Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Crack WPA Wi-Fi Encryption

CmdrTaco posted more than 5 years ago | from the now-they'll-know-my-secrets dept.

Security 311

narramissic writes "Researchers Erik Tews and Martin Beck 'have just opened the box on a whole new hacker playground, says Dragos Ruiu, organizer of the PacSec conference. At the conference, Tews will show how he was able to partially crack WPA encryption in order to read data being sent from a router to a laptop. To do this, Tews and Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes. They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack. 'Its just the starting point,' said Ruiu."

cancel ×

311 comments

Meh (5, Interesting)

Anonymous Coward | more than 5 years ago | (#25661943)

Cat5

Re:Meh (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#25662369)

You can listen in on both fiber and cat5 if you have physical access.

Re:Meh (1, Insightful)

Anonymous Coward | more than 5 years ago | (#25662511)

You can listen in on both fiber and cat5 if you have physical access.

Captain Obvious strikes again!

Re:Meh (3, Insightful)

Anonymous Coward | more than 5 years ago | (#25662719)

What you say is true, but you make it sound like obtaining physical access is trivial. In many cases it's not. On the other hand, obtaining unauthorized access to wireless networks is easy, cheap, and relatively safe (as in risk-free).

BTW, CAPTCHA -- "burglars".

Re:Meh (2, Funny)

von_rick (944421) | more than 5 years ago | (#25662869)

Of course you can.

If you want to take it to its logical conclusion, you can make that person hand you all his passwords and personal information if you storm into his house swinging a baseball bat or a samurai sword. I have seen some hollywood movies where the the president hands over the codes to national treasury to criminal masterminds who threaten to detonate nuclear bombs in metropolitan areas during some ceremonial parade -- that is until the retarded hero (usually Bruce Willis) shows up.

Meh (1)

0100010001010011 (652467) | more than 5 years ago | (#25662759)

arpspoof

Re:Meh (0)

Anonymous Coward | more than 5 years ago | (#25663097)

Albuquerque ... see I can do it too ...snorkel

Ha ha ha ha (3, Funny)

Anonymous Coward | more than 5 years ago | (#25661945)

All your AP are belong to us.

You have no chance to survive make your time.

'Story' tag (2, Interesting)

Anonymous Coward | more than 5 years ago | (#25661973)

What's up with the 'story' tag? Perhaps we should also tag this 'words'?

Re:'Story' tag (5, Informative)

Hurricane78 (562437) | more than 5 years ago | (#25662431)

Valid question.

Well, if a story comes from the firehose, it gets tagged "story", because it became a story. And If it didn't, it gets tagged "!story".

Re:'Story' tag (1, Informative)

spud603 (832173) | more than 5 years ago | (#25662597)

I know this is meta discussion, but i wish i had mod points. +1 informative

Re:'Story' tag (0)

Anonymous Coward | more than 5 years ago | (#25662659)

Follow up question: Why do we need to see this?

In Soviet Russia... (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25661991)

WPA Wi-fi encryption cracks you!

Who uses TKIP instead of AES? (5, Interesting)

LibertineR (591918) | more than 5 years ago | (#25661995)

Is AES not the more secure of the two? From everything I have read, AES is the preffered option over TKIP.

Re:Who uses TKIP instead of AES? (5, Informative)

kannibal_klown (531544) | more than 5 years ago | (#25662033)

Is AES not the more secure of the two? From everything I have read, AES is the preffered option over TKIP.

I recall seeing some AP setups where TKIP was the default scheme.

In the wide spectrum of Luddite to Novice to Hobbyist to Professional there are probably a bunch of users that might know enough to use WPA (perhaps from prodding from friends) and use the default settings with a key (either random or a passphrase).

Hahaha! (5, Funny)

u38cg (607297) | more than 5 years ago | (#25662043)

I use WEP!

Re:Hahaha! (5, Funny)

PotatoFarmer (1250696) | more than 5 years ago | (#25662205)

We know. By the way, do you think you could talk your ISP into increasing your download bandwidth?

Re:Hahaha! (2, Funny)

Lisandro (799651) | more than 5 years ago | (#25662737)

So you are the one slowing down my torrents...

Re:Hahaha! (2, Funny)

blhack (921171) | more than 5 years ago | (#25662499)

Yeah, and I run an open access point with the SSID hidden called "secret_awesome".

I feel like its the least I can do to help any new geeks in the area :).

Re:Hahaha! (4, Funny)

russotto (537200) | more than 5 years ago | (#25662741)

Yeah, and I run an open access point with the SSID hidden called "secret_awesome".

I run one called "man_in_the_middle". Best pay attention to those certificate warnings when you're using it.

Re:Who uses TKIP instead of AES? (2, Interesting)

prayag (1252246) | more than 5 years ago | (#25662129)

I have a lot of problem connecting my XP box with AES encryption. If I use 3rd party, may be I could've but I changed my encryption to TKIP and it worked fine.

So... There you go !!!

Re:Who uses TKIP instead of AES? (1)

chrisgeleven (514645) | more than 5 years ago | (#25662155)

AES is more secure, so use it whenever possible.

I don't know if WPA with AES has been cracked yet.

Personally, I use WPA2 with AES.

Re:Who uses TKIP instead of AES? (1)

Vancorps (746090) | more than 5 years ago | (#25662713)

How often do you run into users that can't connect? I've been stuck with WEP for a long time just because of the number of devices that don't support WPA.

