Forgot your password?
typodupeerror
Wireless Networking Security Hardware

New Improvements On the Attacks On WPA/TKIP 166

Posted by timothy
from the feelin'-nervous dept.
olahau writes "Two weeks ago, improvements to the previously reported attack on WPA/TKIP, were presented at the NorSec Conference in Oslo, Norway. In their paper coined 'An Improved Attack on TKIP,' Finn Michael Halvorsen and Olav Haugen describe the improvements, which enable an attacker to inject larger, maliciously crafted packets into a WPA/TKIP protected network, thus opening the probabilities for new and more sophisticated attacks against the well-established wireless security protocol."
This discussion has been archived. No new comments can be posted.

New Improvements On the Attacks On WPA/TKIP

Comments Filter:
  • AM or FM? (Score:5, Funny)

    by MobileTatsu-NJG (946591) on Thursday October 29, 2009 @03:46PM (#29915075)

    New Improvements On the Attacks On WPA/TKIP

    ... in Cincinatti!!

  • WEP is better? Has it always been better? I used WEP for the longest time until I figured I could set my own (short & easy) password with WPA.
    Should I switch back? Not that I expect my neighbours to be leet hackers...

    But one time not too long ago I logged into my one of my neighbours unsecured network (no idea who owned it) and noticed they had a printer on the network. So I downloaded the drivers off of HP and then sent a message to their printer telling them they should secure their wireless, and a we

    • Re: (Score:3, Informative)

      by Anonymous Coward

      WEP is not better. Don't use WEP.

      WPA2+AES is better.

    • by Anonymous Coward on Thursday October 29, 2009 @04:05PM (#29915373)

      WEP is better? Has it always been better?

      Sure, keep using WEP. 128-bit WEP takes a very long time to break. Somewhere on the order of 15-30 minutes, in my experience.

    • Re: (Score:3, Informative)

      by Random2 (1412773)

      WEP has always been less secure than WPA, especially because you can just brute-force a WEP password.

      Stick with WPA2 and you'll be alright for a while.

      • WEP is not better. Don't use WEP.

        WPA2+AES is better.

        -

        WEP takes a very long time to break. Somewhere on the order of 15-30 minutes

        -

        WEP has always been less secure than WPA

        Well thats reassuring. You learn something new everyday.

      • Re: (Score:2, Interesting)

        by Anonymous Coward
        64-bit keys are NOT trivially brute-forceable. Even if you've got a botnet of decent computers, you're probably still looking at weeks. The attacks on WEP, real attacks on severe flaws, typically take about five minutes to produce the key.
      • Re: (Score:3, Informative)

        by Korin43 (881732)

        WEP has always been less secure than WPA, especially because you can just brute-force a WEP password.

        That's not the problem. You can brute force a WPA-TKIP password if you capture the handshake as someone connects, it just takes a really long time so it's not practical to do anything except a dictionary attack (and that would still take a loooong time). The problem with WEP is that you don't need to brute force the password, you can figure it out by collecting enough data packets. The only think slowing you down is the speed of the network. To give you an idea, I downloaded the example packets from aircrac

      • by cjb658 (1235986)

        WPA basically generates a new WEP key for each packet. It's a bit more complicated than that, obviously (there must be a pattern that the AP and client can follow).

        I've also found a tool [google.com] that lets you run WPA cracks with CUDA or Stream for about a 20-50x speed increase.

    • Re:Does that mean... (Score:5, Informative)

      by natehoy (1608657) on Thursday October 29, 2009 @04:17PM (#29915611) Journal

      no. Actually, let me rephrase that... "NO!!!!!!"

      WEP has been broken. Terribly, horribly, and completely broken. Not only are attacks possible, they are out there, and they are the data-intercept type. It's somewhat more secure than running Open and hiding your SSID, but not a lot more.

      WPA/TKIP has a vulnerability that malformed packets may be inserted in to the data stream. This opens the door for possible attacks. That does not mean attacks are currently possible, nor does it necessarily mean that data-intercept attacks will be possible near-term. You are "nearly safe" running WPA/TKIP. WPA/TKIP uses the same encryption methodologies as WPA but encrypts more data and is a lot harder to break.

