6696545
story
Comments: 166 +- Mobile: New Improvements On the Attacks On WPA/TKIP on Thursday October 29, @02:45PM
background: url(//a.fsdn.com/sd/topics/topicwireless.gif); width:37px; height:77px;
wireless
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
background: url(//a.fsdn.com/sd/topics/topichardware.gif); width:64px; height:55px;
hardware
olahau writes "Two weeks ago, improvements to the previously reported attack on WPA/TKIP, were presented at the NorSec Conference in Oslo, Norway. In their paper coined 'An Improved Attack on TKIP,' Finn Michael Halvorsen and Olav Haugen describe the improvements, which enable an attacker to inject larger, maliciously crafted packets into a WPA/TKIP protected network, thus opening the probabilities for new and more sophisticated attacks against the well-established wireless security protocol."
Related Stories
There is no time like the present for postponing what you ought to be doing.
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
AM or FM? (Score:5, Funny)
New Improvements On the Attacks On WPA/TKIP
... in Cincinatti!!
Re:AM or FM? (Score:5, Funny)
"As God is my witness, I thought packets could fly!"
Parent
Re: (Score:2)
I wonder if somebody drove around looking for unpatched routers if they'd call it Turkey Bombing.
Re: (Score:3, Informative)
They [faqs.org] can. [wikipedia.org]
Re: (Score:3, Funny)
OMG I fucking *love* tkips!
Does that mean... (Score:2, Interesting)
WEP is better? Has it always been better? I used WEP for the longest time until I figured I could set my own (short & easy) password with WPA.
Should I switch back? Not that I expect my neighbours to be leet hackers...
But one time not too long ago I logged into my one of my neighbours unsecured network (no idea who owned it) and noticed they had a printer on the network. So I downloaded the drivers off of HP and then sent a message to their printer telling them they should secure their wireless, and a we
Re: (Score:3, Informative)
WEP is not better. Don't use WEP.
WPA2+AES is better.
Re:Does that mean... (Score:4, Insightful)
WEP is better? Has it always been better?
Sure, keep using WEP. 128-bit WEP takes a very long time to break. Somewhere on the order of 15-30 minutes, in my experience.
Parent
Re: (Score:3, Informative)
WEP has always been less secure than WPA, especially because you can just brute-force a WEP password.
Stick with WPA2 and you'll be alright for a while.
Re: (Score:2)
WEP is not better. Don't use WEP.
WPA2+AES is better.
-
WEP takes a very long time to break. Somewhere on the order of 15-30 minutes
-
WEP has always been less secure than WPA
Well thats reassuring. You learn something new everyday.
Re: (Score:2, Interesting)
Re: (Score:3, Informative)
WEP has always been less secure than WPA, especially because you can just brute-force a WEP password.
That's not the problem. You can brute force a WPA-TKIP password if you capture the handshake as someone connects, it just takes a really long time so it's not practical to do anything except a dictionary attack (and that would still take a loooong time). The problem with WEP is that you don't need to brute force the password, you can figure it out by collecting enough data packets. The only think slowing you down is the speed of the network. To give you an idea, I downloaded the example packets from aircrac
Re:Does that mean... (Score:5, Informative)
no. Actually, let me rephrase that... "NO!!!!!!"
WEP has been broken. Terribly, horribly, and completely broken. Not only are attacks possible, they are out there, and they are the data-intercept type. It's somewhat more secure than running Open and hiding your SSID, but not a lot more.
WPA/TKIP has a vulnerability that malformed packets may be inserted in to the data stream. This opens the door for possible attacks. That does not mean attacks are currently possible, nor does it necessarily mean that data-intercept attacks will be possible near-term. You are "nearly safe" running WPA/TKIP. WPA/TKIP uses the same encryption methodologies as WPA but encrypts more data and is a lot harder to break.
WPA/AES has, to my knowledge, no presently-known attack vector vulnerabilities. That can (and probably will) change.
