Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

WPA Weak Key Cracker Posted

michael posted more than 9 years ago | from the bet-the-NSA-already-has-it dept.

Wireless Networking 168

Glenn Fleishman writes "The folks at TinyPEAP released a cracking tool to break Wi-Fi Protected Access (WPA) keys. WPA is the replacement for weak WEP keys in the original 802.11b specification. Robert Moskowitz of ICSA Labs released a paper almost exactly a year ago documenting how WPA keys that were short and lacked randomnness could be subject to cracks. This tool automates the process. Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits. Some tools exist to produce better keys, including chipmaker Broadcom's SecureEZSetup (in selected hardware) and Buffalo Technologies' hardware-based AOSS for automatic key generation and propagation. Enterprise-based WPA with 802.1X doesn't have this weakness: each user gets a long WPA key that's randomly generated and uniquely assigned--and can be frequently changed during a session."

cancel ×

168 comments

Sorry! There are no comments related to the filter you selected.

By its nature... (3, Insightful)

The Islamic Fundamen (728413) | more than 9 years ago | (#10739828)

When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.

Re:By its nature... (1)

Excen (686416) | more than 9 years ago | (#10739842)

This is true, but if it's encrypted it might be considered to be marginally safe from tinkerers like your average /.er. That being said, stay away from my wireless network you damn kids!

This is why (5, Funny)

zakezuke (229119) | more than 9 years ago | (#10739912)

This is why I setup a stand alone wifi network that when ever war-drivers discover my "wireless network" everything they visit gets redirected to goatse. The result, I've observed is usually a loud exclamation followed by the sound of screeching tires and burnt rubber.

Next i'll observe when I secretly host a wifi network near starbucks and replace everything with a small mirror of www.khaaan.com [khaaan.com] .

Re:This is why (0, Offtopic)

sketerpot (454020) | more than 9 years ago | (#10740116)

If you want to get really evil, I assure you that some twisted people are perfectly capable of dreaming up even scarier things than goatse. For starters, do not click this link [bmezine.com] if you value your sanity. Does the phrase "penis bisection" pique your interest? If so, then remember what happens to people who go rashly clicking on links explicitly described as evil. *shudder*

Re:This is why (3, Funny)

zakezuke (229119) | more than 9 years ago | (#10740137)

If you want to get really evil, I assure you that some twisted people are perfectly capable of dreaming up even scarier things than goatse

I don't know, hearing 20 laptops or so yelling "Khaaan! Khaaan!" I think is scarier than a penis bisection.

Re:This is why (0)

Anonymous Coward | more than 9 years ago | (#10740339)

A mod like that is beautiful. The only cooler mods are a penectomy, nipplectomy, bilateral orchiectomy and clitorectomy. Do you have the guts to get nullified?

Re:This is why (0)

Anonymous Coward | more than 9 years ago | (#10740393)

A mod like that is beautiful. The only cooler mods are a penectomy, nipplectomy, bilateral orchiectomy and clitorectomy. Do you have the guts to get nullified?

No sir, I don't :P

Re:This is why (0)

Anonymous Coward | more than 9 years ago | (#10740442)


Nah. Once you have a man with two penises, you'll never go back.

Now, a pictures of a rectal prolapse [google.com] , that's evil!

Re:By its nature... (2, Informative)

davesplace1 (729794) | more than 9 years ago | (#10739880)

You make a good point, I know that I would not do any "online" banking with wifi.

Re:By its nature... (2, Insightful)

Anonymous Coward | more than 9 years ago | (#10739910)

When you really think about it, by nature the internet can never be too secure. I mean, your data is being transmitted through dozens of other servers to another point. Think about it.

Re:By its nature... (4, Insightful)

wcdw (179126) | more than 9 years ago | (#10739940)

Theoretically, perhaps - but how secure does it need to be? All wireless traffic in my home uses SSH tunnels between the laptop and the firewall.

When it becomes possible to conveniently crack SSH tunnels, I'll start to worry. By then, I'm sure there will be something better available. Meanwhile, you can sniff those ESP packets to your heart's content.

This is trivial under Linux, and not much more difficult under Winblows (clients), and I'm surprised more people don't suggest it as an alternative to WEP/WPA.

(My girlfriend uses Winblows w/ SSH Sentinel, and has only had one problem that rebooting wouldn't fix - in over 3 years. That one? Installing XP / SP2 turns on the [useless] firewall, which blocks the ports needed by the VPN.)

http://www.theboyz.biz/ [theboyz.biz] Computers, parts, electronics, small appliances and more!