802.1x with PEAP against WEP isn't terrible although certainly not great. Only recently I've got 802.1x with PEAP using WPA and TKIP. AES support is still rather lacking although getting better. In another year I think I can jump to WPA2 with AES. Currently it's frustrating given that I support WIFI phones on a separate network that I'm forced to use WEP with. It's doesn't provide Internet access, only access to the phone server so the risk is minimal but still not what I'd like.

Re:Who uses TKIP instead of AES? (4, Informative)

Anonymous Coward | more than 5 years ago | (#25662265)

For the longest time, XP didn't come with AES/WPA support. You'd have to add this patch: http://www.microsoft.com/downloads/details.aspx?familyid=662BB74D-E7C1-48D6-95EE-1459234F4483&displaylang=en [microsoft.com]

I'm not sure if this was rolled into a newer SP. Many people couldn't access a WPA2 AP so manufacturers chose to just enable WPA as there was less chance of incompatibility.

In my apartment complex, I'm one of two people who have WPA2 enabled. I'm the only one who has only WPA2 enabled.

Heh, the captcha word is "paranoia".

Re:Who uses TKIP instead of AES? (3, Informative)

AndrewNeo (979708) | more than 5 years ago | (#25662575)

Service Pack 3 does indeed enable WPA2 and AES support.

Re:Who uses TKIP instead of AES? (2)

blincoln (592401) | more than 5 years ago | (#25662961)

The Xbox 360 wireless adapter still doesn't support WPA2 (even though the manual says it does), which is why I have my wireless router set to WPA instead. Thanks MS!

Re:Who uses TKIP instead of AES? (5, Informative)

rpmayhem (1244360) | more than 5 years ago | (#25662503)

In short, yes, AES is more secure than TKIP.

WPA and TKIP was really just a stepping stone to get people off WEP and heading toward WPA2 and AES. Wireless hardware built to run WEP didn't have the processing power to run AES (I think it needed a separate crypto processor just for AES). So they made the WPA standard run TKIP so current WEP hardware was able to use a better security setup. It was all intended to move everyone to WPA2 with AES after everyone had bought newer wireless cards and routers.

Interestingly, this means if you have hardware that only supports WEP, and the vendor doesn't offer WPA support, it's because they are too lazy to implement it (or want you to buy the new stuff). The hardware can handle it, they just need to add it to the firmware. My work had some handheld units like this. We had to buy all new units.

Re:Who uses TKIP instead of AES? (5, Informative)

sempernoctis (1229258) | more than 5 years ago | (#25662803)

TKIP is not a cipher; it is a keying protocol. When you use TKIP, the actual cipher you are using is called RC4, which is older and has more known vulnerabilities than AES. It is also the cipher typically used by WEP, though the keying protocol WEP uses contains additional vulnerabilities. TKIP basically takes RC4, which was designed to encrypt a single stream of data, and creates a protocol around it for sending arbitrary packets, which may not be reliably delivered. WPA2 provides a more secure way to similarly wrap the AES cipher, but retains support for TKIP/RC4 for legacy devices.

Re:Who uses TKIP instead of AES? (1)

nobodylocalhost (1343981) | more than 5 years ago | (#25662853)

Rijindael is still not good enough... they need to offer 256 bit twofish and serpent for WPA.

Re:Who uses TKIP instead of AES? (5, Informative)

dohnut (189348) | more than 5 years ago | (#25662863)

AES and TKIP are not apples to apples. AES is an encryption algorithm. TKIP basically handles the keys that the encryption algorithm uses.

A better apples to apples comparison would be between the encryption algorithms (RC4 and AES) or the key managers (TKIP and CCMP).

Generally, WPA uses TKIP/RC4 and WPA2 (802.11i) uses CCMP/AES.

WPA (TKIP/RC4) was supposed to be a bridge between WEP and WPA2. WPA used RC4 (just like WEP) but enhanced (TKIP) in order improve security while using existing (WEP/RC4) hardware.

WPA2 has always been considered more secure than WPA on paper though until this there has never been a documented exploit for either of them.

Re:Who uses TKIP instead of AES? (5, Informative)

JackHoffman (1033824) | more than 5 years ago | (#25662867)

AES is a cypher. TKIP is a protocol, the Temporal Key Integrity Protocol, to be precise. The cypher used by WEP and WPA/TKIP is RC4. TKIP is what keeps changing the RC4 key to avoid the attacks on WEP, for which the attacker needs to collect many packets which have been encrypted with the same key. TKIP was invented to salvage older hardware, which only implemented the RC4 cypher.

It is important to know that WEP's weakness is not simply a vulnerable cypher, but a vulnerability of the crypto system. The announcement states that the attack on WPA/TKIP does not actually crack the key, so this too looks like a vulnerability of the crypto system. That highlights the importance of crypto system design. You can't just take a "secure" cypher and be done with it. The protocol surrounding that cypher is just as important.

Re:Who uses TKIP instead of AES? (1, Funny)

Anonymous Coward | more than 5 years ago | (#25663027)

I herd you liek TKIPs

Re:Who uses TKIP instead of AES? (1)

fuego451 (958976) | more than 5 years ago | (#25663099)

Isn't that choice limited by hardware and driver? With my asus adapter and the rt73 driver, I don't recall having any other option than TKIP. Also, similar attacks were started on AES [schneier.com] shortly after it arrived on the scene.

Quickly! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25662031)

Find a way to spin this to make a lack of Open Standards the reason for the breach. Oh, wait...

