ALERT: WPA isn't necessarily secure

SUMMARY:

WPA-PSK is vulnerable to offline attack.

TO AVOID THE PROBLEM:

USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples:
BAD: "vintage wine"
GOOD: "floor hiking dirt ocean"
(pick your own words, even longer is better)
FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS.

BACKGROUND:

Weakness in Passphrase Choice in WPA Interface
By Glenn Fleishman
By Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of TruSecure Corp
<http://wifinetnews.com/archives/002452.html>

...
The offline PSK dictionary attack
...
Just about any 8-character string a user may select will be in the
dictionary. As the standard states, passphrases longer than 20 characters
are needed to start deterring attacks. This is considerably longer than
most people will be willing to use.

This offline attack should be easier to execute than the WEP attacks.
...
Using Random values for the PSK

The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large
number for human entry; 20 character passphrases are considered too long
for entry. Given the nature of the attack against the 4-Way Handshake, a
PSK with only 128 bits of security is really sufficient, and in fact
against current brute-strength attacks, 96 bits SHOULD be adequate. This is
still larger than a large passphrase ...
...
Summary
...
Pre-Shared Keying is provided in the standard to simplify deployments in
small, low risk, networks. The risk of using PSKs against internal attacks
is almost as bad as WEP. The risk of using passphrase based PSKs against
external attacks is greater than using WEP. Thus the only value PSK has is
if only truly random keys are used, or for deploy testing of basic WPA or
802.11i functions. PSK should ONLY be used if this is fully understood by
the deployers.

See also:
Passphrase Flaw Exposed in WPA Wireless Security
<http://www.technewsworld.com/story/32070.html>

Wi-Fi Protected Access. Security in pre-shared key mode
<http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access>

Cracking Wi-Fi Protected Access (WPA)
<http://www.ciscopress.com/articles/article.asp?p=369221>
<http://www.ciscopress.com/articles/article.asp?p=370636&rl=1>

WPA Cracker
<http://www.tinypeap.com/html/wpa_cracker.html>

In article <cnI3h.203890$QZ1.2214@bgtnsc04-news.ops.worldnet.att.net>,
John Navas <spamfilter0@navasgroup.com> wrote:
>SUMMARY:
>
> WPA-PSK is vulnerable to offline attack.
>
>TO AVOID THE PROBLEM:
>
> USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples:
> BAD: "vintage wine"
> GOOD: "floor hiking dirt ocean"
> (pick your own words, even longer is better)
> FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS.

I will be setting up a wireless network that includes a living room
media player. This player has WPA, but its only input device is a
handheld remote.

So long passwords would be a chore to enter. But nonsensical passwords
would be OK, Like, 589402[o';rmLk

What do you think about relatively short, but completely random
passwords? This WLAN is not just for the living room, so I would like
it to be secure.
--
David Arnstein (00)
arnstein+usenet@pobox.com {{ }}
^^

On Tue, 5 Dec 2006 17:00:08 +0000 (UTC), arnstein@panix.com (David
Arnstein) wrote in <el48io$o39$1@reader2.panix.com>:

>In article <cnI3h.203890$QZ1.2214@bgtnsc04-news.ops.worldnet.att.net>,
>John Navas <spamfilter0@navasgroup.com> wrote:
>>SUMMARY:
>>
>> WPA-PSK is vulnerable to offline attack.
>>
>>TO AVOID THE PROBLEM:
>>
>> USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples:
>> BAD: "vintage wine"
>> GOOD: "floor hiking dirt ocean"
>> (pick your own words, even longer is better)
>> FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS.
>
>I will be setting up a wireless network that includes a living room
>media player. This player has WPA, but its only input device is a
>handheld remote.
>
>So long passwords would be a chore to enter. But nonsensical passwords
>would be OK, Like, 589402[o';rmLk
>
>What do you think about relatively short, but completely random
>passwords? This WLAN is not just for the living room, so I would like
>it to be secure.

A random password can achieve the same level of security with far fewer
characters, which can be useful in certain situation, as you note. 12
truly random characters is probably good enough to deter any conceivable
attack on a home network for the expected lifetime of that network. But
the key word there is "truly", which isn't satisfied by thinking
something up. Be sure to use something like a password generator with
good randomness (e.g., Password Safe). For more on password entropy
(measure of strength), see:
* <http://www.gcn.com/print/24_23/36630-1.html>
* <http://www.csrc.nist.gov/pki/twg/y2004/Presentations/twg-04-04.pdf>

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>