      WPA/AES has, to my knowledge, no presently-known attack vector vulnerabilities. That can (and probably will) change.

      But if your gear is capable of WPA/AES, switch to that. If not, leave it as WPA/TKIP.

      And for the love of Pete, switch to a longer password with some nice scrunchy numbers, letters (upper and lower) and a few special characters. 10 total characters should do it if you use the prefix of some phrase and replace a few letters with special characters.

      Example: The Lord of the Rings is the Greatest Series Ever Written

      TLotRitGSER This is actually a decent-security password, you've got decent length, 11 characters, and some upper/lower goodness.

      Now add the concepts that it was originally actually one book, (&1b), and not about the 7 dwarves (!7d) to the end. TLotRitGSER&1b!7d

      Seriously secure password, and you're going to remember the hell out of it. Of course, it helps if you use something memorable to you.

      Then you'll never go around saying "Amazing! That's the exact same combination I have on my luggage!"

      • Re: (Score:3, Informative)

        by Andy Dodd (701)

        If I recall correctly, WPA/TKIP was an "interim" solution intended to be more secure than WEP but compatible with most WEP hardware. As such it had to leverage some of the low-level components of WEP, of which TKIP was one of them.

        So effectively, WPA/TKIP has vulnerabilities because it inherited them from WEP.

        WPA2/AES eliminates all "WEP heritage cruft".

        • Re:Does that mean... (Score:4, Interesting)

          by natehoy (1608657) on Thursday October 29, 2009 @04:59PM (#29916305) Journal

          Yes, you're absolutely correct. However, the question was "now that WPA/TKIP is broken, is WEP more secure than it?"

          WPA/TKIP has vulnerabilities inherited from WEP, yes, but those vulnerabilities are still hidden behind a layer that, for now, is still protective. Trouble is, people are starting to discover larger and larger vectors for inserting attacks.

          The shields are still holding - I haven't heard of a successful data breach or DNS spoof on a WPA/TKIP (someone correct me if there is an actual working breach out there), and there are measures that can be taken (turn off QoS/WMM, update your client stack) that will close the holes.

          But only FOR NOW. Upgrading to AES is the correct answer.

          Downgrading to WEP is not the correct answer, unless the question is "What security protocol is the easiest to break?"

      • Re:Does that mean... (Score:5, Informative)

        by RedLeg (22564) on Thursday October 29, 2009 @05:17PM (#29916581) Journal

        Did you even read the paper or take the time to understand the attack?

        I'm one of the authors of IEEE 802.11i. I did, and it's not good.

        This is a significant advance in attack technique on TKIP. Get off of TKIP as quickly as you can. NOW.

        On one hand, as the paper's authors point out, we got seven years of life out of a band-aid fix that was designed to buy us five. I'm pretty happy with that.

        On the other hand, the Beck and Tews attack opened some cracks in the walls, this latest paper wedges that crack further open by a factor of 14, and provides some practical real-world exploit scenarios. The bad guys will come up with more, trust me.

        This is bad.

        Migrate off of TKIP NOW.

        Your advice for the length of a passphrase is off as well, BTW. IEEE 802.11i CLEARLY states that a passphrase of less that 20 characters in length does not offer adequate security.

        Use a strategy to choose a LONG, STRONG passphrase. Type it into notepad. Cut and paste it wherever it needs to go to eliminate typo errors.

        Cheers.....

        Red

        • by zonky (1153039)
          If there is an effective attack on TKIP, will that also affect WPA2 w/ TKIP as well?
        • by owlstead (636356)

          20 characters? That's an entropy of 244 bits if it is completely random (using /only/ upper- and lower case characters). That's a bit much for a complex password like the one mentioned. If the password consists of much easier to guess characters, than 20 characters is probably on the low side. I can understand such a recommendation from some point of view (we'll at least let them choose a long passphrase), but I think it is a bit over the top for well chosen passwords...