Re:By its nature... (1, Insightful)

Anonymous Coward | more than 9 years ago | (#10740008)


Installing XP / SP2 turns on the [useless] firewall, which blocks the ports needed by the VPN.)

That's what firewalls do...they block ports. Be they SP2 or some other variation this has nothing to do with the design of Microsoft's firewall and everything to do with the concept of firewalls.

But since you've called Windows "Winblows" and labelled te firewall useless it's obvious you're lacking sufficient knowledge to know why the problem occured.

Re:By its nature... (2, Interesting)

wcdw (179126) | more than 9 years ago | (#10740017)

<snort> The FACTs are that when SP2 was installed, it altered the system configuration, and installed a perfectly useless product. (Actively dangerous, as noted by the bug which enables file/printer sharing across ALL connections if you have it on any!)

As for not knowing what happened, it took me about 10 seconds to solve the problem. And, in fact, DID require a reboot, but then again, that's Winblows.

As for lacking sufficient knowledge of firewalls, you're welcome to try and hack mine. It's been up for 7 years now without an intrusion. And not for trying, according to my logs.

Re:By its nature... (1)

Alejo (69447) | more than 9 years ago | (#10740051)

SS1 is weak in many ways. are you SSH2 only?
Also, how good is your w32 software on picking session keys? host keys?
Not saying you're insecure, just that you didn't mention basic 101 stuff about it. And ssh implementations on w32 are rumored to be all weak. :-/

Re:By its nature... (1)

wcdw (179126) | more than 9 years ago | (#10740088)

Actually that's a finger slip (trying to hard to remember the name of the SSH Sentinel product ;) - actual implementation is IPSec VPNs. However, I do have all my SSH clients and servers set up for SSH2 only, and use SSH/SCP exclusively for remote access. Even across the VPN. ;)

Re:By its nature... (2, Informative)

KingPunk (800195) | more than 9 years ago | (#10740215)

just generate a key from /dev/urandom on nix. doesn't get any more random than that.

and im fairly certian it won't be compromised any time in the near future
;)
--kingpunk

Re:By its nature... (1)

Lord Kano (13027) | more than 9 years ago | (#10740054)

Do you have an alternative link for SSH Sentinel? ssh.com no longer has it available.

LK

Re:By its nature... (1)

wcdw (179126) | more than 9 years ago | (#10740156)

Interesting; I didn't realize they'd dropped that product. I didn't find a copy locally, but the original download is probably still on my girlfriend's laptop - although I'd have to check redistribution licensing.

It's a shame; it makes it MUCH easier to do IPSec than the built-in XP VPN feature. (Their connector product looks comparable, but I really don't know anything about it.)

Re:By its nature... (4, Informative)

Fweeky (41046) | more than 9 years ago | (#10740251)

Looked at OpenVPN [sourceforge.net] ? Seems a lot easier to configure than a VPN.

Re:By its nature... (1)

Fweeky (41046) | more than 9 years ago | (#10740253)

Er, s/a VPN/IPSec/. *cough*

Bush won (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10739956)

Just rubbing it in.

Re:By its nature... (5, Insightful)

slashdot.org (321932) | more than 9 years ago | (#10739983)

When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.

I guess that's an understandable misconception about security. But security has by nature nothing to do with wireless or wired.

Good security is based on the principle that other people WILL have access to your encrypted data.

Unfortunately, the people that implemented security in the wireless protocols did a piss-poor job and left it vulnerable to (known!) attacks.

However, if you just ran IPSec or something over your wireless connection, you'd be fine.

Re:By its nature... (1, Insightful)

Anonymous Coward | more than 9 years ago | (#10740016)

Who modded this insightful? Of course proper security always assumes that everything you transmit is captured inbetween.

Real security makes it really hard to use the captured data without the key, which should never be transmitted cleartext.

Just name all your specific MAC addresses (1, Informative)

NotQuiteReal (608241) | more than 9 years ago | (#10740090)

This will also help secure your network.

How many home networks really need to allow random MAC addresses access?

Re:Just name all your specific MAC addresses (5, Insightful)

hsidhu (184286) | more than 9 years ago | (#10740162)

ummmm how hard is it to sniff the traffic, and get the MAC addess that is allowed and then spoof it?

Re:Just name all your specific MAC addresses (4, Insightful)

zakezuke (229119) | more than 9 years ago | (#10740361)

How many home networks really need to allow random MAC addresses access?

How many home users know what a MAC address is?

Re:Just name all your specific MAC addresses (0)

Anonymous Coward | more than 9 years ago | (#10740404)

Good thought, but no good for WPA and in general.

