MWAHAHAHAHA!!! mOre $$$$$ to my corporate bimbo masters!!! hahahahahaha!!! More $$$$$ to the republican fund!!! wooott!!! soon we wil join forces with teh evengelical right and turn this nation into GOD worshipping dittoheads!!
If it can, then I can switch to commie-Linux and still be able to kill helpless Iraqis with tanks, apcs, planes, helicopters, and automatic infantry weapons.
Now that these devices are out there, we can't account for all of them, the same way we can't account for all those WMDs in Iraq. A solution might be to change the systems to use a different authentication method so that only authorized users could change the lights.
Weakness in Passphrase Choice in WPA Interface By Robert Moskowitz Senior Technical Director ICSA Labs, a division of TruSecure Corp
Use of PSK as the key establishment method
WPA and 802.11i provide for a Pre-Shared Key (PSK) as an alternative to 802.1X based key establishment. A PSK is a 256 bit number or a passphrase 8 to 63 bytes long. Each station MAY have its own PSK, tied to its MAC address. To date, vendors are only providing for one PSK for an ESS, just as they do for WEP keying.
When a PSK is used instead of 802.1X, the PSK is the Pairwise Master Key (PMK) that is used to drive the 4-way handshake and the whole Pairwise Transient Key (PTK) keying hierarchy. There is a straightforward formula for converting a passphrase PSK to the 256-bit value needed for the PMK.
This paper will look into the risks of using a PSK and particularly the risk associated with a passphrase-based PSK.
How the PSK is used in WPA and 802.11i
The PSK provides an easily implemented alternative for the PMK as compared to using 802.1X to generate a PMK. A 256bit PSK is used directly as the PMK. When the PSK is a passphrase, the PMK is derived from the passphrase as follows:
Where the PBKDF2 method is from PKCS #5 v2.0: Password-based Cryptography Standard. This means that the concatenated string of the passphrase, SSID, and the SSIDlength is hashed 4096 times to generate a value of 256 bits. The lengths of the passphrase and the SSID have little impact on the speed of this operation.
The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake. This is why the whole keying hierarchy falls into the hands of anyone possessing the PSK, as all the other information is knowable.
The Intra-PSK attack
The normal practice is to have a single PSK within an ESS. To generate any PTK, a device only needs to learn the two MAC addresses and nonces (and the selected ciphersuite). All of this is available in the initial exchange, from the ASSOCIATE through the 4-Way Handshake. Any device can passively listen for these frames and then generate the PTK. If the device missed these frames, it can send a DISASSOCIATE against the STA and force the STA to perform the ASSOCIATE through the 4-Way Handshake again.
Thus even though each unicast pairing in the ESS has unique keys (PTK) there is nothing private about these keys to any other device in the ESS.
The offline PSK dictionary attack
A station that does not know a passphrase-based PSK can attack it with an offline attack. This is effective for an outsider where there is a single PSK in the ESS, or an insider where there are unique PSKs.
The 802.11i standard points out that:
A passphrase typically has about 2.5 bits of security per character, so the passphrase of n bytes equates to a key with about 2.5n + 12 bits of security. Hence, it provides a relatively low level of security, with keys generated from short passwords subject to dictionary attack. Use of the key hash is recommended only where it is impractical to make use of a stronger form of user authentication. A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks.
The PTK is used in the 4-Way handshake to produce a hash of the frames. There is a long history of offline dictionary attacks against hashes. Any of these programs can be altered to use the information in the 4-Way Handshake as input to perform the offline attack. Just about any 8-character string a user may select will be in the dictionary. As the standard states, passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use.
This offline attack should be easier to execute than the WEP attacks.
Slashdot Mirror
shut the fuck off liberal bitch. i hate all you libearls and you java. turn over to the true software development, microsoft .net!!!
MWAHAHAHAHA!!! mOre $$$$$ to my corporate bimbo masters!!! hahahahahaha!!! More $$$$$ to the republican fund!!! wooott!!! soon we wil join forces with teh evengelical right and turn this nation into GOD worshipping dittoheads!!
I'M THE REAL Ann Coulter Troll. Don't u believe me? LIBEARALS EAT BABIES FOR B-FAST, LUNCH, DINNER, and D-SERT. Do you believe me now?