          And I would recommend to write down t

          • by shaitand (626655)

            People lose perspective in computer security. Big time.

            "And I would recommend to write down the password and put it in a drawer. Chances are that you only need to type it in after your system went fubar, and if that happens, you may have lost your password. Drawers are also very difficult to hack from the internet."

            and yet, they are ever so easy to hack from inside the room.

            You are dramatically more secure using a dictionary word password of less than ten characters, without mixed case, numbers or special c

            • Re: (Score:2, Insightful)

              by bdo19 (992170)

              The people who are most likely to try to break into your internet are people you know and especially people you live and/or work with.

              This may be true, but these are NOT the people a WPA password is supposed to protect you from. If they have access to your drawer, and they intend to do your harm, your WPA password is the least of your worries. And, if they already have physical access, then they don't need your WPA password to "break into your internet" anyway.

              If we were talking about an online banking password that someone could steal from your drawer and use to empty your account, then I might agree with you (although the same idea app

              • by shaitand (626655)

                "But wireless network encryption is only capable of protecting against someone who doesn't already have physical access anyway."

                Your son/daughter/roommate is far more than likely to be trying to get into your wifi than any sort of thief and physical access doesn't help the layman one bit.

                Even if they were technically capable to take advantage of physical access (you do realize that an extremely small fraction of the population has that level of technical capability right?) that isn't going to do them much g

        • Can we please have a way to have secure _anonymous_ WiFi access?

          Something like https/TLS? With https you don't need to give everyone passphrases or have them share the same passphrase. And the users can't decipher each other's traffic. Can we have something like that for WiFi please?

          Combine it with something like ssh method: "WARNING! The AP's public key fingerprint has changed!". Then that's good enough, make the CA stuff optional.

          Because, the CA system on browsers doesn't really improve security that much
          • Re: (Score:3, Informative)

            by TheRaven64 (641858)

            Can we please have a way to have secure _anonymous_ WiFi access?

            You're solving the wrong problem. WiFi 'security' is single-hop security. It's for local networks. If you are using a WiFi hotspot to connect to a remote site then you have a few dozen network segments between you and the remote party that may or may not be trustworthy. If security is important, you should be using end-to-end encryption, not encryption for the first hop and then no security for the next twenty. This applies to DNS too. You should not be trusting DNS from a WiFi hotspot unless all of

            • by TheLink (130905)
              The problem is there is currently no way for Starbucks/Hyatt/etc to provide WiFi security to their customers/guests, so that:

              1) their customers can't see each other's traffic.
              2) their customers don't have to enter pesky WPA passwords.

              It's not important what the original point of WiFi security was, after all WiFi security was broken from scratch, so it's not like the WiFi designers were a good authority on what is good or best.

              Secondly, just because you can plug your network cable into a hotel room's network
      • Re: (Score:3, Insightful)

        by jhfry (829244)

        When I set up a wifi router for someone I always simply generate a random string of letters numbers and special characters then I write it down and stick it to the router.

        I figure that you can't get more secure and its not exactly something they need to remember because they type it every day.

        • by shaitand (626655)

          As I said here:

          http://mobile.slashdot.org/comments.pl?sid=1423971&cid=29919403 [slashdot.org]

          The most likely people to try to break into the router are people who have physical access and little technical knowledge. Like kids and employees.

          The second most likely group is random people who are close by and want to mooch some free internet but they on average are less tech savy than your kids and any form of security will keep them out.

      • Re: (Score:3, Insightful)

        by mrcaseyj (902945)

        Example: The Lord of the Rings is the Greatest Series Ever Written

        TLotRitGSER This is actually a decent-security password, you've got decent length, 11 characters, and some upper/lower goodness.

        I'd suggest just using the whole sentence. It would have at least as much entropy and would be more resistant to simple brute force breakage.

