On Saturday, November 14, 2009, Kurt Granroth wrote: > Lisa, > > I'll grant you the denial-of-service attack, but I'm still not finding > any evidence that WPA is fundamentally flawed (much less "easier to > crack... than WEP"). You simply capture the auth with airocrack-ng. Even 20 characters can be decrypted eventually! A dictionary attack is faster and a truely random passwrd delays the process and none of this is any reason to not use security tools but the fact is the protocol has been broken! I know I put in a nomadix and cisco aironet with active directory and radius in 2003' radius is anice solution; we used them for our dialup with livingstons at Nike and various ISPs. > I read the aircrack article earlier to see if there was new info that I > had missed.  I also read the article you have on obnosis.com.  Finally, > I read the LucidInteractive article you just provided. > > ALL of them say the same thing: the only valid attack on WPA-PSK is a > dictionary or brute force attack! > > Okay, yes, it's very handy that you can do the password cracking > offline.  But see the links I listed earlier... any decently crafted > password will be nigh IMPOSSIBLE to crack unless you have nearly > infinite resources -- offline or no. > > I realize that you likely (for sure) know more about this than I do so > if I keep missing some fundamental flaw in PSK in all of the articles > provided, please enlighten me! > > Kurt > > On 11/14/09 5:59 PM, Lisa Kachold wrote: >> Kurt, >> >> As you stated, WPA/WPA2-PSK security is inherently flawed: >> >>     * One flaw allowed an attacker to cause a denial-of-service attack, >>       if the attacker could bypass several other layers of protection. >>     * A second flaw exists in the method with which WPA initializes its >>       encryption scheme. Consequently, it's actually easier to crack WPA >>       than it is to crack WEP. This flaw is the subject of this article. >> >> >> A WPA key /can/ be made good enough to make cracking it unfeasible. WPA >> is also a little more cracker friendly. By capturing the right type of >> packets, you can do your cracking offline. This means you only have to >> be near the AP for a matter of seconds to get what you need. WPA >> basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS >> is not so much. >> >> /_*But how many people actually have WPA RADIUS encryption?*_/ >> >> Here's another link that includes PSK cracking Howto: >> http://www.aircrack-ng.org/doku.php?id=cracking_wpa >> >> Using airocrack-ng tools in Backtrack (per my presentation materials at >> http://plug.phoenix.az.us show) WEP and WPA/WPA2-PSK are easy to crack. >> >> Does anyone here run Radius? >> >> Here's an accompanying document to better explain it: >> http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks >> >> >> On Sat, Nov 14, 2009 at 7:32 PM, Kurt Granroth >> > > wrote: >> >>     On 11/14/09 12:02 PM, Lisa Kachold wrote: >>      > The whole concept of "wireless encryption security" is somewhat moot >>      > with airdump-ng etc tools. >>      > >>      > WEP keys are really easy to break. >>      > >>      > WPA is also easily encroached - but harder with a truely unique >>     secure >>      > key (which few people use) >>      > >>      > It just exists as part of the big "security" matrix to keep the >>     honest >>      > people out.  Crackers can get right in anyway! >>      > >>      > http://www.obnosis.com/Layer8Wireless.html >> >>     Okay, I have to take exception to how this is written.  You are >>     comparing the security of WEP and WPA as if they are somehow equivalent >>     or equally "easy" to crack.  That is just not true. >> >>     WEP is fundamentally broken.  It can be reliably cracked in seconds, in >>     most cases.  Its use is more of a "please don't use this network" flag >>     than any real attempt to keep people out. >> >>     WPA, on the other hand, is NOT broken.  Only one variation of it is >>     crackable at all (PSK) and even then, the attack is a brute force >>     dictionary attack.  By that argument, ALL password based encryption is >>     crackable. >> >>     Yes, you could successfully argue that since MOST home APs use PSK and >>     MOST probably just set the password to 'admin' or 'linksys' or some >>     other trivial name, that IN PRACTICE, it's not hard to crack most uses >>     of WPA. >> >>     But saying that "[c]rackers can get right in anyway" just isn't true. >>     All that is needed is a reasonably difficult password.  Don't use a >>     dictionary word and make it decently long and it quickly becomes far too >>     difficult to crack to make it worth it for all but the most extreme >>     cases.  It's either VERY expensive or takes YEARS. >> >>     I'm sure that you read this: >> >>     http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html >> >>     It answers the question: "how much does it cost to crack a password?" >>     It assumes that you are using Amazon EC2 at $0.30 an hour.  A twelve >>     character password using the full ASCII set would cost over $8 TRILLION >>     dollars to crack.  Even much smaller passwords are still in the >>     millions. >> >>     The password that I use on my WPA2-PSK AP is 20-odd chars long and spans >>     the ASCII range.  Far from allowing crackers to "get right in", it's >>     nearly impossible for them to do so. >>     --------------------------------------------------- >>     PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >>     >>     To subscribe, unsubscribe, or to change your mail settings: >>     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> >> >> >> >> -- >> Skype: (623)239-3392 >> AT&T: (503)754-4452 >> www.it-clowns.com >> >> >> >> >> >> >> >> >> >> >> >> >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- Skype: (623)239-3392 AT&T: (503)754-4452 www.it-clowns.com --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss