Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Update: Some WLANs open to dictionary attack

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Update: Some WLANs open to dictionary attack
Date: Tue, 9 Nov 2004 05:53:37 -0600 (CST) 
http://www.nwfusion.com/news/2004/1108wlandictionary.html

By John Cox
Network World Fusion
11/08/04

A dictionary attack tool designed to exploit a weakness the Wi-Fi
Protected Access security for wireless LANs has been published on the
Web.

The software, called WPA Cracker, exploits one option that can be used
in WPA, usually in consumer applications or residential WLANs: a
pre-shared encryption key. This key is simpler to use and deploy than
using the more complex 802.1x for authentication.

With the pre-shared key, a common shared pass phrase is set for users
and the WLAN access point. This phrase and the Service Set Identifier
(SSID) (the network name) of the WLAN access point then are changed
via an algorithm into an encryption key used to scramble the packets
between clients and the access point.

The story was first reported last Friday by the Wi-Fi Networking News
Web site. WPA Cracker is available at the tinypeap.com site, which
also offers a very compact RADIUS server supporting 802.1x
authentication using PEAP as its authentication protocol, designed to
run on WLAN access points such as the Linksys WRT54G. A whitepaper on
the WPA Cracker code and the dictionary attack is here.

Network World Test Alliance gurus Joel Snyder and Rodney Thayer
highlighted the same weakness in this October article.

The WPA vulnerability was first disclosed a year ago in a paper. The
author, Robert Moskowitz, a senior technical director as ICSA Labs,
noted that using the pre-shared key broadcasts in the clear certain
information needed to create and verify the session encryption key.  
This information can be recovered and then subjected to an offline
dictionary attack, usually with a program that runs through words and
character combinations until it finds the original pass-phrase.

The attack will not work against nets that don't use the pre-shared
key option. But Moskowitz paints a disturbing picture for those that
do rely on it, saying this attack is even easier than those mounted
against the original WLAN encryption scheme called WEP. WPA was
designed to correct key weaknesses in WEP.

"As the [WPA] standard states, passphrases longer than 20 characters
are needed to start deterring [dictionary] attacks. This is
considerably longer than most people will be willing to use," he
writes. "This offline attack should be easier to execute than the WEP
attack."



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Update: Some WLANs open to dictionary attack, InfoSec News <=
Previous by Date:  [ISN] New MyDoom draws on IE flaw to spread, InfoSec News
Next by Date:  [ISN] Connecticut Man Accused of Selling Microsoft Code, InfoSec News
Previous by Thread:  [ISN] New MyDoom draws on IE flaw to spread, InfoSec News
Next by Thread:  [ISN] Connecticut Man Accused of Selling Microsoft Code, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]