        And I'm considering giving up on upper case in passwords. The lower case alphabet requires about 5 bits to encode, while adding uppercase only requires one more bit. I suspect t

        • by vadim_t (324782)

          Actually, it will have a LOT more entropy.

          Going by brute force, there are 98569 lines in my /usr/share/dict/words. Double that to account for that some words are capitalized.

          There are only 26 characters, double to account for uppercase.

          197138 ^ 11 is a much bigger number than 52 ^ 11. Of course it's also longer to type. But if brute force resistance is what you want it makes no sense to weaken it.

      • by CompMD (522020)

        "you've got decent length, and some upper/lower goodness." ...that's what she said.

      • Example: The Lord of the Rings is the Greatest Series Ever Written TLotRitGSER This is actually a decent-security password, you've got decent length, 11 characters, and some upper/lower goodness. Now add the concepts that it was originally actually one book, (&1b), and not about the 7 dwarves (!7d) to the end. TLotRitGSER&1b!7d Seriously secure password

        Except you actually got it wrong.

        and you're going to remember the hell out of it.

        Sure doesn't look like it. :)

      • Re: (Score:3, Interesting)

        by Jasonv (156958)

        And for the love of Pete, switch to a longer password with some nice scrunchy numbers, letters (upper and lower) and a few special characters. [..snip]..Seriously secure password, and you're going to remember the hell out of it. Of course, it helps if you use something memorable to you.

        Then you'll never go around saying "Amazing! That's the exact same combination I have on my luggage!"

        I have my router set up without a password, and the SSID set to "Bring beer to Apt. 243".

        Since then, I've had the pleasure of meeting a few of my neighbors and drinking beer with them.

        • by natehoy (1608657)

          I'd set up a password and have the SSID set to "Beer to Apt 243 means free WiFi". Then change the password every few days. ;)

      • TLotRitGSER&1b!7d

        Seriously secure password, and you're going to remember the hell out of it. Of course, it helps if you use something memorable to you.

        Lame

        Every few weeks I do the following:

        aaron@hoth:~$ pwgen -cny
        Ui:jae5i She9tah) ki3Ou;p3 phah`Gh8 aiR&aeW2 Aif2ye%i Ae0ieT?i ieng0Ep~
        paa%qu6A ahCaa^l7 gai3Mai+ Egh\ee1u eg$eeM4l Joo4Oh[e Ve"o1Ain suX|ae3c
        Qua;c6Vo Ohng^iL5 Yie,m5Wu Ezee'sh7 eek]aiT1 Ahch*ei3 fe9AiT'i dae(M3ee
        ei2Wei^j uY$eiv2o Eip:ee6c Beiy*oo8 aRieg-u7 eeg#ae6O ik3Bu:o6 au8Pa[i4
        <snip />
        Us`e5Aed OhB@oa9A Theeng7 thee^D3u ANa/ng5o bo_Feo5m Cha#a0ee Aiv+aa3J
        aaron@hoth:~$

        Pick one or more of the passwords from the outpu

      • by mlts (1038732) *

        Even better, either use a utility like KeePass or roll dice and use Diceware's password generation to make a 64 bit passphrase. Essentially, you really don't need to remember it like you do your router password. Then save the passphrase to a USB flash drive. After pasting it into your router, take the USB flash drive from wireless box to wireless box, copy and paste it in their configs, then either encrypt the usb flash drive key file, or merely store it in a secure place.

        This way, an attacker isn't deal

    • by Brianwa (692565)
      You found someone kind enough to share their internet connection, so you wasted their ink and paper. Nice.
      • The cost of a single piece of paper and the amount of ink I would have used is trivial to me being able to deny them internet access. They had it completely open, broadcasted the SSID, and left the router with the default username and password. I could have locked them out from their own internet if I had wished it. Sure, they could press the button on the bottom to restore factory defaults, but then I could do it over and over again. Or, if I were in the business of stealing personal information, I would h

        • by shentino (1139071)

          I would if they left the post-it where a would-be thief could read it, be informed the car was unlocked, and then rob me for real.

          They'd even be potentially aiding and abetting in this case.