For WPA: Part of the encryption process apparently obfuscates the MAC, hence access points only being able to do AP-to-AP bridging using WEP or no encryption at all.

In general: it's way trivial to sniff a valid MAC and then spoof yours.

Re:Just name all your specific MAC addresses (5, Insightful)

IHateSlashDot (823890) | more than 9 years ago | (#10740501)

You're kidding right? MAC filtering provides absolutely no added security. Once the encryption is broken, spoofing a MAC address is trivial.

Ok, MAC spoofing seems "trivial"... (1, Flamebait)

NotQuiteReal (608241) | more than 9 years ago | (#10740621)

...but I live out in the burbs.

Point taken - I won't put anything important on my wireless access, but then again, I am about as likely to have someone out here care about spoofing me as I am to have some gang-bangers drive the 50 miles to my "hood" and rough me up.

Computers are becoming more like regular life - assume someone will someday see what is on your computer, just like your are probably being watched by security/traffic cameras all the time.

heh, "play nice", even when you think no one is watching and you will be ok.

Re:By its nature... (3, Insightful)

KillerCow (213458) | more than 9 years ago | (#10740125)

When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.

Your wired network can't be too secure either. All that you need to do is attach a listening device to a wire somewhere. Or just compromise a machine.

See the sibling post about how the basis of cryptography is asuming that someone has access to your encrypted data and the encryption algorithm. All security rests in the key. Cryptographic algorithms exist that can make it infeasable to decrypt a block of cyphertext without the key.

Asside: WEP = Wired Equivalency Protocol (4, Insightful)

KillerCow (213458) | more than 9 years ago | (#10740187)

As an aside to the above point, the original "WEP" stood for "Wired Equivalency Protocol." They chose that because it acknowledged that wires weren't inherently secure either. It's name didn't claim security at all... just that it was equivalent to a wire. The inside joke was that that didn't mean anything from a security standpoint either.

WPA Keys (-1)

Anonymous Coward | more than 9 years ago | (#10739833)

Is there any opensource project for HOST AP that does changing WPA keys?

Is there an opensource project that even does WPA?

(First Post)

Re:WPA Keys (3, Informative)

Olmy's Jart (156233) | more than 9 years ago | (#10739967)

Yes... Several..


Do your homework. Look up Supplicant, XSupplication, HostAP, 802.11i for Linux, 802.1x for Linux, etc, etc, etc... Lots of things going on.


ITMT... This crack is only for weak keys with WPA-PSK. Not applicable to WPA enterprise or WPA2.

g00d 1 m1c43a1!!!!! (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10739849)

l37 734 4ax0ring k0mm3nc3!!!

Better colours (3, Interesting)

Anonymous Coward | more than 9 years ago | (#10739862)

Re:Better colours (0)

Anonymous Coward | more than 9 years ago | (#10740566)

One of these needs to be posted every article

What Morons (-1, Troll)

StarWreck (695075) | more than 9 years ago | (#10739867)

I don't under stand why anyone would want to use WEP or WPA seeing as their just a simple single layer encryption method. Using MAC-Filtering is NOT that hard! Compared to WEP and WPA, Mac-Filtering based WLAN security is uncrackable.

Re:What Morons (2, Informative)

Sarhosh Amiral (772139) | more than 9 years ago | (#10739879)

It does not have to be cracked, MAC filtering does not prevent from others listening the network.

Re:What Morons (0)

Anonymous Coward | more than 9 years ago | (#10739947)

the article talks about first capturing packets with Ethereal... don't you need to be on-net to do that? so how can you first be on-net if MAC filtering is on? you'd need to know a valid MAC ahead of time... pretty unlikely. am I missing something?

Re:What Morons (0)

Anonymous Coward | more than 9 years ago | (#10740157)

"the article talks about first capturing packets with Ethereal... don't you need to be on-net to do that?"

No, you can set your card to 'monitor' mode, and pull other packets out of the air. MAC address can be had in these...you just change your card's MAC address, and poof!, there goes MAC address filtering!

Re:What Morons (2, Informative)

Anonymous Coward | more than 9 years ago | (#10739881)

Um, do you know how easy it is to spoof MAC addresses? Very easy.

Re:What Morons (-1, Troll)

StarWreck (695075) | more than 9 years ago | (#10739906)

Seeing as MAC addresses are permanently burned into your WLAN card... you try it.

Re:What Morons (3, Insightful)

chizu (669687) | more than 9 years ago | (#10739937)

"ifconfig wlan0 hw ether [mac address]" sets your wlan card's mac address under Linux. There is probably a way to do so under Windows as well.

Re:What Morons (3, Informative)

wcdw (179126) | more than 9 years ago | (#10739953)

NOT really a good idea to start a thread about morons, and then act like one.

_YOUR_ wlan card may have the MAC address burned into it. Once ALL NIC did. I think it was more than 10 years ago that I saw my first NIC that DID NOT HAVE a MAC address (it was all zeroes, and expected to be set in software).

_MY_ wlan card will _CERTAINLY_ let me change the MAC address - under Linux _or_ Windows.

http://www.theboyz.biz/ [theboyz.biz] Computers, parts, electronics, small appliances and more!

Relax dude! (0)

Anonymous Coward | more than 9 years ago | (#10740059)

Dude, I would seriously lay off the 18 cup a day coffee diet.

Re:What Morons (0)

Anonymous Coward | more than 9 years ago | (#10740178)

_did_ it _really_

Re:What Morons (0, Troll)

hkb (777908) | more than 9 years ago | (#10740474)

_LETS_ continue to _TYPE_ like this _A LOT_. it's _PRETTY_ _COOL_ and gets my _POINT_ across really _WELL_!!!!

Re:What Morons (1)

EnronHaliburton2004 (815366) | more than 9 years ago | (#10739970)

My Linksys card allows me to change the MAC on Windows... it's trivial to do.

The other poster sowed how easy it is to do this in Linux.

Re:What Morons (1, Funny)

Anonymous Coward | more than 9 years ago | (#10740009)

i love when idiots like you post on nerd sites and make an ass of yourself.. you should have posted anonymously, your nerd creds have been lost, you can never show your face here again as StarWreck.. time to make a new username or never come back, you ruined it

and while yes this is a troll.. its not a pure troll.. had you posted only your first post then replied to the replies with something like "oh i wasn't aware of that, sorry, i guess i was wrong"... then you'd be fine.. but you keep replying saying you are right and everyone else is wrong.. when everyone else is right and you're wrong..you're probably not stupid, you made a simple mistake, but then you acted like an ass about it and now you ruined your slashdot name

Re:What Morons (1)

kg4gyt (799019) | more than 9 years ago | (#10740092)

Sure you can change your MAC Address, but then you have to change the MAC Address to one that is valid. If no one is on the network, but you can hear it by simply wardriving, its not going to do anybody any good.

Re:What Morons (0)

StarWreck (695075) | more than 9 years ago | (#10739892)

Before somebody flames me... get out your Laptop with a wireless card and logon to your Wireless Access Point. Go to the MAC-Filtering page, type in your exact MAC address for your laptop's wireless card. Now enable MAC-Filtering. Notice how you can still access wirelessly. Now change a single character in the MAC address you just typed out. You will never be able to access the internet wirelessly again. Unless you hard-wire yourself to it and change the address back.

First person to regain internet access after doing this without hard-wiring back into their LAN wins a monkey.

Re:What Morons (1)

RajivSLK (398494) | more than 9 years ago | (#10739913)

Umm simple. I would just change the MAC address on my laptop to match the address in the WAP and reconnect. Many cards allow you to change the MAC address in software.

Now, where do I pickup my monkey?

Re:What Morons (0, Flamebait)

StarWreck (695075) | more than 9 years ago | (#10739932)

The deal was for you to actually do it, not explain how to do it. /monkey bitch slaps you

Re:What Morons (2, Insightful)

kormoc (122955) | more than 9 years ago | (#10740001)

ifconfig wlan0 hw ether [mac address]

Done

Re:What Morons (1)

iamnotacrook (816556) | more than 9 years ago | (#10739941)

you need to brute-force check each MAC adress. there are ways to make this harder in the router.

Re:What Morons (3, Informative)

arth1 (260657) | more than 9 years ago | (#10740035)

you need to brute-force check each MAC adress. there are ways to make this harder in the router.

No, you don't have to do this. Once the WEP key is broken (or if there is no WEP key, just MAC filtering), you simply listen to the traffic to get a MAC address that's allowed, and use that.

Regards,
--
*Art

Re:What Morons (1)

wcdw (179126) | more than 9 years ago | (#10739964)

Once again I draw your attention to the problems with making conclusions about the entire world based on your one example.

This is a *trivial* exercise, and certainly does not require any hard-wiring.

http://www.theboyz.biz/ [theboyz.biz] Computers, parts, electronics, small appliances and more!

