Foo - Ignore if not a geek -- WPA cracked

For you wireless security geeks, looks like WPA (http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access) got (http://blogs.zdnet.com/gadgetreviews/?p=471) cracked (http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9119258&intsrc=hm_list).

This is WPA-TKIP, not WPA2-AES, so if you are using WPA2, you are OK. WPA was intended to be a transitory protocol, to let older equipment which didn't have the CPU power for AES encryption have non-trivial security.

For you non geeks, if you are using a wireless Internet connection, get it checked out, because you might have uninvited guests sucking up your bandwidth soon.

*bleh* I am not too afraid. I just surveyed my neighbors' routers and two are unsecured without even changing the default PW, tsk-tsk. 3 are on outdated WEP. Not like a hacker would target me when all that is out there.

You think WPA2-TKIP with PSKs would be safe?

Ha! Break my WEP, hackers, I dare you!

I've wardriven all the way to Denver from here.

Fully half the networks I pinged were unsecured. Ya think this will really matter?

Given the number of unsecured networks near me that are named "Linksys" and "NetGear", I doubt I have much to worry about.

Maybe I'm just anal. AT&T will soon be charging by the bit over their lines. People with unsecured DSL segments will be feeling the pain when their monthly bill comes in and William Wardriver who lives next door has been downloading via BitTorrent every episode of "Married With Children" in full HD.

Guess when I buy a new AP, I'm going WPA2-Enterprise. This plus a ZeroShell RADIUS vmware appliance should do a decent job.

My security is based upon range.

If anyone can get close enough to connect with my network...they're also within rifle range. ;)

"Cracked hard" is a bit of an overstatement of this attack, don't you think?

They pretty much retracted the story this morning.
The encryption method is still safe, they've 'just' found a way to decrypt short transmitted packets, longer (normal) packets are still safe.

Given the number of unsecured networks near me that are named "Linksys" and "NetGear", I doubt I have much to worry about.

+1 :rolleyes: My neighbor had an unsecure "Linksys" network. I switched to it from my back yard for kicks one afternoon. :o He has since changed it to his name and secured it, however.

Ours is secure, with an unusual name, and doesn't broadcast. WPA2, as well.

Darn you guys! How am I ever to get on the internet at night with people encrypting their stuff! Hmmph!



:p:p

meh.....128 character encryption. Should last at least 2 minutes.

they only broke the tkip a little bit

the did not break the encrypted data


still will take a lot of time and cpu power to break into your actual data stream. about 4 years
and 1000 nvidia GPU's.

------------------
your attempt at panic is fail
------------------
The early coverage of this crack indicated that TKIP keys were broken. They are not. "We only have a single keystream; we do not recover the keys used for encryption in generating the keystream,"

AES is immune, and choosing a long network key at or more than 20 characters that are relatively random, can defeat all known brute-force key cracking methods.

WPA isn't broken.

If the WPA is cracked, they better get it fixed. Last time we had a bad depression, the WPA saved us.

I haven't checked my neighborhood lately, but my 79 year old neighbor mentioned that her son used some neighbors wireless with his laptop and she assumed it was mine when I mentioned I ran wireless, but I encrypt and don't broadcast, so I know there is at least one unsecured wireless in my semi-rural neighborhood...

Actually, I have loaned out my laptop, so I don't even run my wireless router right now, so I am even more secure. ;)

as I said I will say again

wpa is not cracked. it is rekeyed all the time. they can't bust in. by the time the most powerful computers on earth crack into your data, it will be on it's 1 millionth rekey.

so, useless to try in a real life scenario. even spys can't access it.

if you pump more data it will rekey even faster


fail


WEP is the encryption that is breakable in under 1 minute. most people will use WEP because unpatched
XP and a lot of Xboxes only use WEP and can't use WPA until they are upgraded

Anything out there that explains wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.

Anything out there that explains wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.

Same here.

I figure if my bill goes up because one of my 3 neighbors in range is using my DSL, I'll just unplug it until I want to use it, or use a wire instead.

Anything out there that explain wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.

Think of a wireless connection as packages going up chutes in a mail office preparing for delivery. The mail office is sending packages, routing them to their proper destinations. Imagine for a second that someone wanted to attempt to steal a package while in transit. Wireless security is the protection that keeps that thief from entering the origin of these packages. This probably isn't the best analogy to use, but it's all that I got.