          I would appreciate the post-it PROVIDED it was left somewhere only I could see it...after I get back in the car.

          Leaving a public message on their printer is like sticking a "kick me" note on someone's back.

          • by billcopc (196330)

            Only if the printer is in a public place. Chances are, if you're in an apartment building, that printer is in the victim's apartment, where only they can see it.

            Or do you have a disturbing habit of parking your printer outside overnight ?

        • Re: (Score:3, Informative)

          by Sir_Lewk (967686)

          The evil people you are so concerned about protecting these people from are fucking pricks like you. Abusing their network because you are afraid someone might abuse their network is so fucking hypocritical it's sickening. Not to mention someone who actually things WEP is more secure than WPA/TKIP (or secure at all) is a fucking dumbass and has no right lecturing others about security.

          tl;dr: You are a worthless piece of shit.

          • by TheLink (130905)
            Try to get some perspective here before calling people nasty names. He didn't change their wifi password or other stuff. He didn't change the password to their printer either ( I know someone who has done that).

            He just printed a note to them on the _shared_ printer. If they intentionally shared the printer then he has done nothing wrong. If they aren't intentionally sharing the printer, then sure from legalistic PoV he's done something wrong.

            But I personally think what he did was not harmful to others. On t
        • by Abstrackt (609015)

          The cost of a single piece of paper and the amount of ink I would have used is trivial to me being able to deny them internet access. They had it completely open, broadcasted the SSID, and left the router with the default username and password. I could have locked them out from their own internet if I had wished it. Sure, they could press the button on the bottom to restore factory defaults, but then I could do it over and over again. Or, if I were in the business of stealing personal information, I would have had very little standing in the way.

          If they wanted to share, they should have at least locked down access to the rest of their network (PC, Printer, Router/Gateway).

          If you leave your car unlocked and someone uses your pen and post its to tell you to lock your car, are you going to be pissed?

          Yes, I would be pissed. Someone used my stuff without my permission.

          I compare what you did and your example to walking into someone's house and informing them their door was unlocked, then explaining the dangers and advising them on how to fix it (e.g. lock the door). But it's a good thing you're a nice person because you could have been a serial killer. Do you think people would thank you for that?

          You may have had the best intentions possible, and I'm sure you did, but what you did the digital equivalen

      • by TheLink (130905)
        But how do you know they are intentionally sharing their internet connection?
        And how do you know they aren't intentionally sharing their printer?

        Because people don't normally share their printer? If that's the case, then it's a good thing he told them right? I don't think he printed an entire book.
    • I leave my wireless connection "unsecured". Sure, the neighbours use it, and people needing iPod Touch location services.

      I figure it's just good social behaviour. If I need network access when I'm "out and about", I will use someone else's wifi.

      Just don't be a 'leet hacker asshole.

      • by cjb658 (1235986)

        Location based Wifi actually doesn't need to connect to an AP, it just looks its MAC address up in a database, such as this one [wigle.net].

        Even if you have WPA2/AES, your AP still broadcasts this information.

      • by jroysdon (201893)

        While that might seem nice, it's actually pretty stupid, on both parts (sharing, and using "shared" resources).

        Two points, first is that you're opening yourself up to having all your gear seized by the police when you leave things open. How/why? How 'bout your neighbor has an interest in child porn? How 'bout your neighbor uses your internet to send death threats to the President of the United States and guess what, the Secret Service will have your address from your ISP in no time and you'll probably ha

      • You should leave your house's door open too, just in case someone gets thirsty or need to use the toilet..

        You ideas are pretty nice, but they are a little naive too.

    • But one time not too long ago I logged into my one of my neighbours unsecured network (no idea who owned it) and noticed they had a printer on the network. So I downloaded the drivers off of HP and then sent a message to their printer telling them they should secure their wireless, and a website to show them how.

      I run my WLAN open, or "unsecured", intentionally and encourage everyone to do the same. Your neighbors are good people who leave their network open, so why would you be rude and abuse their prin
      • Or those guys who just moved in, wanting to eat up your bandwidth downloading music and playing world of warcraft without paying for their own internet service?