It's a ploy! (3, Interesting)

dmomo (256005) | more than 5 years ago | (#25662045)

OMG! We need routers w/ better encryption. Buy router company and encryption company stocks! Everyone run out to Best Buy and get a new router.

Or, it just might be a real problem. /crumples tinfoil hat and pouts.

WPA2 is NOT broken (4, Informative)

fractalus (322043) | more than 5 years ago | (#25662057)

Just WPA. WEP was already hideously broken but now WPA should also be considered broken. WPA2 is still safe.

Although, if you really have data you're concerned about keeping safe, you should (a) use a wired network, (b) use IPSEC, or (c) both.

Re:WPA2 is NOT broken (0)

Anonymous Coward | more than 5 years ago | (#25662125)

This is just another example of why people should not try to invent their own encryption schemes (eg. TKIP).

WPA2 should be secure because it uses a good proven (so far) encryption scheme (AES). The only way to break WPA2 would be if there is some protocol weakness other than the encryption.

Re:WPA2 is NOT broken (2, Insightful)

Quantos (1327889) | more than 5 years ago | (#25662147)

It never ceases to amaze me that people want to trust wireless devices for secure purposes, anything that is sent through the air can be captured and worked on. But are wired solutions really anymore secure? I mean can't packets that go out still be captured and worked on?

Re:WPA2 is NOT broken (4, Insightful)

Anonymous Coward | more than 5 years ago | (#25662283)

It never ceases to amaze me that people want to trust wireless devices for secure purposes, anything that is sent through the air can be captured and worked on. But are wired solutions really anymore secure? I mean can't packets that go out still be captured and worked on?

Using a wired connection over a wireless connection MINIMIZES the number of people who can look at the packets.

After all sending data wirelessly gives anyone in the wireless device's area a chance to catch the packets as well as anyone that would normally have a shot on it via wired connection.

You're still going to hit a router somewhere and be wired back in eventually, anyway.

Wireless is foremost a technology of convenience rather than security.

Re:WPA2 is NOT broken (0)

Anonymous Coward | more than 5 years ago | (#25662427)

Wired packets can be captured, but they require physical access to the cabling.

In a large wired network, it's not difficult to install a packet sniffer without being noticed, because there are often many legitimate reasons for a person to be accessing the physical cabling at various points. It's still slightly more secure than wireless, but not very much.

However, you don't let just anyone waltz into your house and start connecting devices to your home network. So wired is far more secure than wireless in the home, simply because the access to physical cabling is highly controlled. Go figure.

Re:WPA2 is NOT broken (4, Funny)

sexconker (1179573) | more than 5 years ago | (#25663069)

Nerds like to sit.
You can sniff packets while sitting just about anywhere. In your kitchen. In your car. On the crapper.
To tap a line, you usually have to get up, and you often have to use some archaic toolset like Screw.Driver or Flash.Light that you haven't supported since 3 forks ago.

Re:WPA2 is NOT broken (2, Insightful)

Thelasko (1196535) | more than 5 years ago | (#25662213)

Great, now any new hardware I buy will be incompatible with my old hardware, again!

Re:WPA2 is NOT broken (3, Insightful)

bryanp (160522) | more than 5 years ago | (#25662217)

Although, if you really have data you're concerned about keeping safe, you should (a) use a wired network, (b) use IPSEC, or (c) both.

Yep. I'm getting some remodeling done on my house right now. Some of my friends think I'm weird because I'm pulling cat5e around the house when everything I use is already working find with WPA2. (Tivo, PS3, etc..). It's only a matter of time before someone breaks WPA2, but by then I plan to have turned wireless off.

Re:WPA2 is NOT broken (1)

Applekid (993327) | more than 5 years ago | (#25662361)

I'm in the same boat of wanting to transition away from wireless after tasting it's sweet sweet succulence... except I'm not remodelling a house. Sure I currently use wireless just for gaming and Tivo but I would hate that leisure network to get compromised and then provide access to my computers where the real neat stuff lives.

I know /. has to know of good resources to retrofit an existing prebuilt house with wire without me having to rip out all my walls, leave tripping obstacles all around the mouse, or drop wires from the ceiling airducts like some kind of SWAT team rapelling operation. Anyone?

Re:WPA2 is NOT broken (0)

Anonymous Coward | more than 5 years ago | (#25662439)

HomePlug: Ethernet over electricity wires.

Depending on the wiring in your house, you can get quite good bandwidths.

Re:WPA2 is NOT broken (1)

Joe U (443617) | more than 5 years ago | (#25662547)

This is slashdot, does this play well with x10?

Re:WPA2 is NOT broken (1)

Unending (1164935) | more than 5 years ago | (#25662897)

until someone plugs into one of the plugs on the outside of your house and hijacks your network...

Re:WPA2 is NOT broken (1)

bryanp (160522) | more than 5 years ago | (#25662809)

I'm not ripping the walls out, nothing that ambitious. It's more a case of "We're ripping up carpet to put down laminate. Well, while the room is empty let's paint it. If I'm going to do that I might as well pull some speaker wire through the attic for some surrounds in the living room." While I'm at it I'm pulling cat5e through the attic and fishing it through the walls in a couple of key locations. If you're not comfortable doing that, then hire a local handyman type of person. In the current economy they need little jobs too.

Re:WPA2 is NOT broken (3, Informative)

lostfayth (1184371) | more than 5 years ago | (#25663011)

Fairly easy, if you have a basement or attic (crawlspace) where you can drop wire. Cut a hole for an "old work" electrical box [hammerzone.com] , and drill a hole in attic or basement to run the wire through. Run a fish wire through the hole in the attic/basement, and to the larger hole in the wall to pull some cat5 through, then run the wire to where you need it. Terminate and enjoy.