In a wireless network connection, the computer and the wireless access point where the signal is being originated from are exchanging data "packets" between each other. Each of these packets contains the requested data, as well as header information, which contains important information about the connection established between the two computers. Anyone with a computer and a bit of time can "sniff" out these packets, but wireless security tries to protect this stream of information by authenticating each user that wants to use that wireless network.

The first form of wireless security that was widely available was the Wireless Encryption Protocol, or WEP. WEP depends on generated hexadecimal keys that had to be entered in order for the computer to gain access. The only problem with this was that snippets of this key was appended onto EVERY packet transmitted between the computer and the access point. This meant that if you waited around a while, you could eventually force a solution to the key and log on.

This was superseded by Wi-Fi Protected Access, or WPA. This was a much more secure protection mechanism, in that the authentication process was designed to be much tougher to crack. There are different kinds of authentication protocols, which can be a simple as a passphrase (a word or hex key) to as complex as having computers compare certificates against a special server. The former method can be made to be really easily crackable (which is the case for MANY wireless router configurations out there now) to nearly impossible (a truly random passphrase). The later is extremely difficult to crack.

HOW TO PROTECT YOURSELF.

With a bit of tech savvy and common sense, it's actually really simple to protect your wireless network from crackers and/or hackers (YES, there's a difference).



HIDE YOUR SSID. Your SSID is the name of your wireless network. This can, and should, be hidden, especially if you're in a very public place. Windows has a harder time connecting to networks with hidden SSIDs, but it can do it. Most, if not all, routers provide this option, and wards off a lot of the newbies.
USE WPA. As I explained before, WPA is your best bet in protecting your network. With a strong password, it will take even the most powerful computer a long time to crack the passphrase. Some routers have an Easy Setup button that takes care of creating a strong password for you. If your card doesn't support WPA, get one that does.



Use those two pieces of advice, and you'll be safe and sound.

*bleh* I am not too afraid. I just surveyed my neighbors' routers and two are unsecured without even changing the default PW, tsk-tsk. 3 are on outdated WEP. Not like a hacker would target me when all that is out there.

You think WPA2-TKIP with PSKs would be safe?

You think that's bad? When I go to Hoboken, I CAN LOG INTO PEOPLE'S ROUTER CONTROL PANELS WITHOUT DOING ANY HARD WORK.

I could disconnect their internet access, lock them out of their routers and, if I'm apt enough, completely brick them so they couldn't access them with a reset. But I'm not that cruel.

Anything out there that explains wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.

A big concern with wireless networks is that anybody with a wireless card can listen in on network traffic (it's just radio waves), or jump on the network themselves without the permission of the network's owner and potentially interfere with network traffic. To combat these issues, there are a few security schemes that scramble (encrypt) the radio traffic (to prevent eavesdropping) and provide some sort of authorization control (to prevent strangers from signing on) and authentication (to make sure traffic is really from the computer it claims to be from).

In very general terms, these schemes usually require every authorized user of a wireless network to know some sort of password to sign on to the network, and once signed on, an encryption key is established between the user and the wireless router that is used to encrypt all communications between the user and the router. There is some really interesting stuff going on here; basically the computer and the router agree on this key in such a way that some intruder recording all the traffic during the key negotiation can't figure out what was agreed upon.

The "trick" is to balance security with performance. You can use very strong encryption, but the speed of the network may suffer, and wireless devices might have a shortened battery life due to the power demands of the extra processing required.

The three most common schemes are:

WEP - The simplest scheme. This is completely broken. It is trivial to break this, mainly because this scheme was not designed by people with sufficient knowledge of cryptography. If your network is protected by WEP, anybody with a computer can break in with just a few minutes of (mostly automated) work. It is, however, better than nothing. Think of it like a cheap file cabinet lock; it sends the message that your network is private, but if somebody really wants in, they can get in with some simple tools.

WPA - The system mentioned here. This is significantly better than WEP, but apparently some minor weaknesses have been discovered. WPA is not "broken" in the same sense that WEP is. This was mainly designed for devices not powerful enough to run WPA2, the next item. This is find for home use, but if you're running a nuclear missile control system you might want to run WPA2.

WPA2 - The most secure common scheme, but also the most resource-intensive.

If you have a home network, WPA or WPA2 are the preferred schemes to use. You can usually specify which in your wireless router's configuration utility. Some older devices only use WEP, some just have WEP and WPA.

You think WPA2-TKIP with PSKs would be safe?

If you have a really strong and well-configured VPN front-end, you don't even need wireless encryption.