        Thinking that you shouldn't secure a wireless network is ridiculous. Do you leave your door open and encourage people to use the washroom? Do you leave your keys in the ignition to encourage your neighbours to do their grocery runs with your car?

        If so, you are a very unique, not to mention naive character, who will only be taught once they get scamme

        • by billcopc (196330)

          Some of us believe the internet should be free to use for anyone and everyone. There's a big difference between a personal vehicle (which itself is horribly inefficient and vain, but that's for another post), and access to a global information network where the only cost is related to the "onramp".

          If someone drives off with your car, you no longer have use of your car. If someone checks their email over a small slice of your bandwidth, you're not being deprived of anything. All you really need to do is k

          • I would have nothing opposed to sharing internet access if I was not aware of the dangers imposed with it. The problem with insecure routers is that you leave yourself open to whims of anyone who can use it.

            You can leave it open, and share, and you'd be doing a good thing. You may never run across a bad guy in your life. Likewise, you can leave your car unlocked and no one will ever enter it.

            But I personally have never been in the scenario where I KNOW my neighbours nor have I ever been in a situation where

      • by cjb658 (1235986)

        SSL doesn't always mean secure either.

        See the third video here: http://www.defcon.org/#earlyVids [defcon.org]

      • by jroysdon (201893)

        If there were not evil people in the world and laws that will get you in hot water should that evil person use your network in a bad way, I'd agree. That's not the world we live in.

        Yes from your LAN to the internet is wide open, all email from your ISP to another ISP is in the open (GPG if you care), but for me that's not the point of securing my WLAN. It's securing who accesses my internet connection which is tied to me personally, and without physically being in my home/office, WLAN is the only way to d

  • by Lord Ender (156273) on Thursday October 29, 2009 @03:58PM (#29915263) Homepage

    Why did they invent a (well, multiple) new encryption algorithm(s) for WiFi? Any competent security specialist will tell you that using an established encryption algorithm is always the wise choice. Did the people behind WiFi simply lack competence? Not Invented Here?

    • by salahx (100975) on Thursday October 29, 2009 @04:16PM (#29915579)

      WEP is "Wired Equivalent Privacy". It wasn't supposed to be very strong - about a secure a regular wired network. However, it wasn't known back then just HOW weak it was. As a stopgap measure, WPA PSK (TKIP) was created. Since it uses the same algorithm as WEP, (RC4), existing equipment could be easily upgraded with just a firmware/software update. A long-term solution WPA2 PSK (AES) was created as well.

      WPA-PSK (TKIP) is still far, far better than WEP by many order of magintude, but WPA2-PSK is better, and if all you wireless devices support it (in particular the Nintendo DS DOES NOT, The DSi does, but not for DS games), then that preferred.

      • by Ash-Fox (726320)

        WPA-PSK (TKIP) is still far, far better than WEP by many order of magintude, but WPA2-PSK is better, and if all you wireless devices support it (in particular the Nintendo DS DOES NOT, The DSi does, but not for DS games), then that preferred.

        Shame my Nintendo DS doesn't support it.

    • by MobyDisk (75490)

      They did it because the existing router hardware and wireless network card hardware was not capable of AES. It was a temporary solution that no one should be using any longer. WPA2 is the current established secure protocol, and it uses AES which is not a specialized algorithm.

      • They didn't use AES because AES didn't yet exist. (Or, to be specific, was very early on in the algorithm competition to determine which one would become the standard.)

        Rijndael was chosen as the AES winner by NIST in 2001. WEP was finalized in 1997.

        At that point, I believe DES was already known to have issues.