Re:What Morons (5, Insightful)

PedanticSpellingTrol (746300) | more than 9 years ago | (#10739907)

Jesus christ, I hope you don't have a job in security. If all your packets are unencrypted, anybody can sniff them, see what MAC addresses are recieving traffic, and thus are on the whitelist. From there, it's a simple matter to spoof the MAC in software. This feature is built into linux, windows and OS X. The myth that MAC addresses are a universally unique identifier is dangerous and has to be dispelled.

Re:What Morons (0)

Anonymous Coward | more than 9 years ago | (#10739916)

Depends on what activities you're doing while using the access point. If you're using VPN to your corporate network, it's already encrypted. Likewise with SSL.

Re:What Morons (0)

Anonymous Coward | more than 9 years ago | (#10740038)

but your mac address is still NOT encrypted

Odds of implementation? (3, Insightful)

IamGarageGuy 2 (687655) | more than 9 years ago | (#10739870)

The odds of Joe sixpack going the extra step of making a 20 character key is not good. WiFi setups are all the rage and now can all be broken into even after you spend an hour telling someone that they have to use WEP.

Re:Odds of implementation? (2, Informative)

EnronHaliburton2004 (815366) | more than 9 years ago | (#10739943)

WEP

Er, you mean WPA?

Re:Odds of implementation? (3, Funny)

IamGarageGuy 2 (687655) | more than 9 years ago | (#10739949)

doh! - temporal acronym overload

Re:Odds of implementation? (3, Interesting)

fisgreen (568052) | more than 9 years ago | (#10740440)

The odds of Joe sixpack going the extra step of making a 20 character key is not good. WiFi setups are all the rage and now can all be broken into even after you spend an hour telling someone that they have to use WEP.

Sadly, who needs to break into anything when so many leave their front doors wide open? I just moved into a new appartment complex. While waiting for my cable to get turned on, I thought I'd scan for networks, just for the hell of it. F'ing amazing: five APs detected, one WEP (not WAP) secured, four open. Of the open ones, three hadn't even changed the defaults.

So it's just a bruteforce/dictionary tool... (2, Informative)

zaffir (546764) | more than 9 years ago | (#10739876)

What's the big deal? Kismac has had this feature for a while. I hope i'm missing something.

Re:So it's just a bruteforce/dictionary tool... (1)

Tony Hoyle (11698) | more than 9 years ago | (#10740061)

Kismet had a WEP sniffer - that has issues that allow you to derive the key from the data.

WPA (with AES, preferably) is a lot harder as it's designed so you can't go that way around.. you have to bruteforce.

A 128 bit key is only 16 characters (you *do* use non-ASCII in your keys I assume?). I usually try to go to at least double that.

Re:So it's just a bruteforce/dictionary tool... (3, Informative)

zaffir (546764) | more than 9 years ago | (#10740074)

Notice i said Kismac [binaervarianz.de] , not Kismet. This new tool doesn't do anything special when attacking WPA. It isn't even the first to do this non-special thing.

Re:So it's just a bruteforce/dictionary tool... (0)

jrockway (229604) | more than 9 years ago | (#10740082)

I like your sig :)

I'll say it again - VPN (0)

Anonymous Coward | more than 9 years ago | (#10739883)

Now that D-link and others sell routers with wireless and VPNs all in one box, just VPN with IPSec to your own network and that way you have everything running as securely as you can with a normal VPN. Sure, it's easier to sniff the traffic in the air, but it can still be sniffed on a wire too.

I'm all for this. (5, Funny)

Anonymous Coward | more than 9 years ago | (#10739889)

Leaving my WAP wide open all the time allows experienced crackers to access all the best pr0n sites with ease via my connection. All I then have to do is check the logs and Voila! There they are! Saves me looking for them and having to wade thru the pop-ups and bogus sites!

no good excuse (3, Interesting)

Misanthropy (31291) | more than 9 years ago | (#10739896)

there's not really any good excuse for a weak wpa key. My router will generate a random 128bit key.
Kind of funny. I have our wireless router locked down with a 128bit key and only accepting connections from mine and my roommates' MAC addresses. But one of my neighbors has a wide open access point that I can connect to whenever I wan't.
I don't really want to, but I could.

No real point to this post except that you should attempt even minimal security (Unlike my neighbor).

Re:no good excuse (1, Funny)

Anonymous Coward | more than 9 years ago | (#10739938)

You should never access a neighbor's access point... ...except at night, to download porn, till dawn. Oh and with their permission.

"Pardon me, mind if I use your wireless connection so I can download porn and masturbate all night long?"