Gets a little more tricky in multi-story houses or those without attic/basement, but that's the basic idea.

Re:WPA2 is NOT broken (5, Informative)

Hatta (162192) | more than 5 years ago | (#25663121)

Go to the attic, you'll have access to the insides of the walls from above. Drop a chain with a weight down an interior wall (so there's no insulation in the way). Cut a hole in the drywall for your ethernet jack. Guide the weight to the hole, a strong magnet(perhaps from a hard drive) can help here. Then just attach your cat5 to the end of the chain, go back to the attic and pull it up. You can run the cat5 across the entire house in the attic and not worry about people tripping on it or anything. It's kind of shitty work, but it's doable if you're just a little bit handy.

Re:WPA2 is NOT broken (1)

Just Some Guy (3352) | more than 5 years ago | (#25662555)

Yep. I'm getting some remodeling done on my house right now. Some of my friends think I'm weird because I'm pulling cat5e around the house when everything I use is already working find with WPA2. (Tivo, PS3, etc..).

The only reason you need: "they don't sell gigabit wireless equipment at Newegg yet."

It's only a matter of time before someone breaks WPA2, but by then I plan to have turned wireless off.

Why? I've taken the approach of assuming my WLAN is compromised and throwing it wide open. Wanna connect? Hop on! You can't really do anything but surf the web and try to connect to my mailserver (via enforced TLS and with a username/password), but I won't stop you.

Re:WPA2 is NOT broken (1)

dnoyeb (547705) | more than 5 years ago | (#25662887)

It stands to reason that ethernet will always be much much faster than wireless.

My wireless is not wide open, but I consider it insecure. Its firewalled off so the only thing accessible is the internet. I do allow ssh into my local network, and I also have a music server accessible over wireless. Just until I run the CAT5 to my stereo.

Re:WPA2 is NOT broken (5, Insightful)

Ralish (775196) | more than 5 years ago | (#25662629)

I have a hard time seeing the point of this, and the rationale behind other similar moves. Here's why:

Firstly, advances in computing power and security research are always going to result in security schemes being broken, but these broken security mechanisms will always be replaced and improved. Provided you keep up to date with current security practices, and as a Slashdot reader, I assume you can and will, you're really not in any danger at all.

Further, there's numerous other security options you can enable both at the wireless level and the network level to further protect your network, alongside good security practices with existing WPA2 (e.g. maximum length WPA key consisting of random characters and numbers). For example, MAC Address whitelisting, a strong password on the AP, and enabling AP configuration changes to occur only through wired connections. A half decent wireless AP should expose all of these options.

This is more than enough to deter all but the most dedicated hacker. I'm not going to pull random statistics out of my behind, but I would wager that only a ridiculously tiny amount of wireless intrusions are done by experienced hackers, and experienced hackers tend to have an agenda beyond "leeching your tubes". The above security options, if all enabled and correctly configured (as in my home network) goes above and beyond what is required to stop the casual or even experienced war driver in their tracks.

But let's say that somehow, they do manage to break your wireless security. Well, if your network is properly set up, they now have another round of security to get through that should be even tougher. Here, digital signing and encryption of all network communications between Windows machines on the domain is required by policy, no exceptions. This is one example of many.

If someone out there is really willing to go to all that effort to break into your HOME network and access your personal data, you have VERY serious problems. From a corporate network perspective, of course, things might be entirely different.

Bottom line: I have a hard time seeing the point of abandoning wireless due to security concerns in home networks, as a properly secured wireless network and home network will easily defeat all but the most determined and skilled hackers.

And finally, why did you buy into wireless at all in the first place if you were so concerned about security? Everyone knew that WEP was rubbish before it was even cracked (which didn't take long). WPA was a vast improvement over WEP, but even it had its flaws, and this was also well known among those concerned. I find it strange that you're getting out of wireless now, when a look at the whole picture shows that wireless security has improved immensely since the initial takeup of wireless. The real problem is people not moving to these new security setups, and staying with WEP or worse.

Re:WPA2 is NOT broken (1)

ColdWetDog (752185) | more than 5 years ago | (#25662981)

Excellent points. But you forgot the part about attempting to subvert one or more of the standing governments and / or economies from the average slashdotter's basement.

That's dangerous work, friend. Can't be too careful.

Oh, and you can't let your mom find out about your porn. She and her friends could be snooping around at this very moment!

Re:WPA2 is NOT broken (4, Insightful)

Abcd1234 (188840) | more than 5 years ago | (#25662781)

Some of my friends think I'm weird because I'm pulling cat5e around the house when everything I use is already working find with WPA2.

You are weird if you're doing that because of security concerns. Here's a hint: no one cares about your wireless network. No, really, they don't.

That said, given how flakey wireless can be, running cable is only sensible, particularly given it makes it easy to run additional telephones, etc, as well.

Re:WPA2 is NOT broken (2, Insightful)

Hatta (162192) | more than 5 years ago | (#25662997)

You are weird if you're doing that because of security concerns. Here's a hint: no one cares about your wireless network. No, really, they don't.

Joe the Pedo cares a lot about getting free untraceable internet access. I care a lot about not getting my house raided because someone abused my network.

Re:WPA2 is NOT broken (1, Insightful)

Anonymous Coward | more than 5 years ago | (#25662797)

What, is your town out of cat6?

Re:WPA2 is NOT broken (1)

maxume (22995) | more than 5 years ago | (#25662805)

What are you protecting?

Are you slowly moving away from glass windows to steel shutters? The first is generally more convenient and has features the second lacks, all while being less secure.

Re:WPA2 is NOT broken (4, Informative)

Hatta (162192) | more than 5 years ago | (#25662909)

Don't install cat5, install conduit. Then you can pull whatever you want, wherever you want, at any point in the future with ease.

Re:WPA2 is NOT broken (1)

DerWulf (782458) | more than 5 years ago | (#25663157)

I don't think it's weird at all. Wireless sucks a donkey's ball, even apart from the security problems. Even if it works now and you happen to be one among a million who don't get regular disconnects / latency spikes / speed issues it doesn't take much to cause enough interference to screw it up. One rogue device or the wrong material in the walls can be enough. If at all possible I'd always go for a wired solution ...

Re:WPA2 is NOT broken (1)

odourpreventer (898853) | more than 5 years ago | (#25662569)

Are we talking about different levels of WPA here? A friend of mine cracked WPA almost a year ago, using a linux box with freely available cracking software. I don't remember the details now, but I think he needed to be listening while someone logged in and then was online for at least half an hour.

Re:WPA2 is NOT broken (1, Informative)

Anonymous Coward | more than 5 years ago | (#25662821)

That will have been via brute forcing the handshake, though any passphrase based authentication method is going to be vurnrible from a method such as this.

Re:WPA2 is NOT broken (1)

D Ninja (825055) | more than 5 years ago | (#25662715)

Although, if you really have data you're concerned about keeping safe, you should not use the Internet at all.

There, fixed that for you.

Is it just me... (5, Insightful)

Jazz-Masta (240659) | more than 5 years ago | (#25662075)

or is anything worth protecting worth using CAT5 on?

Most banks and government institutions don't use WIFI because of the security vulnerabilities. Granted CAT5 doesn't have have security to access (like wifi tkip/aes key), but it is physically secure, which is at the same level of security as the physical machines themselves.

I find WIFI performance and coverage to be dodgy at best. It's an absolute pain to support.

Re:Is it just me... (2)

H0p313ss (811249) | more than 5 years ago | (#25662421)

or is anything worth protecting worth using CAT5 on?

The truly paranoid use fiber. Google "TEMPEST security" for hours of fun. (Tinfoil hat is optional.)

Re:Is it just me... (2, Interesting)

digitalchinky (650880) | more than 5 years ago | (#25662945)

You bend fiber just right and you can sense and demodulate the data stream. Unfortunately the act of doing this can also be detected since it causes signal degradation. This doesn't imply that detection is always going to happen though.

Re:Is it just me... (1)

ServerIrv (840609) | more than 5 years ago | (#25662643)

Any time I'm using a wireless connection I immediately connect to a VPN (ssh tunnel or OpenVPN) and tunnel all of my traffic through there. From a users standpoint, you then don't care if you connect to a utterly suspect WEP AP or now a maybe secure WPA AP. You can double bag the connection if you don't trust any intermediary nodes. Unless you encrypt the data (not just the connection), you have to trust that the nodes after your VPN connection are OK. If you don't trust, encrypt; once your data is in the wild, all bets are off.

Here is an example of why end-to-end encryption is needed. Say you connect to your email server using an encrypted connection, but you do not actually encrypt the message. You send your "top secret" email to your buddy. Your email server then sends your top secret email in plain text to the intended email server, and then your buddy retrieves the email, potentially without a secure connection. So for two out of the three legs of the journey, who knows if someone is reading your email along the way.

Re:Is it just me... (0)

0100010001010011 (652467) | more than 5 years ago | (#25662793)

It's like double bagging with slutty chick.

creators planet/population rescue kode foolproof (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25662077)

they know how we are, & choose to help us anyway.

greed, fear & ego (in any order) are unprecedented evile's primary weapons. those, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' life0cidal hired goons' agenda. most of yOUR dwindling resources are being squandered on the 'wars', & continuation of the billionerrors stock markup FraUD/pyramid schemes. nobody ever mentions the real long term costs of those debacles in both life & any notion of prosperity for us, or our children. not to mention the abuse of the consciences of those of us who still have one. see you on the other side of it. the lights are coming up all over now. the fairytail is winding down now. let your conscience be yOUR guide. you can be more helpful than you might have imagined. we now have some choices. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