    • Re: (Score:3, Insightful)

      by tecker (793737)
      Well. This attack is used on the less robust TKIP protocol. AES is much stronger. Here is the break down (from my memory weakest to strongest):
      1. WEP
      2. WPA/TKIP
      3. WPA/AES
      4. WPA2/TKIP
      5. WPA2/AES

      WEP Came first. It was one of those "oh we need security" bits. It's about what you would have on a wired network. Yea, no, not really. Broadcast != Hardwire so that quickly began being broken. Collisions were found. Time for something stronger

      WPA came next but it was a bit advanced and all of these older machines didn't have real

      • by tecker (793737)
        Yea knew I should have looked around. Here. Wikipedia on WPA will tell the story [wikipedia.org]. Salahx and MobyDisk have it right. It was all stop-gapping. Which is why you have a sprawling landscape of security options.
      • by AHuxley (892839)
        The US military went back and bought old tech from 1980's South Africa's used during bush wars.
        They did a MS and innovated :)
        As for WPA2/AES, my only thought is cat6/5 or optical your house if you want networking.
    • Any competent security specialist will tell you that using an established encryption algorithm is always the wise choice. Did the people behind WiFi simply lack competence?

      Yeah, so route your wireless to the public Internet only and VPN into your corporate LAN. Software is easier to fix.

  • by sadler121 (735320) <msadler@gmail.com> on Thursday October 29, 2009 @04:00PM (#29915299) Homepage

    This tells us nothing more than we knew before. Stop using WPA/TKIP and switch to WPA2/AES

    • by CastrTroy (595695)
      I have an older router that doesn't support WPA2/AES. TKIP is the best thing you can use. Guess I have to buy new hardware.
      • by DittoBox (978894)

        You may wish to check for some replacement firmware from DD-WRT before buying new hardware. I've used DD-WRT for years and love it!

        http://dd-wrt.com/site/index [dd-wrt.com]

  • News at 11!

    Wake me when someone's got something on WPA2.

    I think someone should post a story about bugs in zmodem.

    • Re: (Score:3, Interesting)

      Please provide your definition "obsolete."

      Google provides disused: no longer in use; "obsolete words"

      WEP isn't even obsolete, let alone WPA. Many people still use "old" standards. Not everyone keeps up to date with the latest wireless security. Many have unsecured networks. Many use WEP just to keep off annoying neighbors. I don't know anyone that uses WPA2+AES at home. I take it back, I do know one person that does.

      • by Tumbleweed (3706)

        WEP isn't even obsolete, let alone WPA. Many people still use "old" standards. Not everyone keeps up to date with the latest wireless security. Many have unsecured networks. Many use WEP just to keep off annoying neighbors. I don't know anyone that uses WPA2+AES at home. I take it back, I do know one person that does.

        WEP is obsolete and so is WPA. People still drive Model T cars - that doesn't mean they're not obsolete. Hell, lots of people still use *IE6*!

        I've been using WPA2+AES at home for quite some tim

        • The Slashdot sample of wireless encryption users may be different than most samples, hehe...

          I don't think WEP nor WPA are obsolete. People still use it fairly regularly, if anything at all.

          They SHOULD be obsolete - I'll agree with that statement... :)

          • by Tumbleweed (3706)

            The Slashdot sample of wireless encryption users may be different than most samples, hehe...

            I don't think WEP nor WPA are obsolete. People still use it fairly regularly, if anything at all.

            As I said, just because people are still using something, that doesn't mean it isn't obsolete. WEP & WPA *are* obsolete. Unfortunately, people are still using older hardware, as well as installing stuff without knowing how to configure it. IE6 is a good example - (VERY) obsolete technology, still in wide use.

            I think A

            • by shaitand (626655)

              The mere existence of superior technology does not make the older technology obsolete.

              Ultimately there is a critical mass of usage that must be achieved by the new technology to call it obsolete. For instance, cars are not obsolete despite the existence of rocket packs, leer jets, and flying cars.

              Without question the vast majority of wifi networks are NOT running WPA2/AES. I don't know how many 9's you need to throw in but its definitely less than one percent. I would be surprised if half the wifi networks

            • I think your definition of obsolete is different from my definition. Obsolete means "unused." I guess it can mean out of date or not current, but I don't think mots people use it that way... hehe.

