WPA cracked...

bealtine

http://www.computerworld.com/s/article/9137177/New_attack_cracks_common_Wi_Fi_encryption_in_a_minute?source=rss_news

cpu-dude

bealtine wrote: »

http://www.computerworld.com/s/article/9137177/New_attack_cracks_common_Wi_Fi_encryption_in_a_minute?source=rss_news

My wireless has always been WPA2-PSK AES (since I've had the option) - only a matter of time with WPA.

tuxy

But not WEP2

watty

Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

It's known some long while that TKIP is broken. That's why AES was added. Some WPA non-WPA2 systems can do AES, but mostly AES is only on WPA2.

This isn't new, I've been recommending for some while on this forum people use long random password on WPA with AES. And also change the Web page Admin password from default. If at home put both info on bottom of router with CD pen. If office put it on the master Password book kept in the safe.

https://lists.dns-oarc.net/pipermail/dns-operations/2008-January/002362.html
http://en.wikipedia.org/wiki/Pharming

Otherwise you can have even HTTPS info copied silently by Man In Middle attack. Much bigger risk as any web page might host the attack.

The WPA-TKIP attack has to be someone physically within your WiFi Range.

Do not use WEP or WPA+TKIP.
Do use WPA + AES or WPA2+AES

There is no WEP2

PaddyTheNth

Haven't time to read more now but it will be interesting to see whether this attack works on long TKIP passwords as the first one (Tews/Beck) would only work if the password was less than 20 characters IIRC.

38141

Wait until those open source boys get their teeth into wimax ('fixed wireless' using radio antenna offered by the likes of permanet and others around the country at present) which is inevitable as it becomes more popular and laptops come inbuilt with the receiver antenna (called wimax mobile or something at present).

dunworth1

Watty

can you tell me which is better

WPA2-PSK [AES]

or

WPA-PSK [TKIP] + WPA2-PSK [AES]

watty

You can have
WEP (PSK): Very poor, very bad
OR
WPA PSK (TKIP): Bad insecure
OR
WPA PSK (AES) : Not very compatible, but if it works, OK, not too common. Some older routers before WPA2 was ratified.

WPA2 PSK (AES): Good

There is also Enterprise WPA that uses a server. Differnet again.

NEVER run two schemes at same time as the system is only as strong as weaker one.

watty

38141 wrote: »

Wait until those open source boys get their teeth into wimax ('fixed wireless' using radio antenna offered by the likes of permanet and others around the country at present) which is inevitable as it becomes more popular and laptops come inbuilt with the receiver antenna (called wimax mobile or something at present).

Been around for several years already.

Mobile and Fixed WiMax are not the same, nor compatible.

Damien360

I am a little confused.

Is WPA2-PSK the same as WPA2 AES.

I have attached a list of wireless options from my router netgear dg834. I know my PS3, E51, laptop can all do WPA2-PSK but only the PC gives an option of AES or TKIP. I am guessing AES option is WPA2-PSK. Am I right ? Netgear wireless print server (bridge for xbox360) also seems to have the option to do WPA2-PSK.

Wikipedia confused me more. E51 has the option of WPA2 only if AES is to be used. But WPA2 only mode off for mix of PSK and AES. That is why I am confused.

That just leaves the question for my router. I have attached a screendump of my router page. Is AES an option at all ?

Apologies for attachment but I cannot figure out how to get it to display within the forum page without having to open the attachment.

@Damien360

My router should be fairly ok, WPA2-AES on 5 GHz.

I recently tried to connect a Vista SP2 laptop to my router and I was prompted for a WPS PIN rather than the WPA passphrase. Does WPS pose any additional security risk? I disabled it anyway.

@Damien360: AES is a mandatory part of WPA2 so if you set WPA2 it will use AES. PSK means "pre shared key," in other words you are using a passphrase rather than a RADIUS server to authenticate.

Penrose

WPA and WPA2 exploits have been around for a long time, I majored in Wireless Security in college. The only thing these scientists did was reduce the time to break the security.

WPA2 with RADIUS can also be compromised. It only takes time.

WiMax exploits have also been out for a long time, I worked for a major Wireless ISP (I wont name names), some of the exploits I encountered were shockingly easy to do, others very difficuly. About 90% of the WiMax exploits are currently not in the wild.

As a side note the HTTPS you use for your banking system is also very easy to break across a LAN.

Security is a relative term.Most hackers out there are not capable of understanding how to break a protocol without a step by step guide. They are in it for the fun, adventure and learning curve. You need to use a layered approach to security and remember that even with bullet proof security methods you can still get hacked.

watty

It is confusing because some user interfaces make it so.

If there is WPA2 PSK and NO mention of TKIP or AES, then it's AES

If there is options instead for TKIP and/or AES, make sure only AES is selected.

Write down the long random passphrase. Do not use a real sentence or real words.

Do not select Radius Server unless you have instructions from an IT dept to do so.


PSK is not a mode. It just means Pre Shared Key, i.e. the Router and all the clients have to have the same key saved in them before you connect.

WEP actually uses PSK too. Some WEP use HEX key and some a Passphrase. Key lengths are specific on WEP. Don't use WEP at all.

watty

Penrose wrote: »

As a side note the HTTPS you use for your banking system is also very easy to break across a LAN.

Or by driveby router DNS exploit and fake man in middle HTTPS server
Or WiFi Cafe/Hotspot.

I use a VPN to home when out and about using other WiFi.

kleefarr

Just for confirmation, am I using the best out of these 'WPA2-Enterprise' or should I use one of the other options?

watty

Enterprise Usually means use "Radius Server". But It has a Radius option too!

If your laptop connects and says it's AES, then you have the correct option, no matter what the router calls it. What Model/Make is that?

Never choose Mixed.

I'd suspect that on your router Personal = TKIP (bad) and Enterprise = AES (good).

Stupid Menu. What does the real manual say (likley a pdf on CD)?


I'd be fairly confident that for THIS Router, WPA2-Enterprise is WPA2 PSK AES.

It should be confirmed when you successfully connect and look at your WiFi properties on Laptop (depends on Laptop GUI!).

You need SP3 on Windows XP. Earlier XP without SP3 doesn't support WPA2 on the built-in Wireless software, which is usually more reliable than 3rd party.

Penrose

Encryption is how the network scrambles your data, here are the main encryption standards.

WEP - Uses RC4, it is the better than nothing solution.

WPA - Also Uses RC4 but adds TKIP, Michael, 128Bit Keys, Non Static Keys
48Bit IV, Better CRC Algorithm, RADIUS Support as additional security layers

WPA2 - Does Away with RC4, Uses CCMP and AES, Supports Pre Authentication, has an opportunistic key caching and has faster key derivation

Encryption is then combined with a method for establishing a session, this tells the network you are allowed to communicate on the network

Personal - The Client and Access point agree on a key before a session is established, Windows will remember this for you so you dont have to keep entering it in. an analogy would be when you setup a Pin code on your phone, you tell the phone what PIN code you want and the phone will remember that.

Mixed - Access Point can support WPA and WPA2 clients at the same time. the AP and client agree on what standard to use. This gives you less control over what goes on. Which isnt good!

Enterprise - Uses a RADIUS server for association, you first Authenticate to the Access Point and then Associate with a RADIUS server. This is like Entering a PIN code into an ATM machine, you enter the password the ATM then checks with a server in the bank to see if the password you entered is correct. It

It is confusing when there is so many options to choose from. WPA2-Enterprise needs a RADIUS server which you dont have. WPA2 Mixed provides less control over what happens. WPA2 Personal is the best option for you here

Now remember just because something is encrypted doesnt mean it is invincible, use other forms of security, I assume you are at home?
If your router supports it use the following additional security measures

1. Strong Password consisting of upper case/lower case numbers, numbers and special characters.
2. Limit the antenna power to the minimum level and perform a site survey.
3. Disable management of the router.
4. If you don't need wireless on the other computers in your house disable it.
5. If you are broadcasting an SSID make sure it doesnt reveal any juicy information, many people make the mistake of putting their names or addresses as an SSID never do that.

It is also a good idea to make sure you use additional security in and around your computers.

PM me if you need any help with anything.

This update allows SP2 to use WPA2. But it's probably better to use SP3 nowadays anyway.

kleefarr

It's a Linksys WAG150N and this is it's description of the WPA2-Enterprise set up.

Penrose

My guess is that your router offers an additional option of Association with a RADIUS server without encryption. i.e no WEP WPA or WPA2 encryption.

This is just a guess,I couldnt really see a use for RADIUS without encryption on a Wireless network unless you consider over head but its negligible.

In any case just pick WPA2 Personal. Just be glad you have a GUI to do this!

watty

Must be WPA2 Personal . Maybe a separate menu/field then to select TKIP or AES. Or else on that router WPA Personal is always TKIP and WPA2 is always AES (but this is not true on all routers and clients)

Really weird options. Radius without encryption is plain silly.