we note that yahoo deletes some of its' (relevant) stories sooner than others. maybe they're short of disk space, or something?
http://news.yahoo.com/s/ap/20081106/ap_on_go_ca_st_pe/meltdown_who_pays;_ylt=A2KIR3MR9hJJ3YkAGhms0NUE
http://news.google.com/?ncl=1216734813&hl=en&topic=n
http://www.cnn.com/2008/TECH/science/09/23/what.matters.thirst/index.html
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A
(deleted)http://news.yahoo.com/s/ap/20080918/ap_on_re_us/tent_cities;_ylt=A0wNcyS6yNJIZBoBSxKs0NUE
http://www.nytimes.com/2008/05/29/world/29amnesty.html?hp
http://www.cnn.com/2008/US/06/02/nasa.global.warming.ap/index.html
http://www.cnn.com/2008/US/weather/06/05/severe.weather.ap/index.html
http://www.cnn.com/2008/US/weather/06/02/honore.preparedness/index.html
http://www.cnn.com/2008/TECH/science/09/28/what.matters.meltdown/index.html#cnnSTCText
http://www.cnn.com/2008/SHOWBIZ/books/10/07/atwood.debt/index.html
http://www.nytimes.com/2008/06/01/opinion/01dowd.html?em&ex=1212638400&en=744b7cebc86723e5&ei=5087%0A
http://www.cnn.com/2008/POLITICS/06/05/senate.iraq/index.html
http://www.nytimes.com/2008/06/17/washington/17contractor.html?hp
http://www.nytimes.com/2008/07/03/world/middleeast/03kurdistan.html?_r=1&hp&oref=slogin
(deleted, still in google cache)http://biz.yahoo.com/ap/080708/cheney_climate.html
http://news.yahoo.com/s/politico/20080805/pl_politico/12308;_ylt=A0wNcxTPdJhILAYAVQms0NUE
http://www.cnn.com/2008/POLITICS/09/18/voting.problems/index.html
(deleted)http://news.yahoo.com/s/nm/20080903/ts_nm/environment_arctic_dc;_ylt=A0wNcwhhcb5It3EBoy2s0NUE
(talk about cowardlly race fixing/bad theater/fiction?) http://money.cnn.com/2008/09/19/news/economy/sec_short_selling/index.htm?cnn=yes
http://us.lrd.yahoo.com/_ylt=ApTbxRfLnscxaGGuCocWlwq7YWsA/SIG=11qicue6l/**http%3A//biz.yahoo.com/ap/081006/meltdown_kashkari.html
http://www.nytimes.com/2008/10/04/opinion/04sat1.html?_r=1&oref=slogin
(the teaching of hate as a way of 'life' synonymous with failed dictatorships) http://news.yahoo.com/s/ap/20081004/ap_on_re_us/newspapers_islam_dvd;_ylt=A0wNcwWdfudITHkACAus0NUE
(some yoga & yogurt makes killing/getting killed less stressful) http://news.yahoo.com/s/ap/20081007/ap_on_re_us/warrior_mind;_ylt=A0wNcw9iXutIPkMBwzGs0NUE
(the old bait & switch...your share of the resulting 'product' is a fairytail nightmare?)
http://news.yahoo.com/s/ap/20081011/ap_on_bi_ge/where_s_the_money;_ylt=A0wNcwJGwvFIZAQAE6ms0NUE

  it's time to get real now. A LOT of energy/resource has been squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, many of US don't know, or care what a precarious/fatal situation we're still in.

http://www.google.com/search?hl=en&q=weather+manipulation&btnG=Search
http://video.google.com/videosearch?hl=en&q=video+cloud+spraying

'The current rate of extinction is around 10 to 100 times the usual background level, and has been elevated above the background level since the Pleistocene. The current extinction rate is more rapid than in any other extinction event in earth history, and 50% of species could be extinct by the end of this century. While the role of humans is unclear in the longer-term extinction pattern, it is clear that factors such as deforestation, habitat destruction, hunting, the introduction of non-native species, pollution and climate change have reduced biodiversity profoundly.' (wiki)

"I think the bottom line is, what kind of a world do you want to leave for your children," Andrew Smith, a professor in the Arizona State University School of Life Sciences, said in a telephone interview. "How impoverished we would be if we lost 25 percent of the world's mammals," said Smith, one of more than 100 co-authors of the report. "Within our lifetime hundreds of species could be lost as a result of our own actions, a frightening sign of what is happening to the ecosystems where they live," added Julia Marton-Lefevre, IUCN director general. "We must now set clear targets for the future to reverse this trend to ensure that our enduring legacy is not to wipe out many of our closest relatives."

"The wealth of the universe is for me. Every thing is explicable and practical for me .... I am defeated all the time; yet to victory I am born." --emerson
consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."--chronicles

Full Article (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#25662113)

November 6, 2008, 10:23 AM â" IDG News Service â"

Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

Security experts had known that TKIP could be cracked using what's known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data.

The work of Tews and Beck does not involve a dictionary attack, however.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a "mathematical breakthrough," that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck's Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

WPA is widely used on today's Wi-Fi networks and is considered a better alternative to the original WEP (Wired Equivalent Privacy) standard, which was developed in the late 1990s. Soon after the development of WEP, however, hackers found a way to break its encryption and it is now considered insecure by most security professionals. Store chain T.J. Maxx was in the process of upgrading from WEP to WPA encryption when it experienced one of the most widely publicized data breaches in U.S. history, in which hundreds of millions of credit card numbers were stolen over a two-year period.

A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck, but many WPA2 routers also support WPA.

"Everybody has been saying, 'Go to WPA because WEP is broken,'" Ruiu said. "This is a break in WPA."

If WPA is significantly compromised, it would be a big blow for enterprise customers who have been increasingly adopting it, said Sri Sundaralingam, vice president of product management with wireless network security vendor AirTight Networks. Although customers can adopt Wi-Fi technology such as WPA2 or virtual private network software that will protect them from this attack, there are still may devices that connect to the network using WPA, or even the thoroughly cracked WEP standard, he said.

Ruiu expects a lot more WPA research to follow this work. "Its just the starting point," he said. "Erik and Martin have just opened the box on a whole new hacker playground."

Huh....So for data.... (4, Informative)

Seakip18 (1106315) | more than 5 years ago | (#25662173)

If I remember reading right, a few years ago, TKIP client encryption was always able to be broken. The catch was that you had to capture the packets with the handshake between the access point and the client. This could be done by breaking the signal and capturing the ensuing reconnect. AES fixed this problem.

