09 November 2004
WPA security cracked
Is your wireless network open to attack?
By John Cox, Network World Fusion
A dictionary attack tool designed to exploit a weakness the Wi-Fi
Protected Access security for wireless LANs has been published on the
Web.
The software, called WPA Cracker, exploits one option that can be
used in WPA, usually in consumer applications or residential WLANs: a
pre-shared encryption key. This key is simpler to use and deploy than
using the more complex 802.1x for authentication.
With the pre-shared key, a common shared pass phrase is set for users
and the WLAN access point. This phrase and the Service Set Identifier
(SSID) - the network name - of the WLAN access point then are changed
via an algorithm into an encryption key used to scramble the packets
between clients and the access point.
The weakness was first reported by Wi-Fi Networking News. WPA Cracker
is available at tinypeap.com, which also offers a very compact Radius
server supporting 802.1x authentication using PEAP as its
authentication protocol, designed to run on WLAN access points such
as the Linksys WRT54G.
The WPA vulnerability was first disclosed a year ago in a paper. The
author, Robert Moskowitz, a senior technical director as ICSA Labs,
noted that using the pre-shared key broadcasts in the clear certain
information needed to create and verify the session encryption key.
This information can be recovered and then subjected to an offline
dictionary attack, usually with a program that runs through words and
character combinations until it finds the original pass-phrase.
The attack will not work against nets that don't use the pre-shared
key option. But Moskowitz paints a disturbing picture for those that
do rely on it, saying this attack is even easier than those mounted
against the original WLAN encryption scheme called WEP. WPA was
designed to correct key weaknesses in WEP.
"As the WPA standard states, passphrases longer than 20 characters
are needed to start deterring (dictionary) attacks. This is
considerably longer than most people will be willing to use," he
writes. "This offline attack should be easier to execute than the WEP
attack."
---
* Origin: [adminz] tech, security, support (192:168/0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:04:02
search: