Forum

  • By (Deleted User)

    You, of all people, should know that. Hell, I don't even see anything on there for MS-CHAP, which is what LEAP is based on.


    More powerful RainbowCrack programs exist that can generate and use rainbow tables for a variety of character sets and hashing algorithms, including LM hash, MD5, MS-CHAP, SHA1, etc.

    All it would take is to develop a utilty that looks at a hashed database much like ASLEAP does. I know five guys who could write a utilty like that in their sleep.



    You know what, you are correct about this point and I absolutely mispoke. I am wrong about this above statement now that I think about it because WPA-PSK uses MD-5, SHA-1, the PSK mapping formula that also incudes the SSID and a hashed database will not work. Criss Hyde points out in a later post that a hashed database that is generated with a commonly known SSID will work. However... I stand by the statement that any passphrase can be cracked if the offline clear-text dictionary is large enough.

  • Gentlemen:

    The IEEE 802.11 committee shares Mr. Coleman's paranoia over PSK passphrases "of less then about 20 characters." Please see the last sentence of the IEEE 802.11 Annex H.4.1 below. I will leave it to someone else to do the math. Maybe the IEEE is planning ahead for faster CPUs and larger hard drives.

    What I find curious is that when the PSK short and/or simple passphrase problem is discussed, it is always about WPA-PSK and virtually never about WPA2-PSK. We need to stop associating this PSK problem with TKIP/RC4 exclusively and be just as paranoid about CCMP/AES.

    IEEE 802.11 Annex H.4 Suggested pass-phrase-to-PSK mapping
    H.4.1 Introduction

    "The RSNA PSK consists of 256 bits, or 64 octets when represented in hex. It is difficult for a user to correctly enter 64 hex characters. Most users, however, are familiar with passwords and pass-phrases and feel more comfortable entering them than entering keys. A user is more likely to be able to enter an ASCII password or pass-phrase, even though doing so limits the set of possible keys. This suggests that the best that can be done is to introduce a pass-phrase to PSK mapping.

    "This clause defines a pass-phrase?¡é?€?¡°to?¡é?€?¡°PSK mapping that is the recommended practice for use with RSNAs. This pass-phrase mapping was introduced to encourage users unfamiliar with cryptographic concepts to enable the security features of their WLAN.

    "Keys derived from the pass phrase provide relatively low levels of security, especially with keys generated form short passwords, since they are subject to dictionary attack. Use of the key hash is recommended only where it is impractical to make use of a stronger form of user authentication. A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks."

    I hope this helps. Thanks. /criss

  • By (Deleted User)

    All good points from everyone involved in this conversation.

    The biggest issue in my mind is that both WPA-Personal and WPA2-Personal are STATIC.

    If five or more people know the static passphrase... someone is going to give it up during a social engineering attack.

    Secondly, enforcing stong password/passphrase policies in the Enterprise is tough. End-users normally post the passphrase in big letters on a post-it not stuck to the monitor or under the keyboard.

    dc

  • By (Deleted User)

    What I find curious is that when the PSK short and/or simple passphrase problem is discussed, it is always about WPA-PSK and virtually never about WPA2-PSK. We need to stop associating this PSK problem with TKIP/RC4 exclusively and be just as paranoid about CCMP/AES


    Well said because the weakness has nothing to do with the cipher that is being used.

  • This page gives a CoWPAtty 4.0 2006 update, points out the often overlooked security importance of not using a common SSID with PSK, and mentions that the PSK problem is common to both WPA and WPA2:

    http://www.churchofwifi.org/Project_Display.asp?PID=95

    Ben, we can rest easy. It looks like the IEEE has given us a few years of safety with their "no less than 20 character" PSK passphrase advice. But those 20 characters better be fairly randomized.

    I hope this helps. Thanks. /criss

  • By (Deleted User)

    Ben, we can rest easy. It looks like the IEEE has given us a few years of safety with their "no less than 20 character" PSK passphrase advice. But those 20 characters better be fairly randomized.


    Duh... I forgot the SSID is part of the PSK-MAPPING formula.


    But consider this... how many people use the following SSID:

    linksys

  • Mr. Coleman, my original post was in shooting down your idea of a dictionary attack being capable of breaking passphrases up to 14 characters. That idea remains true despite your looney claims that an infinitely large wordlist with crack a WPA-PSK.

    My point was never doubting that an infinitely large wordlist could crack a Preshared Key. My point is that worrying about an infinitely large wordlist is retarded. Comprehensive wordlists of even *8* characters are totally unrealistic.

    You also completely missed my point about your equally looney assertion that someone could simply write a utility that "looks at a hashed database" to make Preshared Key cracking faster. Yes, the SSID is part of the Passphrase-to-PMK mapping, but my point was that PMK-to-PTK mapping is much more complex than the simple challenge/response used in MS-CHAP (for LEAP). Therefore, even if you factor in common SSIDs and create a database of common PMKs, you'd still have to replicate PMK-to-PTK mapping, WHICH TAKES PROCESSING TIME. That is why PSK cracking takes so darned long, and there is nothing that can be done to speek that up.

  • I used to be of the mind that WPA-PSK is an ok way to go if you use complex 20+ character passphrases. However, an interview with Joshua Wright (author of coWPAtty) revealed that he will have a new version that can/will crack large passphrases in very short order. Basically he said that you should not use it in any environment.

    If you follow this search, then you can listen to the two interviews. I can't remember which one has this info, but they both have great security information.

    http://www.pauldotcom.com/mt/mt-search.cgi?IncludeBlogs=1&search=joshua+wright

  • By (Deleted User)

    Mr. That idea remains true despite your looney claims that an infinitely large wordlist with crack a WPA-PSK. My point was never doubting that an infinitely large wordlist could crack a Preshared Key. My point is that worrying about an infinitely large wordlist is retarded. Comprehensive wordlists of even *8* characters are totally unrealistic.


    I understand your original point Ben, but we disagree.

    You also completely missed my point about your equally looney assertion that someone could simply write a utility that "looks at a hashed database" to make Preshared Key cracking faster. Yes, the SSID is part of the Passphrase-to-PMK mapping, but my point was that PMK-to-PTK mapping is much more complex than the simple challenge/response used in MS-CHAP (for LEAP). Therefore, even if you factor in common SSIDs and create a database of common PMKs, you'd still have to replicate PMK-to-PTK mapping, WHICH TAKES PROCESSING TIME. That is why PSK cracking takes so darned long, and there is nothing that can be done to speek that up.
    ________

    Once again I understand your point. My original post about a utililty was incorrect and not thought out and I immediately corrected myself in a later post. The cracking time does take forever and requires a lot of processing time. But once again we disagree... this is an offline dictionary attack and time is not an issue.

    You just like to flame people in posts Ben because you find it fun. Hell we were in class one week discussing things and I think you flamed my dog. :-(

  • Flaming? Me? Noooooooo.

    I don't think I flame but I do admit to being hornery from time to time. (Never say that to your wife/girlfriend because then she'll ask you why a girl in class is making you "horny")

    I flame dogs all the time. Like, if I see one on the street I'll whip out my Treo, post something on line and then tell the dog that I just flamed them. You should see how it crushes their spirit.

Page 2 of 3