Re:no good excuse (0)

Anonymous Coward | more than 9 years ago | (#10740102)

That actually made me laugh. good job AC

In addition to a cracker (4, Interesting)

slashdot.org (321932) | more than 9 years ago | (#10739904)

I would have liked to see a tool that will verify if your chosen key is 'secure' or not.

Would have made the crack software look a little less black-hat, to the uninitiated.

Just an idea.

Re:In addition to a cracker (1)

slashdot.org (321932) | more than 9 years ago | (#10739933)

Just to clarify, before I'm getting wise-ass responses; I realize the crack software may be the ideal tool to confirm your key is A-OK. BUT, that software is not for the faint-of-heart.

Getting raw packets etc, is not something everybody knows how to do, but it would be great if they could verify their key was fine.

(and then that software could send the key back to the original web-site, so they can keep a list of fine keys that are now known, so they are not fine anymore. Yeah yeah, I know... ;-D)

Full text in readable form here (0)

Anonymous Coward | more than 9 years ago | (#10739920)

I'm sorry, but here we read from left to right; not top to bottom.

Weakness in Passphrase Choice in WPA Interface

By Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of TruSecure Corp

Use of PSK as the key establishment method

WPA and 802.11i provide for a Pre-Shared Key (PSK) as an alternative to 802.1X based key establishment. A PSK is a 256 bit number or a passphrase 8 to 63 bytes long. Each station MAY have its own PSK, tied to its MAC address. To date, vendors are only providing for one PSK for an ESS, just as they do for WEP keying.

When a PSK is used instead of 802.1X, the PSK is the Pairwise Master Key (PMK) that is used to drive the 4-way handshake and the whole Pairwise Transient Key (PTK) keying hierarchy. There is a straightforward formula for converting a passphrase PSK to the 256-bit value needed for the PMK.

This paper will look into the risks of using a PSK and particularly the risk associated with a passphrase-based PSK.

How the PSK is used in WPA and 802.11i

The PSK provides an easily implemented alternative for the PMK as compared to using 802.1X to generate a PMK. A 256bit PSK is used directly as the PMK. When the PSK is a passphrase, the PMK is derived from the passphrase as follows:

PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)

Where the PBKDF2 method is from PKCS #5 v2.0: Password-based Cryptography Standard. This means that the concatenated string of the passphrase, SSID, and the SSIDlength is hashed 4096 times to generate a value of 256 bits. The lengths of the passphrase and the SSID have little impact on the speed of this operation.

The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake. This is why the whole keying hierarchy falls into the hands of anyone possessing the PSK, as all the other information is knowable.

The Intra-PSK attack

The normal practice is to have a single PSK within an ESS. To generate any PTK, a device only needs to learn the two MAC addresses and nonces (and the selected ciphersuite). All of this is available in the initial exchange, from the ASSOCIATE through the 4-Way Handshake. Any device can passively listen for these frames and then generate the PTK. If the device missed these frames, it can send a DISASSOCIATE against the STA and force the STA to perform the ASSOCIATE through the 4-Way Handshake again.

Thus even though each unicast pairing in the ESS has unique keys (PTK) there is nothing private about these keys to any other device in the ESS.

The offline PSK dictionary attack

A station that does not know a passphrase-based PSK can attack it with an offline attack. This is effective for an outsider where there is a single PSK in the ESS, or an insider where there are unique PSKs.

The 802.11i standard points out that:

A passphrase typically has about 2.5 bits of security per character, so the passphrase of n bytes equates to a key with about 2.5n + 12 bits of security. Hence, it provides a relatively low level of security, with keys generated from short passwords subject to dictionary attack. Use of the key hash is recommended only where it is impractical to make use of a stronger form of user authentication. A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks.

The PTK is used in the 4-Way handshake to produce a hash of the frames. There is a long history of offline dictionary attacks against hashes. Any of these programs can be altered to use the information in the 4-Way Handshake as input to perform the offline attack. Just about any 8-character string a user may select will be in the dictionary. As the standard states, passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use.

This offline attack should be easier to execute than the WEP attacks.

Using Random values for the PSK

The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large number for human entry; 20 character passphrases are considered too long for entry. Given the nature of the attack against the 4-Way Handshake, a PSK with only 128 bits of security is really sufficient, and in fact against current brute-strength attacks, 96 bits SHOULD be adequate. This is still larger than a large passphrase, but is unlikely to be in a dictionary attack. Using a relatively small random value represented in hexadecimal, and entering it as a passphrase will expand it to a proper 256-bit PSK.