If it can, then I can switch to commie-Linux and still be able to kill helpless Iraqis with tanks, apcs, planes, helicopters, and automatic infantry weapons.
until this bug gets squashed by the /. effect?
Since you liberals let Osama take them away. --- AnnCoulterTroll
MICROSOFT WINS!!! HAHAHAHAHAHAHAHAHAHAHA!!!!
Liberals are shit.
Demos are liberal shits.
Poor people that vote for demos are morons.
Microsoft is all-mighty and shall be praised for its great donations to Republican party.
Linux is for communists! Real Americans use Microsoft Windows.
Now that these devices are out there, we can't account for all of them, the same way we can't account for all those WMDs in Iraq. A solution might be to change the systems to use a different authentication method so that only authorized users could change the lights.
Weakness in Passphrase Choice in WPA Interface
By Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of TruSecure Corp
Use of PSK as the key establishment method
WPA and 802.11i provide for a Pre-Shared Key (PSK) as an alternative to 802.1X based key establishment. A PSK is a 256 bit number or a passphrase 8 to 63 bytes long. Each station MAY have its own PSK, tied to its MAC address. To date, vendors are only providing for one PSK for an ESS, just as they do for WEP keying.
When a PSK is used instead of 802.1X, the PSK is the Pairwise Master Key (PMK) that is used to drive the 4-way handshake and the whole Pairwise Transient Key (PTK) keying hierarchy. There is a straightforward formula for converting a passphrase PSK to the 256-bit value needed for the PMK.
This paper will look into the risks of using a PSK and particularly the risk associated with a passphrase-based PSK.
How the PSK is used in WPA and 802.11i
The PSK provides an easily implemented alternative for the PMK as compared to using 802.1X to generate a PMK. A 256bit PSK is used directly as the PMK. When the PSK is a passphrase, the PMK is derived from the passphrase as follows:
PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)
Where the PBKDF2 method is from PKCS #5 v2.0: Password-based Cryptography Standard. This means that the concatenated string of the passphrase, SSID, and the SSIDlength is hashed 4096 times to generate a value of 256 bits. The lengths of the passphrase and the SSID have little impact on the speed of this operation.
The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake. This is why the whole keying hierarchy falls into the hands of anyone possessing the PSK, as all the other information is knowable.
The Intra-PSK attack
The normal practice is to have a single PSK within an ESS. To generate any PTK, a device only needs to learn the two MAC addresses and nonces (and the selected ciphersuite). All of this is available in the initial exchange, from the ASSOCIATE through the 4-Way Handshake. Any device can passively listen for these frames and then generate the PTK. If the device missed these frames, it can send a DISASSOCIATE against the STA and force the STA to perform the ASSOCIATE through the 4-Way Handshake again.
Thus even though each unicast pairing in the ESS has unique keys (PTK) there is nothing private about these keys to any other device in the ESS.
The offline PSK dictionary attack
A station that does not know a passphrase-based PSK can attack it with an offline attack. This is effective for an outsider where there is a single PSK in the ESS, or an insider where there are unique PSKs.
The 802.11i standard points out that:
A passphrase typically has about 2.5 bits of security per character, so the passphrase of n bytes equates to a key with about 2.5n + 12 bits of security. Hence, it provides a relatively low level of security, with keys generated from short passwords subject to dictionary attack. Use of the key hash is recommended only where it is impractical to make use of a stronger form of user authentication. A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks.
The PTK is used in the 4-Way handshake to produce a hash of the frames. There is a long history of offline dictionary attacks against hashes. Any of these programs can be altered to use the information in the 4-Way Handshake as input to perform the offline attack. Just about any 8-character string a user may select will be in the dictionary. As the standard states, passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use.
This offline attack should be easier to execute than the WEP attacks.
Using Random values for the PSK
The PSK MAY be a 256-bit (64 hexadecimal) random
HAHAHAHA, you got modded down as flamebait!! stupid moron commie LIB!!
it is full or stupid liberals!!!
It is a GREAT day to be an AMERICAN. Not a COMMIE LINUX LUSER!!!
Hahaha, commie Linux fails!! Start paying for your software you liberals!! Corporate capitalism is awesome!
-----
Dubya's shlong is much bigger than Dean's, that's why I'm voting for him.
So can someone please explain what this means?
BAHAHAHAHAHAH!
Fool! I'm here, and ready to kill liberals.