You think that's bad? When I go to Hoboken, I CAN LOG INTO PEOPLE'S ROUTER CONTROL PANELS WITHOUT DOING ANY HARD WORK.

I could disconnect their internet access, lock them out of their routers and, if I'm apt enough, completely brick them so they couldn't access them with a reset. But I'm not that cruel.

How physically close do you have to be in order to do this?

Within the router's broadcasting range.

Unless you have some tools to extend your card's scanning range.

This whole thread is FAIL.

http://img155.imageshack.us/img155/8619/1180318496871dz9.jpg

^^^

Correct.

in laymans terms....


you have a wireless laptop that sends data in little chunks of numbers


unencrypted, anyone can sniff that out of the air and replay your information and see all your info
what you are downloading or uploading, including forms you fill out and passwords you enter into
web sites


wireless encryption basically scrambles those numbers in each packet using a crypto-key method,
using substitution boxes. like a football betting grid, numbers at the top, and along the side, point
to some random number in the grid. this is the substitution number. anyone with a key to the grid
can unscramble the numbers

the stronger the encryption, the more substitution grids (called s-boxes). strong encryption has
a few dozen s-boxes and grids are larger.

your laptop has one half the key

your wireless access point has the other half of the key

only these two devices can run the scrambled packets through


now, how those keys are negotiated is another layer of security. weak security is set one
key and leave it. that is crackable over time, as anyone can keep trying to unscramble until
they figure it out.

stronger encryption changes the keys on the fly, so one unscrambled chunk doesn't do much
good because the other chunks are scrambled differently.

the s-boxes are fixed, but without the keys it is useless.

also another method in encryption is xor but I won't discuss that. it is another
simple way to truly hide information in a fast simple replacement scheme. xor
is dead simple but cannot be reversed without the keystream





that is the basic layman explaination. there is a lot more to it technically, but it is also just that simple


it would take a few hundred pages to correctly explain data encryption algorithms and the different types.

all you really gotta do is keep up to date with the latest patches and updates from your laptop operating system, and the makers of your wireless access point, and generally choose the strongest method

Layman is a relative term.

My security is based upon range.

If anyone can get close enough to connect with my network...they're also within rifle range. ;)

You're not the only one.....Well.......We don't have rifles. But the only way someone could get in range of our wifi without us knowing (electric fence all around the yard) is a teenager with a laptop and very directional antenna. And even then, that guy has to try to crack our wifi. The only one that could get through would probably the NSA.

I have a guard weasel inside my computer case.

I have a guard weasel inside my computer case.

xplody pup is a weasel?

You're not the only one.....Well.......We don't have rifles. But the only way someone could get in range of our wifi without us knowing (electric fence all around the yard) is a teenager with a laptop and very directional antenna. And even then, that guy has to try to crack our wifi. The only one that could get through would probably the NSA.

Any thug can break your wifi security, if they get close enough (http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis).

Social engineering works every time.

I have a guard weasel inside my computer case.

That security protocol is easily cracked with Bacon-Cheddar Weasel Snax.

The bacon cheddar snacks have to get past Jsharr mouth v 1.0

Any thug can break your wifi security, if they get close enough (http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis).

That's the thing. They have to get close enough. Which is darn near impossible without us knowing.

Within the router's broadcasting range.
Awesome. Considering my computer can lose it's connection when stepping out of the room, someone would have to hop my noisy gate, traverse dog-infested terrain, hope I don't hear the gate/dogs and come shooting, enter The Shrine of the Silver Monkey, jump into The Pit of Despair, OR descend into the Mine Shaft, enter The Tomb of the Ancient Kings, avoid the Temple Guards, enter The Room of the Golden Idols, and crawl their way through The Cave of Size to the finish! The choice is yours, and yours alone! Good luck!





wait, what?

Awesome. Considering my computer can lose it's connection when stepping out of the room, someone would have to hop my noisy gate, traverse dog-infested terrain, hope I don't hear the gate/dogs and come shooting, enter The Shrine of the Silver Monkey, jump into The Pit of Despair, OR descend into the Mine Shaft, enter The Tomb of the Ancient Kings, avoid the Temple Guards, enter The Room of the Golden Idols, and crawl their way through The Cave of Size to the finish! The choice is yours, and yours alone! Good luck!

wait, what?


Never underestimate the power of a properly built directional wifi antenna. Your typical Pringles-can cantenna laughs at your Temple Guards.