I think this may have been if you wanted to actually decrypt the data between the two though and that meant having the WPA key, which these guys have broken. Before this, as the article states, the only thing was a dictionary attack. So, I wonder if you combine the two, can you intercept data and successfully look at it.

Re: Huh....So for data.... (4, Informative)

tlhIngan (30335) | more than 5 years ago | (#25662519)

If I remember reading right, a few years ago, TKIP client encryption was always able to be broken. The catch was that you had to capture the packets with the handshake between the access point and the client. This could be done by breaking the signal and capturing the ensuing reconnect. AES fixed this problem.

I think this may have been if you wanted to actually decrypt the data between the two though and that meant having the WPA key, which these guys have broken. Before this, as the article states, the only thing was a dictionary attack. So, I wonder if you combine the two, can you intercept data and successfully look at it.

TKIP is a nasty hack, actually. It's designed to work with chipsets with onboard WEP encryption/decryption (it re-uses the RC4 hardware), and its security was always quite low (which is why it always re-keys itself every hour by default). It has mechanisms to detect and prevent replay attacks, as well as message integrity checks in case someone manages to break through the protections. It's final defense is a complete shut down of the network and a re-keying of everyone if it detects 2 or 3 MIC failures (the network literally shuts down for a minute).

These days, modern chipsets can do AES in hardware, and there's no reason to use TKIP anymore except in legacy applications (which still exist - though modern software can often just offload the AES in software).

Re: Huh....So for data.... (1)

ciroknight (601098) | more than 5 years ago | (#25663103)

One of the saddest parts here is that some of the newer routers that Linksys et. al are shipping do WPA2 so slowly when you've got any number of wireless clients over two that TKIP is generally a godsend. Now that it's broken, it's time to upgrade, yet again... Probably a good excuse to get people to spend the extra buck for WirelessN.

Well duh... (3, Interesting)

Zakabog (603757) | more than 5 years ago | (#25662199)

Does anyone seriously treat any wireless transmission as if it was secure? If anyone who cares to listen can easily pick up everything being sent from your computer it's only a matter of time and CPU power before they can read it.

Yes I know, the article mentions they actually found a more efficient method of cracking WPA than a simple brute force attack, and that is a flaw in WPA not wireless security. Although while they may come up with new encryption methods I still don't trust wireless for much more than browsing slashdot or searching google. If I need to do anything that involves sensitive information like ordering something online I can wait to go to a wired desktop.

Re:Well duh... (0)

Anonymous Coward | more than 5 years ago | (#25662383)

How is this any different? Breaking encryption over a wired connection is still "only a matter of time and CPU power".

Re:Well duh... (0)

Anonymous Coward | more than 5 years ago | (#25662623)

"How is this any different? Breaking encryption over a wired connection is still "only a matter of time and CPU power"."

The difference is if someone wants my wireless data they can sit outside and pick it up with a good antenna. If someone wants my wired data they need to physically tap into the system at some end which is significantly harder to do undetected.

Re:Well duh... (0)

Anonymous Coward | more than 5 years ago | (#25662409)

Since one's wireless router is going to happily spit out decrypted packets to the rest of the internet anyway, I'm not convinced securing the wireless protocol itself is important.

An end-to-end approach (SSH/SSL/etc.) seems more valuable.

Re:Well duh... (1)

sempernoctis (1229258) | more than 5 years ago | (#25662489)

There's actually an interesting proof floating around out there about exactly how much time and CPU power would be required to perform a brute force attack on 256-bit AES, and the conclusion is something like the amount of power required to do so with anything resembling current technology exceeds the output of the sun for the the next 100 years or so. Due mostly to apathy (and not remembering the password for my WAP), I still use WEP at home, but I live in an apartment complex with several unsecured networks readily available, so if anyone really wanted to get on the intarwebs, they would just use those. There will always be an arms race between the people developing security and the people breaking it, but as long as you aren't the easiest target, it is unlikely that the "bad guys" will go after you. BTW, last I checked, you can sniff packets quite effectively on a cable network, and probably on DSL too, so if you want to tap a residential internet user, you don't really need to crack WiFi.

Re:Well duh... (2, Informative)

maxume (22995) | more than 5 years ago | (#25662907)

The architecture of DSL is usually such that you can't see anybody else's traffic (well, it was the last time I spent any time trying to understand how it worked).

Re:Well duh... (2, Informative)

plague3106 (71849) | more than 5 years ago | (#25662761)

Does anyone seriously treat any wireless transmission as if it was secure? If anyone who cares to listen can easily pick up everything being sent from your computer it's only a matter of time and CPU power before they can read it.

Well, secure enough. I have WPA2 and AES with RADIUS setup... but as far as recording the transmitted data and decrypting it later, you can use tempest to snoop on Cat5 packets too.. so, I'm not sure wired vs. wireless is that relevent.

Re:Well duh... (1)

marcosdumay (620877) | more than 5 years ago | (#25662799)

SSL and SSH were tested for enough time for using them over wireless. Of course, you'll have to assure that the endpoints aren't compromissed, but that is always a problem, not only for wireless.

Re:Well duh... (2, Interesting)

hairyfeet (841228) | more than 5 years ago | (#25662935)

You'd be surprised how many times I've walked around the corner to the local cafe to get me a nice coffee and see folks doing their banking,using their CC,etc on the cafe free wifi. Hell I wouldn't even have to do packet sniffing on those that sit towards the center,as either of the two table nooks by the door allow me to see the screen and keyboard of anybody at the lower center tables quite easily. I think it is pretty obvious that folks don't have a clue when it comes to security in public.

