New Improvements On the Attacks On WPA/TKIP 166
olahau writes "Two weeks ago, improvements to the previously reported attack on WPA/TKIP, were presented at the NorSec Conference in Oslo, Norway. In their paper coined 'An Improved Attack on TKIP,' Finn Michael Halvorsen and Olav Haugen describe the improvements, which enable an attacker to inject larger, maliciously crafted packets into a WPA/TKIP protected network, thus opening the probabilities for new and more sophisticated attacks against the well-established wireless security protocol."
Nothing to see, move along (Score:3, Informative)
This tells us nothing more than we knew before. Stop using WPA/TKIP and switch to WPA2/AES
Re:Does that mean... (Score:3, Informative)
WEP is not better. Don't use WEP.
WPA2+AES is better.
Re:Does that mean... (Score:3, Informative)
WEP has always been less secure than WPA, especially because you can just brute-force a WEP password.
Stick with WPA2 and you'll be alright for a while.
Re:Nothing to see, move along (Score:1, Informative)
WPA/AES is safe, too. My Wii doesn't seem to like my router's implementation of WPA2.
Re:Does anyone know... (Score:5, Informative)
WEP is "Wired Equivalent Privacy". It wasn't supposed to be very strong - about a secure a regular wired network. However, it wasn't known back then just HOW weak it was. As a stopgap measure, WPA PSK (TKIP) was created. Since it uses the same algorithm as WEP, (RC4), existing equipment could be easily upgraded with just a firmware/software update. A long-term solution WPA2 PSK (AES) was created as well.
WPA-PSK (TKIP) is still far, far better than WEP by many order of magintude, but WPA2-PSK is better, and if all you wireless devices support it (in particular the Nintendo DS DOES NOT, The DSi does, but not for DS games), then that preferred.
Re:Does that mean... (Score:5, Informative)
no. Actually, let me rephrase that... "NO!!!!!!"
WEP has been broken. Terribly, horribly, and completely broken. Not only are attacks possible, they are out there, and they are the data-intercept type. It's somewhat more secure than running Open and hiding your SSID, but not a lot more.
WPA/TKIP has a vulnerability that malformed packets may be inserted in to the data stream. This opens the door for possible attacks. That does not mean attacks are currently possible, nor does it necessarily mean that data-intercept attacks will be possible near-term. You are "nearly safe" running WPA/TKIP. WPA/TKIP uses the same encryption methodologies as WPA but encrypts more data and is a lot harder to break.
WPA/AES has, to my knowledge, no presently-known attack vector vulnerabilities. That can (and probably will) change.
But if your gear is capable of WPA/AES, switch to that. If not, leave it as WPA/TKIP.
And for the love of Pete, switch to a longer password with some nice scrunchy numbers, letters (upper and lower) and a few special characters. 10 total characters should do it if you use the prefix of some phrase and replace a few letters with special characters.
Example: The Lord of the Rings is the Greatest Series Ever Written
TLotRitGSER This is actually a decent-security password, you've got decent length, 11 characters, and some upper/lower goodness.
Now add the concepts that it was originally actually one book, (&1b), and not about the 7 dwarves (!7d) to the end. TLotRitGSER&1b!7d
Seriously secure password, and you're going to remember the hell out of it. Of course, it helps if you use something memorable to you.
Then you'll never go around saying "Amazing! That's the exact same combination I have on my luggage!"
Re:Does that mean... (Score:3, Informative)
If I recall correctly, WPA/TKIP was an "interim" solution intended to be more secure than WEP but compatible with most WEP hardware. As such it had to leverage some of the low-level components of WEP, of which TKIP was one of them.
So effectively, WPA/TKIP has vulnerabilities because it inherited them from WEP.
WPA2/AES eliminates all "WEP heritage cruft".
Re:Just in time! (Score:3, Informative)
Alternatively, they could simply turn off QoS/WMM and buy a little more time, since that is (currently) a requirement for this specific attack vector, according to the submitted paper.
There are also fixes available to TKIP that could extend its life a little longer.
But, yeah, it's time to go AES.
Having said all that, I fear the backlash from people who have routers that are only capable of WEP and WPA/TKIP and decide WPA/TKIP is "less secure" because no one is talking about how insecure WEP is any more. Given a choice, WPA/TKIP is still the better selection of the two. As far as I know, no one has demonstrated or claimed the ability to actually compromise the datastream in WPA/TKIP, though I'm sure that's a matter of time.
3 little pigs analogy:
Open = living under the stars. Wolf eats you now.