Awesome. Considering my computer can lose it's connection when stepping out of the room, someone would have to hop my noisy gate, traverse dog-infested terrain, hope I don't hear the gate/dogs and come shooting, enter The Shrine of the Silver Monkey, jump into The Pit of Despair, OR descend into the Mine Shaft, enter The Tomb of the Ancient Kings, avoid the Temple Guards, enter The Room of the Golden Idols, and crawl their way through The Cave of Size to the finish! The choice is yours, and yours alone! Good luck!





wait, what?

I'd just tap the cable at the road. :innocent:

Never underestimate the power of a properly built directional wifi antenna. Your typical Pringles-can cantenna laughs at your Temple Guards.

You've gotta love the cardboard and aluminum foil antennas.

Ok then, I'll just cut my service and go back to the 2 cans with the string in the middle.

Secure as a night light.

Anything out there that explains wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.
Yes. This is not nearly as big a deal as people make of it.

The short version is that you don't need to worry about encryption because things that need to be secure (online banking, personnel, login routines) typically already are encrypted whether you know it or not.

You gain next to nothing by encrypting everything again, and while people can see where you surf the web, searches you type in Google, posts to BF, etc, it's just garbage. Yes, you could transmit passwords in cleartext by storing them in email read over an unencrypted connection, but you have to sift through a LOT of data to get anything vaguely interesting. Anyone smart enough to do this will attack data stores directly rather than putzing around with individual consumers.

Anyone out here who actually sniffs traffic is free to contradict me.

With computers, social engineering works far, far better than sophisticated hacks. The way that most people get their bank accounts hacked is when purposely install software (file sharing, games, image manipulation, anti spyware, etc) which captures passwords in addition to doing what it purports to do.

Security is a matter of common sense. Anyone with a rock in their hand has a key to your house and your car. Even if you reinforce your doors and get polycarbonate windows. I can tear them right out of the frame with a crowbar or I can just cut or hammer through your walls.

But people sleep at night just fine, as they should. Computer security should be thought of the same way. Excessive paranoia will just waste your time and cause you technical problems.

Yes. This is not nearly as big a deal as people make of it.

The short version is that you don't need to worry about encryption because things that need to be secure (online banking, personnel, login routines) typically already are encrypted whether you know it or not.

You gain next to nothing by encrypting everything again, and while people can see where you surf the web, searches you type in Google, posts to BF, etc, it's just garbage. Yes, you could transmit passwords in cleartext by storing them in email read over an unencrypted connection, but you have to sift through a LOT of data to get anything vaguely interesting. Anyone smart enough to do this will attack data stores directly rather than putzing around with individual consumers.

Anyone out here who actually sniffs traffic is free to contradict me.

With computers, social engineering works far, far better than sophisticated hacks. The way that most people get their bank accounts hacked is when purposely install software (file sharing, games, image manipulation, anti spyware, etc) which captures passwords in addition to doing what it purports to do.

Security is a matter of common sense. Anyone with a rock in their hand has a key to your house and your car. Even if you reinforce your doors and get polycarbonate windows. I can tear them right out of the frame with a crowbar or I can just cut or hammer through your walls.

But people sleep at night just fine, as they should. Computer security should be thought of the same way. Excessive paranoia will just waste your time and cause you technical problems.

Exactly. Make friends with the right people and ask the right questions, and you can get basically ANYTHING that you need.

Heh...

I've seen three people (aside from myself) post in this thread who seem to know what they're talking about. The three of you know who you are.

If you're sitting there wondering if you're one of them, you're not.


:D

When I used to run an extensive home network, I had an open "decoy router" hooked up to a box that pingflooded anyone trying to access it.

Two years ago i logged into my neighbors router using the default password and renamed the network "I hacked into this, fix it". It's still got the same name...apparently i wasn't scary enough.

Heh...

I've seen three people (aside from myself) post in this thread who seem to know what they're talking about. The three of you know who you are.

If you're sitting there wondering if you're one of them, you're not.

I know what I'm talking about when I order a beer. Does that count? Wait, that means I'm wondering. Forget it....

Heh...

I've seen three people (aside from myself) post in this thread who seem to know what they're talking about. The three of you know who you are.

If you're sitting there wondering if you're one of them, you're not.


:D

Well...Mr. Crassic and 172.0.0.1 are two of them.........but who's the third..........hmmmm.......spider

Well...Mr. Crassic and 172.0.0.1 are two of them.........but who's the third..........hmmmm.......spider
There is also the general rule that if you think you know what's going on, you don't. So whether you think you know or don't know, you're screwed...