Summary

Anyone with knowledge of the PSK can determine any PTK in the ESS through passive sniffing of the wireless network, listening for those all-important key exchange data frames. Also, if a weak passphrase is used, for example, a short passphrase, an offline dictionary attack can readily guess the PSK. Since the common usage will be a single PSK for the ESS, once this is learned by the attacker, the attacker is now a member of the ESS, and the whole ESS is compromised. The attacker can now read and forge any traffic in the ESS.

Pre-Shared Keying is provided in the standard to simplify deployments in small, low risk, networks. The risk of using PSKs against internal attacks is almost as bad as WEP. The risk of using passphrase based PSKs against external attacks is greater than using WEP. Thus the only value PSK has is if only truly random keys are used, or for deploy testing of basic WPA or 802.11i functions. PSK should ONLY be used if this is fully understood by the deployers.

don't blame WPA (4, Insightful)

nbert (785663) | more than 9 years ago | (#10739942)

...if your key is asdf - the attack is based on a dictionary. This weakness relies on human nature after all.

Btw: The Tips and Tricks section of this newsletter [slashdot.org] is a good ressource if you want to create passes which are harder to guess.

Re:don't blame WPA (2, Informative)

nbert (785663) | more than 9 years ago | (#10739960)

arghh - let's blame my caffeine consumption...

Here's the a correct link [gentoo.org]

Re:don't blame WPA (1)

PMJ2kx (828679) | more than 9 years ago | (#10740023)

...if your key is asdf - the attack is based on a dictionary. This weakness relies on human nature after all. So, write a generator to make a random key so that it's not just ASDF...just make sure to memorize it...ya know, just in case... ...or, if you're like my not-so-bright friend, write it on a stickynote and leave it in a book labeled "passwords & stuff"...

Re:don't blame WPA (0)

Anonymous Coward | more than 9 years ago | (#10740120)

dd if=/dev/random bs=1024k count=1 | md5sum

there is a 16 byte (represented with 32 hex chracters) that is probably farily random. If you need ascii characters, hmm, play with this:
echo `dd if=/dev/urandom bs=1024k count=1 2>/dev/null | strings -1 -es` | sed s/\ //g | dd bs=1 skip=$RANDOM count=8 2>/dev/null ; echo
I couldn't figure how to drop the new line stuff, so that's why the echo and the sed(assumes a bash shell). It also makes some asumptions, like it will have at least 32768 characters ($RANDOM says it give a number between 0-32768). Change that 8 characters to something larger if you want more characters(20 or 60 or what ever). in the strings, change the "-es" to "-eS" to allow 8 bit characters, as is right now it will just do the 7-bit characters. (although on my system it didn't seem to play well with that). Change the /dev/urandom -> /dev/random to not use the psuedorandom.

I will say running from urandom I have gotten files from the current dir listed as well as some of the environment variables, so beware.

Re:don't blame WPA (1)

/dev/trash (182850) | more than 9 years ago | (#10740150)

If an attcker has physical access he's already won. Having your wireless password written down isn'y gonna make it easier for some kid looking for a free ride.

Phew i'm safe! (0)

Anonymous Coward | more than 9 years ago | (#10740360)

Mine is qwerty

Ho hum (2, Interesting)

Realistic_Dragon (655151) | more than 9 years ago | (#10739963)

Guess it's not time to abandon treating all wireless hosts as bastions and using SSH to tunnel/authenticate just yet then.

Treat wireless just like you do a student network and everything will be fine.

Re:Ho hum (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10740164)

Yeah, it's cumbersome, slow and full of gas ... I can throw a pen knife right at the juggler.

D-Link Software generates 60-digit pass keys. (0, Flamebait)

Futurepower(R) (558542) | more than 9 years ago | (#10740055)


D-Link's install software for the AirPlusXtremeG WiFi adapters generates a 60 digit random hexadecimal number for use as a pre-shared key.

The Daily Mirror is one of the United Kingdom's largest newspapers. Here is their front page on the day after the election (PDF file): Daily Mirror Front Page: How could 59,054,087 people be so dumb? [icnetwork.co.uk] .

Correction: 64 4-bit hexadecimal keys (1)

Futurepower(R) (558542) | more than 9 years ago | (#10740248)


Correction: 64 4-bit hexadecimal keys, for 256 bits total. According to the article, not breakable.

Re:D-Link Software generates 60-digit pass keys. (0, Offtopic)

Glendale2x (210533) | more than 9 years ago | (#10740628)

The Daily Mirror is one of the United Kingdom's largest newspapers. Here is their front page on the day after the election

Could someoneexplain to me what that has to do with WPA? or D-Link keys?

