16 replies to this topic

[8ennett]

Now when it comes to setting up the security encryption on your wireless router, it seems that most people are using WEP encryption to protect their network. That used to be sufficiant however now a days WEP encryption is easily broken. Using a piece of software called aircrack-ng and wireless drivers patched for injection it is possible for someone to break your encryption cypher with or without a client having succesfully handshaked with the network.

The first method the attacker would use it to monitor the traffic between a connected client and the network. While monitoring the network the attacker will be looking for an ARP request (Address Resolution Protocol). Once the attacker has managed to capture one of these requests they will then be able to inject this request repeatedly in to the network. Caching the returned data, aircrack-ng will then be able to decrypt your WEP key and access your network.

The next method is known as the Korel ChopChop attack, or also the fragmentation attack. This works by constructing an ARP request using fake authentication to obtain a PRGA (Psuedo Random Generation Algorithm). Using the PRGA the attacker can then construct an ARP using packetforge-ng. Once the ARP is constructed then the attack continues like the standard WEP attack above.

Now aircrack-ng can break WPA encryption, however the only practical way of doing this is through a brute force attack. Using a dictionary file aircrack-ng runs through all the possible combinations contained within the dictionary file to find a working key. This can be extremely time consuming, and if the key is very well designed then it can literally take months to break the key. Here is an excellent method for ensuring your network stays safe. When creating your WPA key, ensure you use a combination of both letters and numbers including upper and lower case letters (LiverpooL185). Don't make this too complicated as you will need to remember it, just in case. Now it is possible that a dictionary file could contain this, so we need to diversify it a little by adding gibberish to either side of the password. ZxCvLiverpooL185VcXz. Still a rather simple password, but with alternating upper and lower case either side and the letters mirrored. Now we have a highly secure password, I really doubt anybody will be able to crack this, however if the attacker has constructed his/her own dictionary file using every possible permutation up to 100 characters, then they will also have this password in that list. What we can do is every four weeks, change the four letters on either side of the password. The first month our password is ZxCvLiverpooL185VcXz and the next month it is qWeRLiverpooL185rEwQ and so on. Now you have a WPA key system in place that cannot be cracked by anything. Due to the amount of time it takes to brute force a WPA key you should leave ample time before anyone has run through enough permutations to break your key.

[Бојан]

WPA is far more better than WEP because WEP is crackable with linux (BackTrack) and I have tested that and it's working. After some time and work on the BackTrack with tutorials and etc. I've managed to get my neighbors WEP password. Use WPA, there is no way to crack it except with wordlist password cracker. (software is trying words from a list to see if it's logging in to the wireless...) So use some better, improvised or randomly generated password and chill out.

[8ennett]

That's pretty much what I already said, and offered the solution to the problem of wordlist cracking on WPA using alternating permutations. Also, it's illegal to crack other peoples networks without their permission and criminal sentences have become much more severe over recent years for illegally using someone elses internet connection.

Backtrack is a security exploit testing linux distro designed for testing security vulnerabilities in your own networks and systems and is not to be used illegally as is clearly stated in documentation provided with it, and is also used as training tool by the NSA.

Don't be silly and admit to commiting crimes online, that's what amateurs do and amateurs get caught!

[wutske]

I hope you're talking about WPA2 and not WPA because WPA is easily cracked as it was a quick fix of WEP.
When companies started to realise that WEP was absolutely insecure, they needed to find a way to upgrade old hardware. However, the older access points did not have the headroom to allow more advanced and more computational expensive encryption methods and that's how WPA was formed. It's was designed to be harder to break, but it's cripled by the fact that it could only be 10% more computational expensive than WEP.

[8ennett]

I hope you're talking about WPA2 and not WPA because WPA is easily cracked

It makes no difference if it is WPA or WPA2, the methods of attack are identical and take the exact same amount of time. Did anybody even read this article before responding?

[wutske]

I did read it, but what I try to say is that a strong password won't protect WEP or even WPA as there are other, faster methods to break them

[8ennett]

I did read it, but what I try to say is that a strong password won't protect WEP or even WPA as there are other, faster methods to break them

There's no other way to break WPA encryption (or WPA2) other than using a dictionary attack. WEP is the most unsecure form of encryption which is the whole point of the article, many routers only provide WPA and WPA2 in pre-shared key form which is what is vulnerable to dictionary attack.

If you are saying there is a faster method of breaking a pre-shared WPA key then please share this method.

[wutske]

http://docs.lucidint...reless_Networks

[8ennett]

That just verifies everything I have said, the only way to crack a wpa key is a brute force attack

[vistz]

WEP is ridiculously easy to crack. WPA is a bit harder to crack but not impossible. A brute force attack could definitely work. I recommend you go with WPA2. While it is still "crackable", it will be harder and more time consuming.