But if your gear is capable of WPA/AES, switch to that. If not, leave it as WPA/TKIP.
And for the love of Pete, switch to a longer password with some nice scrunchy numbers, letters (upper and lower) and a few special characters. 10 total characters should do it if you use the prefix of some phrase and replace a few letters with special characters.
Example: The Lord of the Rings is the Greatest Series Ever Written
TLotRitGSER This is actually a decent-security password, you've got decent length, 11 characters, and some upper/lower goodness.
Now add the concepts that it was originally actually one book, (&1b), and not about the 7 dwarves (!7d) to the end. TLotRitGSER&1b!7d
Seriously secure password, and you're going to remember the hell out of it. Of course, it helps if you use something memorable to you.
Then you'll never go around saying "Amazing! That's the exact same combination I have on my luggage!"
Parent
Re: (Score:3, Informative)
If I recall correctly, WPA/TKIP was an "interim" solution intended to be more secure than WEP but compatible with most WEP hardware. As such it had to leverage some of the low-level components of WEP, of which TKIP was one of them.
So effectively, WPA/TKIP has vulnerabilities because it inherited them from WEP.
WPA2/AES eliminates all "WEP heritage cruft".
Re:Does that mean... (Score:4, Interesting)
Yes, you're absolutely correct. However, the question was "now that WPA/TKIP is broken, is WEP more secure than it?"
WPA/TKIP has vulnerabilities inherited from WEP, yes, but those vulnerabilities are still hidden behind a layer that, for now, is still protective. Trouble is, people are starting to discover larger and larger vectors for inserting attacks.
The shields are still holding - I haven't heard of a successful data breach or DNS spoof on a WPA/TKIP (someone correct me if there is an actual working breach out there), and there are measures that can be taken (turn off QoS/WMM, update your client stack) that will close the holes.
But only FOR NOW. Upgrading to AES is the correct answer.
Downgrading to WEP is not the correct answer, unless the question is "What security protocol is the easiest to break?"
Parent
Re:Does that mean... (Score:5, Informative)
Did you even read the paper or take the time to understand the attack?
I'm one of the authors of IEEE 802.11i. I did, and it's not good.
This is a significant advance in attack technique on TKIP. Get off of TKIP as quickly as you can. NOW.
On one hand, as the paper's authors point out, we got seven years of life out of a band-aid fix that was designed to buy us five. I'm pretty happy with that.
On the other hand, the Beck and Tews attack opened some cracks in the walls, this latest paper wedges that crack further open by a factor of 14, and provides some practical real-world exploit scenarios. The bad guys will come up with more, trust me.
This is bad.
Migrate off of TKIP NOW.
Your advice for the length of a passphrase is off as well, BTW. IEEE 802.11i CLEARLY states that a passphrase of less that 20 characters in length does not offer adequate security.
Use a strategy to choose a LONG, STRONG passphrase. Type it into notepad. Cut and paste it wherever it needs to go to eliminate typo errors.
Cheers.....
Red
Parent
Re: (Score:2)
Re: (Score:3, Informative)
Can we please have a way to have secure _anonymous_ WiFi access?
You're solving the wrong problem. WiFi 'security' is single-hop security. It's for local networks. If you are using a WiFi hotspot to connect to a remote site then you have a few dozen network segments between you and the remote party that may or may not be trustworthy. If security is important, you should be using end-to-end encryption, not encryption for the first hop and then no security for the next twenty. This applies to DNS too. You should not be trusting DNS from a WiFi hotspot unless all of
Re: (Score:3, Insightful)
When I set up a wifi router for someone I always simply generate a random string of letters numbers and special characters then I write it down and stick it to the router.
I figure that you can't get more secure and its not exactly something they need to remember because they type it every day.
Re: (Score:3, Insightful)
I'd suggest just using the whole sentence. It would have at least as much entropy and would be more resistant to simple brute force breakage.
