Slashdot Mirror
Sophos Researcher Suggests Password 'Free' to Spur Wi-Fi Encryption
An anonymous reader writes "In the wake of concerns about FireSheep sniffing credentials from people using unencrypted public WiFi hotspots, a security researcher has proposed that the problem does not just lie with big websites like Facebook, but also with those who provide free wireless internet access. Chet Wisniewski, a researcher at security firm Sophos, proposes that all free WiFi hotspots should be encrypted — with the password 'free.' ''I propose standard adoption of WPA2 and a default password of "free." Whenever you wish to connect to complimentary WiFi, you select "Courtyard Marriott" or "Starbucks" like you always have, but you are then prompted for a password. Just type "free". It's not hard. In fact, operating system vendors could even program your PC to automatically try the password "free" before prompting you for a password on the assumption that you might be selecting a free service.'"
OK then "PASSWORD"
capitals matter. and don't WPA2 phrases have to be at least 8 characters?
That a security research doesn't know better than this. Encryption with a PSK is useless as far as sidejacking is concerned. There is no decent client to client encryption unless you use WPA/2 Enterprise.
To suggest otherwise is bullshit, and he should be blaming the websites who are the problem.
If you ignore ACs because they are anonymous - you're an idiot.
I'm afraid it is not that simple. You should always be wary of assuming that the rules used in your locality are universal. There are two styles in general use regarding punctuation and quotation marks. See the wikipedia entry on the subject:
In the U.S., the standard style is called American style, typesetters' rules, printers' rules, typographical usage, or traditional punctuation, whereby commas and periods are almost always placed inside closing quotation marks. This style of punctuation is common in the U.S., Canada, and in the U.K. in fiction and journalism.
The other standard style--called British style or logical punctuation--is to include within quotation marks only those punctuation marks that appeared in the quoted material, but otherwise to place punctuation outside the closing quotation marks.
Using the British style is less ambiguous in this case.
In other words, the designers of WPA2 screwed up by not using something like Diffie-Hellman to negotiate a private connection before the initial password even changed hands?
I realize this would be subject to man-in-the-middle, but that would seem to be detectable as you would get two different responses when you tried to do the initial negotiation, after which the OS should report "something's screwy with this network" and refuse to connect.
WPA designers punt the problem of establishing initial session encryption key to EAPOL. Designers of EAP applications can use whatever authentication protocol and crypto bindings between layers that they want.
DH is pointless in the case you point out because it would be trivial to operate as you point out a middle man to circumvent. For a "This is screwy" response to be possible it would require some prior knowledge to establish a trust relationship between systems. Encryption without trust is less than useless.
There are so many ways this suggestion is wrong, it is not even funny.
TFA says WPA2 negotiates unique encryption keys with every computer that connects to it. This means you and I cannot spy on one another's traffic even when sharing access on the same access point. That's true, but anyone who can listen to the exchange and know the shared key will be able to learn the key. Plus, there is a very neat man in the middle attack.
Suppose that I am an evil sheep herder near a Starbuck cafe. Nothing prevents me from broadcasting a Wi-Fi beacon that announces that I am running a Starbuck access point. Here comes the sheep, who is really happyto see that the connection is secure. Hey, he used WPA2 and the "free" password, his packets are encrypted. Except they are all coming to my laptop. Oops!
The client has the keys only to decrypt traffic targeted to the client, not to other clients.
It is easy to bypass though by capturing a four-way handshake. A fake authentication can be used in order to have a client go though it again.
Uhmm, maybe Sophos should invest in security training of their staff before they start selling supposed security products.
He's neither a researcher (someone who works in the virus labs) nor an engineer (someone involved in development of our endpoint or management products). He's in sales. Nothing to see here people, move along.
Posting anonymously because I work there.
Most of the Wifi systems are negotiating a random session key and using the password to authenticate it, so that's doing pretty much what you want.
However, they were mostly designed with the assumption that the objective is to prevent unauthorized access, not to protect the contents of the communications from eavesdropping, so the only way you can get encrypted sessions is to have password control, which is too bad.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Nevermind, read more posts and my question was answered.
On a WPA2 network, a user cannot eavesdrop on another user despite having the same key, because a unique handshake is performed when each user connects. Without the data that was passed in the handshake, an eavesdropper has no way of decrypting your traffic.
They can, however, force your connection to be reset, and when you reconnect they can capture the handshake. With the data that was passed in the handshake, they can decrypt all of your traffic.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Because they screwed up: http://wiki.wireshark.org/HowToDecrypt802.11
"WPA and WPA2 use keys derived from an EAPOL handshake to encrypt traffic. Unless all four handshake packets are present for the session you're trying to decrypt, Wireshark won't be able to decrypt the traffic. You can use the display filter eapol to locate EAPOL packets in your capture. "
So if all four handshake packets are there (there are ways to help ensure you see them ;) ), you can crack WPA2 PSK, today with wireshark.
And both the PSK and "Enterprise" mode are apparently vulnerable to this: http://www.airtightnetworks.com/wpa2-hole196
So Mr "Senior Security Advisor at Sophos Canada" doesn't know what he's talking about. It's not so simple as just typing "free" (since no username is mentioned, I think he means the very broken PSK modes and not the less broken Enterprise modes).
I blame the WiFi standards bunch.
Because WPA2 generated per session keys.
Although everyone connecting would use same password (in this instance free).
Each session key would be unique and thus would prevent snooping.
Theoretically one could redesign WPA (WPA3) to have a passwordless mode where traffic is still encrypted however no password is needed. This is simply a "could work today" modification of existing protocol.