WPA Weak Key Cracker Posted

Glenn Fleishman writes "The folks at TinyPEAP released a cracking tool to break Wi-Fi Protected Access (WPA) keys. WPA is the replacement for weak WEP keys in the original 802.11b specification. Robert Moskowitz of ICSA Labs released a paper almost exactly a year ago documenting how WPA keys that were short and lacked randomnness could be subject to cracks. This tool automates the process. Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits. Some tools exist to produce better keys, including chipmaker Broadcom's SecureEZSetup (in selected hardware) and Buffalo Technologies' hardware-based AOSS for automatic key generation and propagation. Enterprise-based WPA with 802.1X doesn't have this weakness: each user gets a long WPA key that's randomly generated and uniquely assigned--and can be frequently changed during a session."

Better colours

http://shit.slashdot.org/article.pl?sid=04/11/05/2 143226 [slashdot.org]

Odds of implementation?

The odds of Joe sixpack going the extra step of making a 20 character key is not good. WiFi setups are all the rage and now can all be broken into even after you spend an hour telling someone that they have to use WEP.

Re:Odds of implementation?

WEP

Er, you mean WPA?

Re:Odds of implementation?

doh! - temporal acronym overload

I'm all for this.

Leaving my WAP wide open all the time allows experienced crackers to access all the best pr0n sites with ease via my connection. All I then have to do is check the logs and Voila! There they are! Saves me looking for them and having to wade thru the pop-ups and bogus sites!

no good excuse

there's not really any good excuse for a weak wpa key. My router will generate a random 128bit key.
Kind of funny. I have our wireless router locked down with a 128bit key and only accepting connections from mine and my roommates' MAC addresses. But one of my neighbors has a wide open access point that I can connect to whenever I wan't.
I don't really want to, but I could.

No real point to this post except that you should attempt even minimal security (Unlike my neighbor).

In addition to a cracker

I would have liked to see a tool that will verify if your chosen key is 'secure' or not.

Would have made the crack software look a little less black-hat, to the uninitiated.

Just an idea.

don't blame WPA

...if your key is asdf - the attack is based on a dictionary. This weakness relies on human nature after all.

Btw: The Tips and Tricks section of this newsletter [slashdot.org] is a good ressource if you want to create passes which are harder to guess.

What about unsecured networks?

Until people start securing their wireless networks with SOMETHING, wireless will always have a bad reputation. As nice as it would be, we aren't allowed to use wireless in office... period. BTW, I'm surfing /. from my neighbors unsecured WAP. *Sigh*

What are "short" WPA keys supposed to be?

It is easy to see, that the original poster of this story has no clue about encryption. There are several misconceptions in his posting:

1. He writes: "WPA is the replacement for weak WEP keys in the original 802.11b specification". This is wrong. "weak key" ist a crypographic term for - wonder - weak keys, like 128 bit, consisting of 1's only (1111111111111...). For like 30 years, even WEP, has taken measures to prevent this kind of keys during use. WEP's problem in fact is the deterministic generation of IV's of the keystream, not weak keys.
2. "Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits." That's also misunderstood. The PSK (pre shared key) even when not using 802.1X is always 256-bit. It's generated -from- a passphrase that you type in. A passphrase like "abc" e.g. contains less than 16 bits of security. So a WPA key generated from the passphrase "abc", although still being 256-bit, can be cracked within the time of a 16 bit brute force attack. This is done by simply generating WPA keys from all passphrases between "aaa" and "zzz". So you always use 256 bit keys (PSK's), but they can be generated from much smaller passphrases.
3. "each user gets a long WPA key". See above. The keys are always the same size of 256 bit. When using 802.1X there is only maximum "randomness". That's the difference. It think the poster still thinks that WPA works like WEP where you actually use different key lengths.

One could think that I'm very picky about his words. I think not. Especially in cryptography it is important to know exactly what part of a cryptographic chain you're talking about, when talking about weaknesses. TinyPEAP seems to be just a tool for people like the original poster and script kiddies, who are in fact NOT knowing what they are talking about. It's just a bruteforce tool to try out WPA passphrases. This is supposingly faster for people using short passphrases than bruteforcing keys directly.

Re:What Morons

Jesus christ, I hope you don't have a job in security. If all your packets are unencrypted, anybody can sniff them, see what MAC addresses are recieving traffic, and thus are on the whitelist. From there, it's a simple matter to spoof the MAC in software. This feature is built into linux, windows and OS X. The myth that MAC addresses are a universally unique identifier is dangerous and has to be dispelled.

Re:What Morons

MAC adresses are universally unique identifiers, except for a few duplicate runs in cheap-ass brand NICs.

It's just that they cannot be authenticated in any way. It's like allowing only people who claim to be you on your network, rather than people who can prove it in some way.