Suggestion (3, Interesting)

cuteseal (794590) | more than 9 years ago | (#10740064)

From reading all the threads and flame wars going on here, it appears that WEP, WPA and even MAC address filtering is easy to crack, if someone was determined enough to do it.

So, I know it's not foolproof, but does anyone have suggestions on how to increase wireless security?

1. Regularly change WEP keys?
2. Use a proxy server to access internet, and disable direct access via access point?
3. Turn off router and computers when you're not using them?

Any others?

Re:Suggestion (0)

Anonymous Coward | more than 9 years ago | (#10740131)

IPSec and SSH tunneling.

Re:Suggestion (1)

StarWreck (695075) | more than 9 years ago | (#10740147)

The lesson learned here is to use multiple layer security. As I said in an earlier post, 1-layer security is always a bad idea. Use a good length WPA (or WEP) as well as Mac-Filtering. Encryption and Filtering both have their weaknesses but combined they are fairly effective.

Re:Suggestion (3, Informative)

slashname3 (739398) | more than 9 years ago | (#10740391)

The best thing you can do in addition to using WEP, changing keys, and locking down the MAC addresses allowed, is to use ssh or VPN software to encrypt your connections. If someone spends enough time to crack WEP and spoof a MAC address then the most they can get is access through your access point. They would have to break ssh or VPN to look at your data. Of course you would need to have tools in place to identify a man in the middle attack to prevent them from spoofing your connections.

Of course if someone spends that much effort just to break into your wireless network you either have something really important or they are have way to much time on their hands. (and I doubt if anyone has anything that important on their network....)

record now crack later (1)

pronobozo (794672) | more than 9 years ago | (#10740166)

How about technologies of the future that you can just wait around for. I am sure in 5 years the hardware then will be able to crack stuff now in a matter of seconds. So why not record now... be patient(5 year wait).. and then crack.

Re:record now crack later (1)

shuut (827307) | more than 9 years ago | (#10740756)

Depending on your browser some old browser might only support encryption with less than 128 bit keys in SSL, looking at the specs that's basically DES and RC2, so if you sniffed an encryption message sent through by one of these less than 128bit browser you can break it in matter of days.

What is Slashdot coming too? (2, Funny)

Anonymous Coward | more than 9 years ago | (#10740267)

I know traffic has been declining to this site but please have a little dignity left. Posting cracks on slashdot? What next, hosting the latest music, movies and software. I would hope the moderators would do a better job sifting through stories. Lots of good stories are getting rejected while dupes and stuff like this gets posted all the time. It's just a shame to see this site suffering from the same problems big media conglomerates have.

What are you smoking? (0)

Anonymous Coward | more than 9 years ago | (#10740636)

I am a part-time sysadmin for a small company. My most important duties are things other than administration. Yet, all the administration in the company is done by me.

This was an EXTREMELY important piece of information to me. I had been under the impression that "anything WPA has not been broken yet, and is inherently more secure than WEP".

Now I need to figure out how to reconfig those APs to talk 802.1x to a server, which is going to be so not fun, but a lot more fun than having discovered a fait accompli break-in.

Takes a load off my mind, in a way. (0)

Anonymous Coward | more than 9 years ago | (#10740437)

I had started on a dictionary cracker for WPA keys, but it was for a class project and once the class was over, the project pretty much was as well. Not being much experiened in POSIX I/O for network and wireless interfaces, I had no idea what to do to put in those parts and was kind of torn on whether to take time out to learn it. It's still on sourceforge if anyone wants to finish it, i.e. add in the bits for acquiring actual packets.

Maybe we can modify it for AES/CCMP keys. They still use passphrases, right?

Wired security vs. wireless security (1)

thedillybar (677116) | more than 9 years ago | (#10740443)

Just because you have a wired connection, doesn't mean you can assume no one is snooping on the wire.

Anything confidential needs to be encrypted with VPN, SSL, or something similar. Period.

Sure you can turn WEP or WAP on...but don't stake all your data on it. Use what's tested and trusted by the rest.

Link to TinyPEAP's WPA Cracker utility (1)

OneNonly (55197) | more than 9 years ago | (#10740556)

For those who are interested in checking out your own security (I'm just about to do this!) the WPA Cracker that has been released is available here: WPA Cracker [tinypeap.com] .

I wonder if 13 characters is short :S

What about unsecured networks? (4, Funny)

porkUpine (623110) | more than 9 years ago | (#10740600)

Until people start securing their wireless networks with SOMETHING, wireless will always have a bad reputation. As nice as it would be, we aren't allowed to use wireless in office... period. BTW, I'm surfing /. from my neighbors unsecured WAP. *Sigh*
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>