Opwn/hidden SSID = living under the stars with a wet paper towel as a shield. Wolf eats you in 2-3 seconds.
WEP = straw house. Wolf eats you in 5 minutes.
WPA/TKIP = wooden house with reinforcements. Wolf hasn't figured out how to eat you yet, but it's a matter of not much time before he does. Change or wolf will eat you soon.
WPA2/AES = Sealed concrete bunker 100 feet underground. Wolf will figure out how to get into it eventually, but you're safe for a while.
Nothing is ever permanently secured against the wolf. Eventually WPA2/AES will be broken and we'll be on to the Next Big Thing. But for now, I'd call WPA/TKIP "OK for home use, but start shopping for a router and new wireless gear, like, right now."
Short information about current Wireless Hacking (Score:5, Informative)
1) Listen to packets going through (monitor mode)
2) Force people to send more packets using arp-replay packets or specially crafted packets
3) Capture about 25000 packets and make an crypto analysis [the more packets you capture, more chance you'll be able to decrypt the password] about this packets to get password
In WPA1/2 it's quite different
1) Listen to packets going through in monitor mode
2) Wait un-till you capture a connection-login handshake (it's 2 packets both ways = 4 packets)
3) After you capture packets in 2, you need to do Dictionary attack on the captured session login. If that word isn't in your dictionary, you're screwed.
That's why a current wireless hacking methods against a strong not-in-dictionary WPA(PSK) password will be quite hard (if possible) to hack these days.
Just so we all be cleared.
Re:Does that mean... (Score:5, Informative)
Did you even read the paper or take the time to understand the attack?
I'm one of the authors of IEEE 802.11i. I did, and it's not good.
This is a significant advance in attack technique on TKIP. Get off of TKIP as quickly as you can. NOW.
On one hand, as the paper's authors point out, we got seven years of life out of a band-aid fix that was designed to buy us five. I'm pretty happy with that.
On the other hand, the Beck and Tews attack opened some cracks in the walls, this latest paper wedges that crack further open by a factor of 14, and provides some practical real-world exploit scenarios. The bad guys will come up with more, trust me.
This is bad.
Migrate off of TKIP NOW.
Your advice for the length of a passphrase is off as well, BTW. IEEE 802.11i CLEARLY states that a passphrase of less that 20 characters in length does not offer adequate security.
Use a strategy to choose a LONG, STRONG passphrase. Type it into notepad. Cut and paste it wherever it needs to go to eliminate typo errors.
Cheers.....
Red
Re:Does that mean... (Score:3, Informative)
WEP has always been less secure than WPA, especially because you can just brute-force a WEP password.
That's not the problem. You can brute force a WPA-TKIP password if you capture the handshake as someone connects, it just takes a really long time so it's not practical to do anything except a dictionary attack (and that would still take a loooong time). The problem with WEP is that you don't need to brute force the password, you can figure it out by collecting enough data packets. The only think slowing you down is the speed of the network. To give you an idea, I downloaded the example packets from aircrack-ng (basically simulating collecting enough packets from a WEP network), and my computer cracked the password in less than 15 seconds.
Re:AM or FM? (Score:3, Informative)
They [faqs.org] can. [wikipedia.org]
Re:Does that mean... (Score:3, Informative)
The evil people you are so concerned about protecting these people from are fucking pricks like you. Abusing their network because you are afraid someone might abuse their network is so fucking hypocritical it's sickening. Not to mention someone who actually things WEP is more secure than WPA/TKIP (or secure at all) is a fucking dumbass and has no right lecturing others about security.
tl;dr: You are a worthless piece of shit.
Re:You're one of the authors? (Score:3, Informative)
Can we please have a way to have secure _anonymous_ WiFi access?
You're solving the wrong problem. WiFi 'security' is single-hop security. It's for local networks. If you are using a WiFi hotspot to connect to a remote site then you have a few dozen network segments between you and the remote party that may or may not be trustworthy. If security is important, you should be using end-to-end encryption, not encryption for the first hop and then no security for the next twenty. This applies to DNS too. You should not be trusting DNS from a WiFi hotspot unless all of the servers in the chain support DNSSEC.
The point of things like WPA is to let you use the wireless network in the same way that people have been using wired ones; publishing services that anyone with physical access to the network can use. If you can plug in a computer to the network socket, then you can access the shared printer, for example. If you have the WPA key, you can do the same. That's all that it's for, and even using it for that is trading some security for convenience.
Oh, and most browsers let you permanently trust a self-signed certificate for a single site. That means that you will get the a notification when the certificate changes.