Edited by vistz, 10 October 2010 - 06:27 PM.

[John_Doe]

WPA (and WPA2) Keys should always be generated and retardedly difficult to remember. You only need to configure the network once, add computers sometimes, etc.

Most Linksys routers and many other routers I've seen allow you to access the key through administration (which should only be accessible from a physically connected computer, check your settings), so you could retrieve it in the case of a new computer on the network, or a similar occasion.

WPA2 with a PSK encrypted via AES has only two attack vectors:

* Intercepting the handshake (nearly friggin impossible [so much so that it's essentially only theoretical]).

and

* Dictionary attacking the PSK.

Regardless, you should always use the absolute strongest key you can, such as one from https://www.grc.com/passwords.htm or a similar generator site. You then configure all of your computers, add AP Isolation if you don't plan to use file/printer sharing, and MAC Address Filtering for a final layer of security.

After all of this, you disable SSID Broadcast (make sure to use a complicated SSID as well, it factors into overall security, though I'm a huge fan of 'BDSM Image Host' just to freak out the snoops), use a spectrum analyzer to verify that you are on the channel with the lowest average amount of traffic, and Ta-da, you now have the most secure network you can manage without implementing a RADIUS key-exchange system.

This is one of those moments where one could say, "And that's how it's done."


-JD

Edited by John_Doe, 18 January 2011 - 10:30 PM.

[8ennett]

Did anyone read the article?

that wasn't directed at the last reply

Edited by 8ennett, 18 January 2011 - 10:27 PM.

[tansqrx]

Here is a story to add to the conversation: “Amazon Cloud Power Used To Break Network Passwords” (http://news.yahoo.co...111/bs_nf/76850). Thomas Roth, a security researcher, used Amazon’s Elastic Cloud Computing (EC2) service to brute force wireless passwords. The EC2 service is basically a supercomputer that you can rent for 28 cents a minute. Roth’s average cost was $2 per password. Any wireless protocol (including WPA-PSK) that uses a pre-shared key is open to attack. Apparently this attack can only find matches based on a dictionary list.

So back to the original question of WEP Vs WPA? I choose neither for my home network and decided to run completely unencrypted. Anyone can connect and the access point ID is “OPEN”. I didn’t do this out of laziness but out of an informed discussion to be nice to my neighbors.

I live in a fairly rural area were maybe 5-6 people can even see my wireless connection. I trust most of my neighbors and I have weighed the discussion to be open with being secure. This doesn’t mean that all my banking information and such is open to anyone walking or driving by. Being nice to my neighbor doesn’t mean being stupid either. I have been in several situations where I needed Internet access away from home and occasionally I get lucky and find an open access point. The access points in question may or may not be left open on purpose but I am still grateful to find one. Perhaps I can be nice to someone else in their time of need.

I have setup my network in a very particular way as to offer open wireless and still keep myself safe. All of my internal computers are hardwired 1 Gbit Ethernet so there is no need for wireless. The wireless network is segregated behind two routers not including the main Linux router that feeds from my ISP connection. The two routers are in series which prevents APR spoofing onto my hardwired network as ARP does not pass through a router. There are some tricks to get past one router but to my knowledge there is no way to play ARP games with two routers. Secondly, both the wireless and hardwired internal network has the same subnet addresses. This means that even if someone on the wireless knew an internal IP address, it would route to the wireless subnet and never make it past the first router. As a finishing touch, the main Linux router has some nasty rules in place to prevent ANY traffic from passing from the internal to the wireless network and vice versa.

The only time I ever use the wireless network is if someone visits my house and needs to use the Internet. If they want to access any of my internal computers or the network printer then I have to tell them to get out their Ethernet cable because it simply isn’t possible from the wireless network. I do realize that some bad things can happen on an open wireless access point but I am willing to take the chance and fight the fight if needed. If laws are broken then it is up to the person breaking the law to go to jail and not me. The law is certainly still in flux on this matter but I will fight for my right to provide an open access point if needed.

There are currently several organizations with the goal of providing free wireless to anyone who wants it (http://en.wikipedia....mmunity_network) (http://en.wikipedia....works_by_region). These groups usually just make their current access point open with perhaps a customized login screen or user agreement. There is no such group in my area and I don’t see it as being very practical given my rural location. If something does come along I may make my wireless niceness a little more formal.

[John_Doe]

Here is a story to add to the conversation ... a little more formal.

Nice. I could have done something similar at my most recent residence, but alas, the apartment complex was filled with trolls and rejects who felt that 16 clients torrenting over my Comcast Business Class was just being neighborly. My connection frequently exploded, and eventually I just said screw it and secured the whole shebang.

