Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Improvements On the Attacks On WPA/TKIP

Posted by timothy on from the feelin'-nervous dept.

olahau writes "Two weeks ago, improvements to the previously reported attack on WPA/TKIP, were presented at the NorSec Conference in Oslo, Norway. In their paper coined 'An Improved Attack on TKIP,' Finn Michael Halvorsen and Olav Haugen describe the improvements, which enable an attacker to inject larger, maliciously crafted packets into a WPA/TKIP protected network, thus opening the probabilities for new and more sophisticated attacks against the well-established wireless security protocol."

6 of 166 comments (clear)

  1. Does anyone know... by Lord+Ender · · Score: 3, Insightful

    Why did they invent a (well, multiple) new encryption algorithm(s) for WiFi? Any competent security specialist will tell you that using an established encryption algorithm is always the wise choice. Did the people behind WiFi simply lack competence? Not Invented Here?

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    1. Re:Does anyone know... by tecker · · Score: 2, Insightful
      Well. This attack is used on the less robust TKIP protocol. AES is much stronger. Here is the break down (from my memory weakest to strongest):
      1. WEP
      2. WPA/TKIP
      3. WPA/AES
      4. WPA2/TKIP
      5. WPA2/AES

      WEP Came first. It was one of those "oh we need security" bits. It's about what you would have on a wired network. Yea, no, not really. Broadcast != Hardwire so that quickly began being broken. Collisions were found. Time for something stronger

      WPA came next but it was a bit advanced and all of these older machines didn't have really good processing in them and AES was a bit to intensive so the came up with WPA/TKIP. Lighter encryption but the old devices could pull it. WPA/AES came out around the same time and was stronger but the encryption had a bigger processing overhead.

      Then WPA2 (802.11i) came about with further layers and was what really should have been from the start. Backwards compatibility was a problem here and key to adoption. TKIP stayed as some machines didn't take AES very well. WPA2+AES was the real place most will tell you to be. The whole multiple things was just getting protection out there on a technology that was rapidly falling apart.

      Here is an analogy. US went to war with nearly unprotected Humvees (WEP). They worked well and they did their job. But attackers just blew right through it. So in an effort to get things locked down they welded plates of metal on the Humvee (WPA) some machines could handle more (AES) some less (TKIP). The military went back and developed a new technology similar to the quick field fix and came up with the Armored Humvee (WPA2) with good protection all around and made it standard (802.11i). Still defeatable but it can take a lot more.

      There. I'm sure it would have been easier to find a wikipedia article and link to that but I was bored.

      --
      Procrastinating life a way at a rapid rate of speed.
  2. Re:Does that mean... by Anonymous Coward · · Score: 4, Insightful

    WEP is better? Has it always been better?

    Sure, keep using WEP. 128-bit WEP takes a very long time to break. Somewhere on the order of 15-30 minutes, in my experience.

  3. Re:Does that mean... by jhfry · · Score: 2, Insightful

    When I set up a wifi router for someone I always simply generate a random string of letters numbers and special characters then I write it down and stick it to the router.

    I figure that you can't get more secure and its not exactly something they need to remember because they type it every day.

    --
    Sometimes the best solution is to stop wasting time looking for an easy solution.
  4. Re:Does that mean... by mrcaseyj · · Score: 2, Insightful

    Example: The Lord of the Rings is the Greatest Series Ever Written

    TLotRitGSER This is actually a decent-security password, you've got decent length, 11 characters, and some upper/lower goodness.

    I'd suggest just using the whole sentence. It would have at least as much entropy and would be more resistant to simple brute force breakage.

    And I'm considering giving up on upper case in passwords. The lower case alphabet requires about 5 bits to encode, while adding uppercase only requires one more bit. I suspect that just making the password 25% longer would be about as easy to remember, and a lot faster to type.

  5. Re:Does that mean... by bdo19 · · Score: 2, Insightful

    The people who are most likely to try to break into your internet are people you know and especially people you live and/or work with.

    This may be true, but these are NOT the people a WPA password is supposed to protect you from. If they have access to your drawer, and they intend to do your harm, your WPA password is the least of your worries. And, if they already have physical access, then they don't need your WPA password to "break into your internet" anyway.

    If we were talking about an online banking password that someone could steal from your drawer and use to empty your account, then I might agree with you (although the same idea applies, that there are probably much more dangerous things in that drawer already). But wireless network encryption is only capable of protecting against someone who doesn't already have physical access anyway. So how is it not a good choice to make that a secure password that's written down and filed away?

    Yes, people lose perspective in computer security.