Re:What Morons

"ifconfig wlan0 hw ether [mac address]" sets your wlan card's mac address under Linux. There is probably a way to do so under Windows as well.

Re:What Morons

NOT really a good idea to start a thread about morons, and then act like one.

_YOUR_ wlan card may have the MAC address burned into it. Once ALL NIC did. I think it was more than 10 years ago that I saw my first NIC that DID NOT HAVE a MAC address (it was all zeroes, and expected to be set in software).

_MY_ wlan card will _CERTAINLY_ let me change the MAC address - under Linux _or_ Windows.

http://www.theboyz.biz/ [theboyz.biz]Computers, parts, electronics, small appliances and more!

Re:What Morons

you need to brute-force check each MAC adress. there are ways to make this harder in the router.

No, you don't have to do this. Once the WEP key is broken (or if there is no WEP key, just MAC filtering), you simply listen to the traffic to get a MAC address that's allowed, and use that.

Regards,
--
*Art

Re:By its nature...

Theoretically, perhaps - but how secure does it need to be? All wireless traffic in my home uses SSH tunnels between the laptop and the firewall.

When it becomes possible to conveniently crack SSH tunnels, I'll start to worry. By then, I'm sure there will be something better available. Meanwhile, you can sniff those ESP packets to your heart's content.

This is trivial under Linux, and not much more difficult under Winblows (clients), and I'm surprised more people don't suggest it as an alternative to WEP/WPA.

(My girlfriend uses Winblows w/ SSH Sentinel, and has only had one problem that rebooting wouldn't fix - in over 3 years. That one? Installing XP / SP2 turns on the [useless] firewall, which blocks the ports needed by the VPN.)

http://www.theboyz.biz/ [theboyz.biz]Computers, parts, electronics, small appliances and more!

Re:By its nature...

Looked at OpenVPN [sourceforge.net]? Seems a lot easier to configure than a VPN.

Re:By its nature...

When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.

I guess that's an understandable misconception about security. But security has by nature nothing to do with wireless or wired.

Good security is based on the principle that other people WILL have access to your encrypted data.

Unfortunately, the people that implemented security in the wireless protocols did a piss-poor job and left it vulnerable to (known!) attacks.

However, if you just ran IPSec or something over your wireless connection, you'd be fine.

This is why

This is why I setup a stand alone wifi network that when ever war-drivers discover my "wireless network" everything they visit gets redirected to goatse. The result, I've observed is usually a loud exclamation followed by the sound of screeching tires and burnt rubber.

Next i'll observe when I secretly host a wifi network near starbucks and replace everything with a small mirror of www.khaaan.com [khaaan.com].

Re:This is why

If you want to get really evil, I assure you that some twisted people are perfectly capable of dreaming up even scarier things than goatse

I don't know, hearing 20 laptops or so yelling "Khaaan! Khaaan!" I think is scarier than a penis bisection.

Re:Just name all your specific MAC addresses

ummmm how hard is it to sniff the traffic, and get the MAC addess that is allowed and then spoof it?

Re:Just name all your specific MAC addresses

How many home networks really need to allow random MAC addresses access?

How many home users know what a MAC address is?

Re:Just name all your specific MAC addresses

You're kidding right? MAC filtering provides absolutely no added security. Once the encryption is broken, spoofing a MAC address is trivial.

Asside: WEP = Wired Equivalency Protocol

As an aside to the above point, the original "WEP" stood for "Wired Equivalency Protocol." They chose that because it acknowledged that wires weren't inherently secure either. It's name didn't claim security at all... just that it was equivalent to a wire. The inside joke was that that didn't mean anything from a security standpoint either.

Re:Suggestion

From reading all the threads and flame wars going on here, it appears that WEP, WPA and even MAC address filtering is easy to crack, if someone was determined enough to do it.

Well, there are different schools of thought when it comes to SoHo/low bandwidth WAN access security.

You are attempting to lock your network down so that a potential attacker cannot use your connection. The other approach lock your network down just enough to make a cracker not want to bother and to move on to the next, easier target (ie. your neighbors' access points).

The former approach generally works just fine if your goal is to deny a potential attacker access to your network bandwidth. It won't really stop a determined attacker who isn't just in it for a free-ride but who wants to steal specific data. If that's part of your threat model, chances are wireless isn't really for you. The downside is that this is pretty inconvenient. And since convenience is the big selling point when it comes to wireless networking, most people just won't take that route.

Those people who have WEP and MAC address filtering enabled, basically want to protect themselves against random, unsophisticated wardriving. It won't help defend against a determined attacker and probably won't even scare off the teenager next door with too much time on his hands. The point isn't really to have good access security. It's just to raise the bar enough to be unatractive enough of a target. Think of it as a "I don't have to outrun the bear, I just have to outrun you" scenario.