So in essence, yes, in some environments it is possible to provide a free and open access point for random passerby, but in densely populated, somewhat malignant locations, a bit of strategy is required, even though you kind of went over the top to create a bulletproof rural wireless network.

Anyhow, see you all tomorrow.


-JD

[tansqrx]

I hope I never get to the point where I have to put restrictions on my access point but if I do, I still have the tools to do it. The main Linux router has Astaro (http://www.astaro.com) installed so I can limit the wireless network any way I need to. This is usually not possible with the comity home routers but I can control the type, amount, and time window of bandwidth.

If anyone else is interested, Astaro is free for home use and just needs two network adaptors on a discarded (but working) spare computer (http://www.astaro.co...tware-appliance).

[rohit_iwebmaster]

WAP = Wireless Access Point; ‘hotspots’ (public access) require no pass phrase and are ‘open’ (and dangerous to use).
WEP = early form of encryption; seldom used by knowledgeable administrators of a network because of inherently weak architecture (easy to crack & establish ‘man-in-the-middle’ attacks)
WPA = mid level encryption; decent security; preferred by many admin’s. with good architecture.
WPA2 = the best of all current common methods; some computer hardware will not support this level.

What is WPA?
WiFi Protected Access (WPA) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different manufacturer’s equipment. WPA delivers a level of security way beyond anything that WEP can offer, bridges the gap between WEP and 802.11i networks, and has the advantage that the firmware in older equipment may be upgradeable.


How does WPA work?
WPA uses Temporal Key Integrity Protocol (TKIP). TKIP is designed to allow WEP to be upgraded. This means that all the main building blocks of WEP are present, but corrective measures have been added to address security problems.


How WPA improves on WEP
The weaknesses in WEP have been well publicized. TKIP’s improvements are described below. IV values can be reused/IV length is too short The length of the IV has been increased from 24bits to 48bits. Rollover of the counter is eliminated. Reuse of keys is less likely. In addition IVs are now used as a sequence counter, the TSC (TKIP Sequence Counter), protecting against replaying of data, a major vulnerability in WEP.

Weak IV values are susceptible to attack WPA avoids using known weak IV values. A different secret key is used for each packet, and the way the key is scrambled with the secret key is more complex. Master keys are used directly in WEP Master Keys are never used directly in WPA. A hierarchy of keys is used, all derived from the Master. Cryptographically this is a much more secure practice.

Key Management and updating is poorly provided for in WEP Secure key management is built-in to WPA, so key management isn’t an issue with WPA. Message integrity checking is ineffective WEP message integrity proved to be ineffective. WPA uses a Message Integrity Check (MIC) called, Michael! Due to the hardware constraints the check has to be relatively simple. In theory there is a one in a million chance of guessing the correct MIC. In practice any changed frames would first need to pass the TSC and have the correct packet encryption key even to reach the point where Micheal comes into operation. As further security Michael can detect attacks and performs countermeasures to block new attacks.


Conclusion
WPA (TKIP) is a great solution, providing much stronger security than WEP, addressing all the weaknesses and allowing compatibility and upgrades with older equipment.

Edited by yordan, 09 October 2011 - 06:54 PM.
Quoted the text copied from http://www.openxtra.co.uk/articles/wpa-vs-wep

[evought]

So back to the original question of WEP Vs WPA? I choose neither for my home network and decided to run completely unencrypted.... (snip)

There are currently several organizations with the goal of providing free wireless to anyone who wants it.

You may also want to take a look at LifeNet http://thelifenetwork.org/. They are developing software to build ad-hoc networks using Wi-Fi and Bluetooth on portable devices (e.g. Android smartphones) but they can also make use of wireless access points if they are available and set up correctly. In a rural area, cell phone service can be fragile, and a few well-placed access points could allow someone to route an emergency call, especially if the Wi-Fi has a battery backup. You seem to have little problem installing custom software on your router, so it may be something to play with.

In our case, we are moving to a setup somewhat similar to yours. We have a few wired systems, and internal wireless network that is severely degraded by the walls of the house (chickenwire in the old plaster in places around here). Anything important internally goes over SSL/SSH anyway. We are putting a second access point with high-gain antennas on the roof firewalled from the local network and powered off of our small solar (and soon to be wind) R/E system so it will continue to be available in a power outage such as another regional ice storm (we've had two in the last four years and one EF5 tornado nearby). We are playing with the early LifeNet software in conjunction with local Neighborhood Watch efforts. We can also use a Wi-Fi PTT app on our smartphones on or near the farm. As a side benefit, I am loading a whole bunch of documentation on a webserver which will be accessible on the long-range Wi-Fi for all that stuff people wish they had downloaded before an emergency, like how to correctly wire a generator and not fry your linemen. With a good antenna and favorable terrain, we have been making Wi-Fi connections at 8 miles or so.