'Its just the starting point,' (4, Interesting)

Keramos (1263560) | more than 5 years ago | (#25662305)

So, the headlines blare "WPA is cracked!!!!", but the researchers themselves say they haven't cracked the keys used to encrypt the data and all they have is a "starting point".

So, how is WPA cracked and useless, again??

I suppose maybe we'll see at the PacSec conference.

Re: 'Its just the starting point,' (0, Redundant)

themightythor (673485) | more than 5 years ago | (#25662457)

Because, in the security realm, even a partial break is taken seriously. It implies that there could be unknown weaknesses in the algorithm/protocol that are waiting to be discovered and exploited.

Re: 'Its just the starting point,' (2, Informative)

AdmiralXyz (1378985) | more than 5 years ago | (#25662477)

For two reasons:

1) Even if it isn't completely broken, any kind of significant attack, as this most certainly is, is reason enough to switch to a more secure system if one is available. This revelation, combined with that Russian breakthrough of using GPUs to brute-force WPA keys in very little time, is evidence that WPA is very close to being insecure and inadvisable for use as a wireless security protocol, if it isn't already.

2) Alarmist headlines always have been the de facto when it comes to security-related news and always will be. While I agree it is an exaggeration in many cases, it gets people paying attention to vital security-related issues, which can only be a Good Thing.

Re: 'Its just the starting point,' (0)

Anonymous Coward | more than 5 years ago | (#25662485)

RTFA:
They can read traffic comming from the router.
They cannot read traffic going to the router.
They cannot join the network. Just listen.

Oh nooo! (1)

jmerlin (1010641) | more than 5 years ago | (#25662307)

Now it looks like someone can steal my porn downloads. How rude.

OHNOES! (1)

Your Anus (308149) | more than 5 years ago | (#25662323)

I just upgraded my toaster to linux and put it on my wireless network!

Re:OHNOES! (4, Funny)

Coraon (1080675) | more than 5 years ago | (#25662889)

I know I just got root access...BTW could you put in some bread? I'm trying to install pop-up's.

Secure Wi-Fi (2, Informative)

extract (889530) | more than 5 years ago | (#25662387)

Use WPA 2, AES, create private network, MAC address lock on, turn off SNMP, if your router allows it: Reduce transmission strength (Mine is reduced to 10%). Some Windows laptops cannot use WPA2 or AES due to obsolete Wi-Fi card, change the card in the laptop to fix the problem.

Re:Secure Wi-Fi (1)

Tony Hoyle (11698) | more than 5 years ago | (#25662849)

Problem is handheld devices such as the PSP are yet to support it - they're TKIP only. Worse, even if you switch the router to accept both type of encryption it breaks some devices which can only understand a router in tkip-only mode.

I use ROT13 (-1, Redundant)

Drinking Bleach (975757) | more than 5 years ago | (#25662601)

unbreakable encryption bitches. I'll sell licenses of it for only $500 a seat!

Re:I use ROT13 (2, Funny)

ale_ryu (1102077) | more than 5 years ago | (#25662977)

Meh, that's nothing, I use DOUBLE ROT13. Learn 2 secure your data you n00b!

why not RSA? (3, Interesting)

Lord Bitman (95493) | more than 5 years ago | (#25662721)

As a serious question, the ignorant wanting to be enlightened: Why don't wireless access points just use some well-known and tested public key encryption? What problem is being solved by WEP/WPA/etc which simply broadcasting (or for the paranoid: copying over with a USB key) a regular old public key wouldn't cover?

Re:why not RSA? (0)

Anonymous Coward | more than 5 years ago | (#25663115)

Or better yet, why not SSL? My guess (and we're probably around the same level of expertise on this one) is that they've found some way to make WPA(2) cheaper than SSL or RSA (perhaps the hardware chips that do the encryption are more complex for SSL or something).

The way I see it, now that 8.10 has fixed the network-manager vpnc plugin I could care less what wireless protocols get cracked. Wake me when they can touch enterprise worthy vpn protocols, because those are used on wires as well.

Re:why not RSA? (0)

Anonymous Coward | more than 5 years ago | (#25663153)

Symetric is way faster than asymetric (private/public-key)

So the machine and the access point share a key: the password.

Why is the encryption married to the transmission? (1)

elex (1325997) | more than 5 years ago | (#25662731)

We should be allowed to employ various encryption schemes IMO, rather than whatever ones come out of the box. Hows this for a possible workaround: a vpn host device hooked up to the WAN port of the wireless router, or VPN hosting built into the router's firmware. That way all the clients get to keep thier hardware the way it is, with a little added hassle when connecting. Does that work?

So, what about key rotation? (1)

Chabil Ha' (875116) | more than 5 years ago | (#25662819)

So, given that my key gets rotated every 5 min, am I safe from their attack that takes 10-15? Now, assuming that the crack time scales with the resources thrown at it, it would seem that this isn't a safe bet.

One thing that did interest me was this:

A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck

For how long?

Re:So, what about key rotation? (1)

Tony Hoyle (11698) | more than 5 years ago | (#25662915)

Not really.. if you capture the data stream somewhere you can take all the time you like to break the key.

Moooooooo! (0, Offtopic)

lordnabob (1397169) | more than 5 years ago | (#25662877)

Anyone know how large the government's IT workforce is? Couldn't find it myself. I'm guessing it's massive, many times larger than the top several IT companies combined. In my town, the Department of Agriculture pays more for programmers than most private IT companies. (Hence the Mooo) Kinda scary actually.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...