connection is uncrackable?
No, and nobody ever is. Which is why security protocols are so conservatively deployed. Protocols are proposed and analyzed by lots of people who are (hopefully) much smarter than you or I. Protocols that withstand years of this scrutiny and review are slowly trusted more and more (EG: SSL) over other protocols that get picked apart. (like WEP)
If it's going over wireless, then if someone is recording the cyphertext, they will be able to recover the VPN cyphertext out of the WPA cyphertext. If they then know of a way to recover the 'cleartext' from the VPN cyphertext, then you are still leaking your data.
This whole paragraph makes no sense at all, and makes it clear that you do not understand encryption, especially dual-key cryptography. Please RTFM.
If the VPN system is so secure, why aren't we using it for the wireless connection? That is, make the wireless network a VPN using the same algorithms you use for your VPN?
WEP, WPA, and AES are protocols that logically establish a sort of Virtual Private Network on otherwise public radio waves. The main difference between these protocols and a true VPN is that they aren't layered on top of IP, like a VPN, but are instead layered on the datagram protocol of the radio signal itself. The problem is that WEP was quickly implemented and was never really peer reviewed. Thus, it had numerous flaws that were discovered very quickly.
From a security standpoint, WEP is sort of like locking your ground-floor window. It allows you to announce your intention of privacy, but it's quite easily compromised by somebody with the digital equivalent of the nearest rock.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
TKIP was fundamentally broken, by design. We knew that. TKIP was invented as an intermediate encryption that could run on the same hardware that WEP ran on. It allowed router manufacturers to use something better than WEP without having to beef-up their hardware. It worked well, and bought several years before it was completely broken. Anyone who has a router using TKIP bought at a bad time, and is stuck with something that's only a little better than WEP. The solution is to buy a router that supports WPA2, which has real AES encryption.
And don't forget to set them for different channels.
Alternately, if you run dd-wrt, you can try setting up mutltiple virtual wireless networks and have them broadcast separate SSIDs so it looks like you've got two routers.
As they say, locks are only good for honest people.
The main reason you want a strong lock is not because they're unbreakable, but because your neighbor should be the easier target.
Oh, fer crying out loud, if you're going to use wikipedia notation, at least *check* wikipedia first:
The Vernam-Mauborgne one-time pad was recognized early on as difficult to break, but its special status was only established by Claude Shannon some 25 years later. He proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext
Yay solidarity! =)
The original question was "The question is can anything be secure in the long term if an attacker can monitor the conversation between alice and bob 24/7?" Presumably then you eventually run out of one time pads. OTP is secure iff you have either a shared source of randomness or have some other secure channel to transmit the material. And if you have a shared source of randomness you need then to have that source somehow secure. There are good reasons we don't use one time pads on a daily basis.
TKIP (Timed Key Interchange Protocol, for those who don't know) does have a weak spot. This is that the new key is sent out from the access point on a regular basis. Cisco's implementation (supported by most companies that supply 802.11a equipment) makes two changes. One is that the time value set is a maximum value (the key change interval is actually random). The other is that the new key is sent via the encrypted session. You therefore have to have cracked the old key to receive the new key.
It will be interesting to see if that is discussed when the paper is presented.
And ye shall know the truth, and the truth shall make you free.
John 8:32(King James Version)
Ah - the "If you want to outrun a bear, the key is not to outrun the bear - it's to outrun the person behind you" principle. That sort of wisdom ranks up there with, "Women are like square roots - if they're under 16, you should do them in your head."
Take that however you will.
Mac address whitelists are a waste of time. Anyone who is competent can just monitor your network long enough to discover the mac address of a trusted device and switch his device to that address. Anyone who isn't competent isn't going to be able to bypass WPA.
If you want to get really paranoid you can back up your encryption with a non-permissive firewall that will only pass traffic for your device after you authenticate with it somehow. I used to do this back in the days when WEP was our only option. I ran my network wide open (since WEP is utterly pointless) but had a Linux box setting in front of it that refused to pass traffic unless I authenticated with it.
If you want to get creative you can program the firewall to redirect all unauthenticated http requests to goatse.cx instead of dropping them. That'll teach em to try and mooch off your network without permission ;)
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.