running Linux on odd devices is SOOO COOL!
Lisa Kachold
lisakachold at obnosis.com
Sun Nov 15 05:57:32 MST 2009
On Saturday, November 14, 2009, Kurt Granroth
<kurt+plug-discuss at granroth.com> wrote:
> Lisa,
>
> I'll grant you the denial-of-service attack, but I'm still not finding
> any evidence that WPA is fundamentally flawed (much less "easier to
> crack... than WEP").
You simply capture the auth with airocrack-ng.
Even 20 characters can be decrypted eventually! A dictionary attack
is faster and a truely random passwrd delays the process and none of
this is any reason to not use security tools but the fact is the
protocol has been broken! I know I put in a nomadix and cisco aironet
with active directory and radius in 2003'
radius is anice solution; we used them for our dialup with livingstons
at Nike and various ISPs.
> I read the aircrack article earlier to see if there was new info that I
> had missed. I also read the article you have on obnosis.com. Finally,
> I read the LucidInteractive article you just provided.
>
> ALL of them say the same thing: the only valid attack on WPA-PSK is a
> dictionary or brute force attack!
>
> Okay, yes, it's very handy that you can do the password cracking
> offline. But see the links I listed earlier... any decently crafted
> password will be nigh IMPOSSIBLE to crack unless you have nearly
> infinite resources -- offline or no.
>
> I realize that you likely (for sure) know more about this than I do so
> if I keep missing some fundamental flaw in PSK in all of the articles
> provided, please enlighten me!
>
> Kurt
>
> On 11/14/09 5:59 PM, Lisa Kachold wrote:
>> Kurt,
>>
>> As you stated, WPA/WPA2-PSK security is inherently flawed:
>>
>> * One flaw allowed an attacker to cause a denial-of-service attack,
>> if the attacker could bypass several other layers of protection.
>> * A second flaw exists in the method with which WPA initializes its
>> encryption scheme. Consequently, it's actually easier to crack WPA
>> than it is to crack WEP. This flaw is the subject of this article.
>>
>>
>> A WPA key /can/ be made good enough to make cracking it unfeasible. WPA
>> is also a little more cracker friendly. By capturing the right type of
>> packets, you can do your cracking offline. This means you only have to
>> be near the AP for a matter of seconds to get what you need. WPA
>> basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS
>> is not so much.
>>
>> /_*But how many people actually have WPA RADIUS encryption?*_/
>>
>> Here's another link that includes PSK cracking Howto:
>> http://www.aircrack-ng.org/doku.php?id=cracking_wpa
>>
>> Using airocrack-ng tools in Backtrack (per my presentation materials at
>> http://plug.phoenix.az.us show) WEP and WPA/WPA2-PSK are easy to crack.
>>
>> Does anyone here run Radius?
>>
>> Here's an accompanying document to better explain it:
>> http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks
>>
>>
>> On Sat, Nov 14, 2009 at 7:32 PM, Kurt Granroth
>> <kurt+plug-discuss at granroth.com
>> <mailto:kurt%2Bplug-discuss at granroth.com>> wrote:
>>
>> On 11/14/09 12:02 PM, Lisa Kachold wrote:
>> > The whole concept of "wireless encryption security" is somewhat moot
>> > with airdump-ng etc tools.
>> >
>> > WEP keys are really easy to break.
>> >
>> > WPA is also easily encroached - but harder with a truely unique
>> secure
>> > key (which few people use)
>> >
>> > It just exists as part of the big "security" matrix to keep the
>> honest
>> > people out. Crackers can get right in anyway!
>> >
>> > http://www.obnosis.com/Layer8Wireless.html
>>
>> Okay, I have to take exception to how this is written. You are
>> comparing the security of WEP and WPA as if they are somehow equivalent
>> or equally "easy" to crack. That is just not true.
>>
>> WEP is fundamentally broken. It can be reliably cracked in seconds, in
>> most cases. Its use is more of a "please don't use this network" flag
>> than any real attempt to keep people out.
>>
>> WPA, on the other hand, is NOT broken. Only one variation of it is
>> crackable at all (PSK) and even then, the attack is a brute force
>> dictionary attack. By that argument, ALL password based encryption is
>> crackable.
>>
>> Yes, you could successfully argue that since MOST home APs use PSK and
>> MOST probably just set the password to 'admin' or 'linksys' or some
>> other trivial name, that IN PRACTICE, it's not hard to crack most uses
>> of WPA.
>>
>> But saying that "[c]rackers can get right in anyway" just isn't true.
>> All that is needed is a reasonably difficult password. Don't use a
>> dictionary word and make it decently long and it quickly becomes far too
>> difficult to crack to make it worth it for all but the most extreme
>> cases. It's either VERY expensive or takes YEARS.
>>
>> I'm sure that you read this:
>>
>> http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
>>
>> It answers the question: "how much does it cost to crack a password?"
>> It assumes that you are using Amazon EC2 at $0.30 an hour. A twelve
>> character password using the full ASCII set would cost over $8 TRILLION
>> dollars to crack. Even much smaller passwords are still in the
>> millions.
>>
>> The password that I use on my WPA2-PSK AP is 20-odd chars long and spans
>> the ASCII range. Far from allowing crackers to "get right in", it's
>> nearly impossible for them to do so.
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>
>>
>>
>> --
>> Skype: (623)239-3392
>> AT&T: (503)754-4452
>> www.it-clowns.com <http://www.it-clowns.com>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
More information about the PLUG-discuss
mailing list