WPA Cracking Proof of Concept Available
WPA passphrases could be cracked—and now the software exists: The folks who wrote tinyPEAP, a firmware replacement for two Linksys router models that has on-board RADIUS authentication using 802.1X plus PEAP, released a WPA cracking tool.
As was noted a year ago, a weakness in shorter and dictionary-word-based passphrases used with Wi-Fi Protected Access render those passphrases capable of being cracked. The WPA Cracker tool is somewhat primitive, requiring that you enter the appropriate data retrieved via a packet sniffer like Ethereal. Once entered, it runs the cracking algorithms.
Remember that to crack WEP, an attacker has to gather many packets, possibly millions, but can then easily crack any key. For WPA, certain shorter or dictionary-based keys are highly crackable because an attacker can monitor a short transaction or force that transaction to occur and then perform the crack far away from the physical site.
The solution to this WPA weakness involves one of three approaches:
Choose a better passphrase: Pick passphrases that aren’t entirely comprised of dictionary words, meaning they need some random nonsense in them. “My dog has fleas”: very bad. “Mdasf;lkjadfklja;dfja;dfja;d”: very good, but hard to type in. Passphrases should be at least 20 characters.
Use randomness to choose a passphrase: A random passphrase of at least 96 bits and preferably 128 bits.
Update: Alert Slashdot readers noted that KisMAC has had a WPA cracking tool built in for several months. KisMAC is a Macintosh-only version of Kismet, a tool for monitoring and cracking wireless networks (for good and evil). Kismet itself lacks this feature. The Mac-only nature of KisMAC has most likely limited the spread of this knowledge.
Two NetworkWorldFusion writers pointed out last month KisMAC’s ability in a great overview of WPA’s weakness and the justification for adopting 802.1X plus WPA.
As was noted a year ago, a weakness in shorter and dictionary-word-based passphrases used with Wi-Fi Protected Access render those passphrases capable of being cracked. The WPA Cracker tool is somewhat primitive, requiring that you enter the appropriate data retrieved via a packet sniffer like Ethereal. Once entered, it runs the cracking algorithms.
Remember that to crack WEP, an attacker has to gather many packets, possibly millions, but can then easily crack any key. For WPA, certain shorter or dictionary-based keys are highly crackable because an attacker can monitor a short transaction or force that transaction to occur and then perform the crack far away from the physical site.
The solution to this WPA weakness involves one of three approaches:
Choose a better passphrase: Pick passphrases that aren’t entirely comprised of dictionary words, meaning they need some random nonsense in them. “My dog has fleas”: very bad. “Mdasf;lkjadfklja;dfja;dfja;d”: very good, but hard to type in. Passphrases should be at least 20 characters.
Use randomness to choose a passphrase: A random passphrase of at least 96 bits and preferably 128 bits.
Update: Alert Slashdot readers noted that KisMAC has had a WPA cracking tool built in for several months. KisMAC is a Macintosh-only version of Kismet, a tool for monitoring and cracking wireless networks (for good and evil). Kismet itself lacks this feature. The Mac-only nature of KisMAC has most likely limited the spread of this knowledge.
Two NetworkWorldFusion writers pointed out last month KisMAC’s ability in a great overview of WPA’s weakness and the justification for adopting 802.1X plus WPA.
posted by Bob Williams | 12:41 AM
0 Comments:
Post a Comment
<< Home