And I'm considering giving up on upper case in passwords. The lower case alphabet requires about 5 bits to encode, while adding uppercase only requires one more bit. I suspect t
Re: (Score:2)
"you've got decent length, and some upper/lower goodness." ...that's what she said.
Re: (Score:3, Interesting)
And for the love of Pete, switch to a longer password with some nice scrunchy numbers, letters (upper and lower) and a few special characters. [..snip]..Seriously secure password, and you're going to remember the hell out of it. Of course, it helps if you use something memorable to you.
Then you'll never go around saying "Amazing! That's the exact same combination I have on my luggage!"
I have my router set up without a password, and the SSID set to "Bring beer to Apt. 243".
Since then, I've had the pleasure of meeting a few of my neighbors and drinking beer with them.
Re: (Score:2)
Re: (Score:2)
The cost of a single piece of paper and the amount of ink I would have used is trivial to me being able to deny them internet access. They had it completely open, broadcasted the SSID, and left the router with the default username and password. I could have locked them out from their own internet if I had wished it. Sure, they could press the button on the bottom to restore factory defaults, but then I could do it over and over again. Or, if I were in the business of stealing personal information, I would h
Re: (Score:3, Informative)
The evil people you are so concerned about protecting these people from are fucking pricks like you. Abusing their network because you are afraid someone might abuse their network is so fucking hypocritical it's sickening. Not to mention someone who actually things WEP is more secure than WPA/TKIP (or secure at all) is a fucking dumbass and has no right lecturing others about security.
tl;dr: You are a worthless piece of shit.
Antisocial (Score:2)
I leave my wireless connection "unsecured". Sure, the neighbours use it, and people needing iPod Touch location services.
I figure it's just good social behaviour. If I need network access when I'm "out and about", I will use someone else's wifi.
Just don't be a 'leet hacker asshole.
Re: WHY would you "secure" a WLAN? (Score:2)
I run my WLAN open, or "unsecured", intentionally and encourage everyone to do the same. Your neighbors are good people who leave their network open, so why would you be rude and abuse their prin
Re: (Score:2)
Re: (Score:2)
Does anyone know... (Score:4, Insightful)
Why did they invent a (well, multiple) new encryption algorithm(s) for WiFi? Any competent security specialist will tell you that using an established encryption algorithm is always the wise choice. Did the people behind WiFi simply lack competence? Not Invented Here?
Re:Does anyone know... (Score:5, Informative)
WEP is "Wired Equivalent Privacy". It wasn't supposed to be very strong - about a secure a regular wired network. However, it wasn't known back then just HOW weak it was. As a stopgap measure, WPA PSK (TKIP) was created. Since it uses the same algorithm as WEP, (RC4), existing equipment could be easily upgraded with just a firmware/software update. A long-term solution WPA2 PSK (AES) was created as well.
WPA-PSK (TKIP) is still far, far better than WEP by many order of magintude, but WPA2-PSK is better, and if all you wireless devices support it (in particular the Nintendo DS DOES NOT, The DSi does, but not for DS games), then that preferred.
Parent
Re: (Score:2)
They did it because the existing router hardware and wireless network card hardware was not capable of AES. It was a temporary solution that no one should be using any longer. WPA2 is the current established secure protocol, and it uses AES which is not a specialized algorithm.
Not quite correct (Score:2)
They didn't use AES because AES didn't yet exist. (Or, to be specific, was very early on in the algorithm competition to determine which one would become the standard.)
Rijndael was chosen as the AES winner by NIST in 2001. WEP was finalized in 1997.
At that point, I believe DES was already known to have issues.
Re: (Score:3, Insightful)
WEP Came first. It was one of those "oh we need security" bits. It's about what you would have on a wired network. Yea, no, not really. Broadcast != Hardwire so that quickly began being broken. Collisions were found. Time for something stronger
WPA came next but it was a bit advanced and all of these older machines didn't have real
Re: (Score:2)
Re: (Score:2)
Uh... Mr. Coward, WEP and TKIP are both examples of (failing to) reinvent crypto.
