

WPA cracked in 15 minutes. - jrnkntl
http://www.pcworld.com/article/153396/.html?tk=rss_news

======
pmjordan
I already switched to using OpenVPN over an otherwise unencrypted Wi-Fi
network a while back. Obviously the unencrypted network is entirely separate
from the rest of the LAN and only the OpenVPN server is listening on it.
Getting all my hardware to play nice with WPA was getting very fiddly, and it
even seems a little faster doing the encryption entirely in software. Plus, I
have more faith in the OpenVPN guys than the people who seem to be unable to
release a new standard within a couple of _years_.

~~~
thwarted
It's also a lot easier to segregate traffic this way. Once you're coming in
via openvpn, the traffic is on a completely different interface and IP range,
making automatic/transparent proxying a breeze and firewall/iptables setup
really straight forward.

~~~
pmjordan
Absolutely. It definitely beats going with your average access point's default
of bridging wifi to your LAN, though it does make your wiring slightly more
complicated. I use two separate VLANs actually, one for the unprotected wifi
access points and one for the actual LAN traffic. You have to watch out that
you use high-quality VLAN-capable switches, however, as some of the cheaper
ones fall over and supply the world with your protected packets if you fill up
their MAC address table with spoofed packets... which is of course easy to do
via an unprotected access point. That kind of thing might stil DoS you with a
good switch, but it shouldn't open up your network.

------
bprater
Woof, can we fix this once and for all? Changing protocols every couple years
is exhausting.

~~~
pmjordan
Realistically, I don't see a way other than strong, SSL-style crypto with
private keys and AP certificates. I'd like to see a crypto expert analyse and
write about RADIUS-authenticated WPA2 in a way us mortals can understand. My
understanding is that it should be safe, but I'd like to hear about it from
someone like Schneier. A lot of APs actually support RADIUS, but you do still
need to set up your own RADIUS server somewhere on the network. I guess the
open-source firmware available for some APs could help here.

My current OpenVPN solution is actually pretty user-friendly - it doesn't
"magically" connect as soon as my AP comes into range, but it is just one
click to start. It's almost certainly possible to run the script from the
event directly. The nice thing is that you can implement this _now_ , and
OpenVPN runs on Linux, OSX, Windows, probably the BSDs too.

I also have an OpenVPN server that's accessible from the internet, which is
handy to use from public wifi. I realise that it's not end-to-end encryption,
but having my cookies etc. available to everyone around is just a little too
scary.

~~~
jcl
Of course, Schneier runs his wireless open, so he doesn't have this problem.

[http://www.schneier.com/blog/archives/2008/01/my_open_wirele...](http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html)

~~~
pmjordan
With the US legal situation that might be feasible, but in some countries you
can get yourself into pretty deep trouble. From what I remember, German law in
particular makes this a really bad idea. (aside from the fact that cease-and-
desists _cost money_ in Germany) Austrian law is often quite close to the
German counterpart so I'm not going to risk it, even though I strongly doubt
anyone would try to leech my wifi around here. (mine is the only wifi signal I
can detect, and we get about one car per hour on our road, so not exactly
_where it's at_ )

EDIT: I'm no lawyer, and it's been a while since I read the articles on the
topic, but the issue was effectively that you fall into one of two categories
operating an open AP:

\- you get treated as an ISP. In that case I think you need to establish some
kind of (implied or explicit) contractual relationship with your "customers"
(paying or not) and are subject to various regulations. Hardly feasible.

\- everything your "users" do is your responsibility.

I misremembered some of this stuff, and there are no doubt various subtleties
I didn't go into. The subject was covered in various articles in the popular
German c't magazine. <http://www.heise.de/ct/>

------
tc7
"Partial crack". "They have not, however, managed to crack the encryption keys
used to secure data that goes from the PC to the router in this particular
attack."

Is that a trivial next step, or is the headline misleading?

~~~
pmjordan
I'm not 100% sure on how WPA works, but I think the crack allows you to log
onto the protected network and exchange data with everyone else on the
network. However, it doesn't allow you to sniff traffic that isn't headed your
way. For example, Alice is using her laptop to load data from Bob's PC, which
is attached to the access point. Eve cracks the AP's WPA passphrase and logs
onto the network. She can initiate traffic to Alice and Bob's machine, but she
can't see the data they're exchanging because individual wifi users'
encryption is negotiated separately.

------
tocomment
I thought WPA had been cracked a while ago. Am I mistaken?

~~~
pmjordan
I think this is the same crack, they're just ramping up the hype slowly, as
publicity for whatever conference at which the details will be presented. Like
lots of the high-profile "OMG h4x" stories this year. :-/

~~~
ErrantX
Yup your correct. The WPA crack has been about for a while.

The older WPA algo's can be broken totally given time (mostly to collect a LOT
of data - something like 4 to 20 million packets sometimes).

We couple a small laptop used for collections & injection (to generate data)
with our cracking cluster back at our office. Given about 3 or 4 days of
activity on a WPA network it is usually possible to get in :)

~~~
khafra
Is that with a dictionary password and a "top 1000" ssid as a salt, using
CoWPAtty rainbow tables? Or a full brute-force of the pre-AES WPA?

~~~
ErrantX
In terms of coWPAtty: we are work on high level corporate networks that are
usually immune to that kind of attack.

We use full on brute force rainbow tables with some custom ideas / programs
(obv can't share much of that). In it's simplest form we have 8 file servers,
1000 nodes and 2 head servers. 150+TB's of rainbow tables. Basically we
combine the shortcut of rainbow tables with intelligent analysis of the
packets and the brute force of the cluster.

For WPA we use some of our own techniques to intelligently make use of the
data that gets sent back. Usually we can start to work on the data after 1 day
of collection and it can be possibly 2 more days before it is cracked
(depending on the other work running on the cluster)

Currently we have 2 specialists employed who are working with me to find ways
to break the time down further (with great success) and I am also currently
testing and cycling up another 9,000 nodes to add into the cluster.

By early next year we hope to be able to turn up at a location and crack WPA
networks in a days work :)

In terms of economy it is not great (working on that) as your looking at about
£5-8,000 outlay just to break in - but for speed I _believe_ it is unmatched.

Bear in mind ofc this is not representative of what a hacker could do. The
rainbow tables (for all our decryption not just WPA) have taken 8yrs to make
so far (on around 5000 nodes) and we still have about 2yrs more work to do on
them. What this article talks about is a shortcut technique but ultimately I
dont beleive it will lead to an inherent weakness which can bypass the need
for our type of attack. But what it will be useful for is forcing the network
to generate traffic :)

Hopefully sometime next year we should be read to deploy our full AES attack -
but that (based on current testing) is going to require a LOT of nodes
(possibly pushing 25,0000).