              I am guessing "most" people don't know what an "unsecured access point" is. I don't think most people really think about computer security, until they are compromised or someone talks to them about it...

      • by Jesus_666 (702802)
        One of my routers is set up to support any combination of WPA, WPA2, TKIP and AES (the weaker ones for compatibility, the stronger ones because it supports them). The other one only supports WPA+TKIP but it works and thus won't be replaced unless WPA+TKIP security devolves quite a bit farther.
      • I use it and simply to keep neighbors off my budget connection. The big question is "Do I trust it?" and I have to resoundling answer "Hell NO!"

        • by shaitand (626655)

          "I use it and simply to keep neighbors off my budget connection."

          That is what security pros ignore with their ridiculous security recommendations and stringent long and complicated passwords you have to write down.

          Aside from your neighbors the most likely person to try to hack your wifi is your 12 year old girl trying to sext when she should in bed. Neither of them is likely to be able to gain access without having to account for it if you use a simple password. The minute you have to stick something to the

  • Just in time! (Score:5, Interesting)

    by AmiMoJo (196126) <mojoNO@SPAMworld3.net> on Thursday October 29, 2009 @04:14PM (#29915537) Homepage

    The timing of this new attack could not have been better - the day after the UK government announces they want to introduce a "three strikes" rule before disconnecting suspected file-sharers.

    I imagine this must be a massive headache for ISPs who have been shipping routers with WPA/TKIP enabled for compatibility (i.e. a lot of them). Suddenly their routers need remotely updating and they have to hope that most of their customer's wifi drivers will cope with the move to AES.

    • > Suddenly their routers need remotely updating...

      Why would they see a need for updating? It certainly won't come from customer demand.

    • Re: (Score:3, Informative)

      by natehoy (1608657)

      Alternatively, they could simply turn off QoS/WMM and buy a little more time, since that is (currently) a requirement for this specific attack vector, according to the submitted paper.

      There are also fixes available to TKIP that could extend its life a little longer.

      But, yeah, it's time to go AES.

      Having said all that, I fear the backlash from people who have routers that are only capable of WEP and WPA/TKIP and decide WPA/TKIP is "less secure" because no one is talking about how insecure WEP is any more. Gi

      • If you're *that* concerned, consider establishing and IPSEC tunnel across your WLAN. Yes, you will have additional headaches with this, more software, more configuration, and likely more hardware too. However IPSEC tunnel trumps all of the above in my opinion, and should hold up longer than WPA2/CCMP (aka WPA/AES). You could maybe use SSL VPN, but I'm a bit of a paranoid curmudgeon and I've got some concerns about the longterm security of many SSL VPN implementations. This is purely my opinion, offered

        • by dkf (304284)

          3) If you're really doing something that must remain confidential - maybe you shouldn't be doing it over wireless in the first place.

          Against most real threats, you should be thinking in terms of using SSL over the wire anyway because WPA/AES will not protect packets after they get past the wireless hub.

  • by zukinux (1094199) on Thursday October 29, 2009 @05:15PM (#29916567) Homepage Journal
    In-order to hack WEP it's quite simple today, you need to do the following :
    1) Listen to packets going through (monitor mode)
    2) Force people to send more packets using arp-replay packets or specially crafted packets
    3) Capture about 25000 packets and make an crypto analysis [the more packets you capture, more chance you'll be able to decrypt the password] about this packets to get password


    In WPA1/2 it's quite different :
    1) Listen to packets going through in monitor mode
    2) Wait un-till you capture a connection-login handshake (it's 2 packets both ways = 4 packets)
    3) After you capture packets in 2, you need to do Dictionary attack on the captured session login. If that word isn't in your dictionary, you're screwed.

    That's why a current wireless hacking methods against a strong not-in-dictionary WPA(PSK) password will be quite hard (if possible) to hack these days.

    Just so we all be cleared.

Given its constituency, the only thing I expect to be "open" about [the Open Software Foundation] is its mouth. -- John Gilmore

Working...