Re: (Score:2)
Nothing to see, move along (Score:3, Informative)
This tells us nothing more than we knew before. Stop using WPA/TKIP and switch to WPA2/AES
Re: (Score:2)
Re: (Score:2)
You may wish to check for some replacement firmware from DD-WRT before buying new hardware. I've used DD-WRT for years and love it!
http://dd-wrt.com/site/index [dd-wrt.com]
Re: (Score:3, Interesting)
New Improved Attacks on Obsolete Standards! (Score:2)
News at 11!
Wake me when someone's got something on WPA2.
I think someone should post a story about bugs in zmodem.
Re: (Score:3, Interesting)
Please provide your definition "obsolete."
Google provides disused: no longer in use; "obsolete words"
WEP isn't even obsolete, let alone WPA. Many people still use "old" standards. Not everyone keeps up to date with the latest wireless security. Many have unsecured networks. Many use WEP just to keep off annoying neighbors. I don't know anyone that uses WPA2+AES at home. I take it back, I do know one person that does.
Re: (Score:2)
WEP isn't even obsolete, let alone WPA. Many people still use "old" standards. Not everyone keeps up to date with the latest wireless security. Many have unsecured networks. Many use WEP just to keep off annoying neighbors. I don't know anyone that uses WPA2+AES at home. I take it back, I do know one person that does.
WEP is obsolete and so is WPA. People still drive Model T cars - that doesn't mean they're not obsolete. Hell, lots of people still use *IE6*!
I've been using WPA2+AES at home for quite some tim
Re: (Score:2)
Just in time! (Score:5, Interesting)
The timing of this new attack could not have been better - the day after the UK government announces they want to introduce a "three strikes" rule before disconnecting suspected file-sharers.
I imagine this must be a massive headache for ISPs who have been shipping routers with WPA/TKIP enabled for compatibility (i.e. a lot of them). Suddenly their routers need remotely updating and they have to hope that most of their customer's wifi drivers will cope with the move to AES.
Re: (Score:2)
> Suddenly their routers need remotely updating...
Why would they see a need for updating? It certainly won't come from customer demand.
Re: (Score:3, Informative)
Alternatively, they could simply turn off QoS/WMM and buy a little more time, since that is (currently) a requirement for this specific attack vector, according to the submitted paper.
There are also fixes available to TKIP that could extend its life a little longer.
But, yeah, it's time to go AES.
Having said all that, I fear the backlash from people who have routers that are only capable of WEP and WPA/TKIP and decide WPA/TKIP is "less secure" because no one is talking about how insecure WEP is any more. Gi
Re: (Score:2)
If you're *that* concerned, consider establishing and IPSEC tunnel across your WLAN. Yes, you will have additional headaches with this, more software, more configuration, and likely more hardware too. However IPSEC tunnel trumps all of the above in my opinion, and should hold up longer than WPA2/CCMP (aka WPA/AES). You could maybe use SSL VPN, but I'm a bit of a paranoid curmudgeon and I've got some concerns about the longterm security of many SSL VPN implementations. This is purely my opinion, offered
Short information about current Wireless Hacking (Score:5, Informative)
1) Listen to packets going through (monitor mode)
2) Force people to send more packets using arp-replay packets or specially crafted packets
3) Capture about 25000 packets and make an crypto analysis [the more packets you capture, more chance you'll be able to decrypt the password] about this packets to get password
In WPA1/2 it's quite different
1) Listen to packets going through in monitor mode
2) Wait un-till you capture a connection-login handshake (it's 2 packets both ways = 4 packets)
3) After you capture packets in 2, you need to do Dictionary attack on the captured session login. If that word isn't in your dictionary, you're screwed.
That's why a current wireless hacking methods against a strong not-in-dictionary WPA(PSK) password will be quite hard (if possible) to hack these days.
Just so we all be cleared.