] WPA Cracking Proof of Concept Available ] ] ] We warned you: short WPA passphrases could be ] cracked--and now the software exists: The folks who wrote ] tinyPEAP, a firmware replacement for two Linksys router ] models that has on-board RADIUS authentication using ] 802.1X plus PEAP, released a WPA cracking tool. ] ] ] As Robert Moskowitz noted on this site a year ago, a ] weakness in shorter and dictionary-word-based passphrases ] used with Wi-Fi Protected Access render those passphrases ] capable of being cracked. The WPA Cracker tool is ] somewhat primitive, requiring that you enter the ] appropriate data retrieved via a packet sniffer like ] Ethereal. Once entered, it runs the cracking algorithms. ] ] ] Remember that to crack WEP, an attacker has to gather ] many packets, possibly millions, but can then easily ] crack any key. For WPA, certain shorter or ] dictionary-based keys are highly crackable because an ] attacker can monitor a short transaction or force that ] transaction to occur and then perform the crack far away ] from the physical site. ] ] ] The solution to this WPA weakness involves one of three ] approaches: ] ] ] Choose a better passphrase: Pick passphrases that aren't ] entirely comprised of dictionary words, meaning they need ] some random nonsense in them. "My dog has fleas": very ] bad. "Mdasf;lkjadfklja;dfja;dfja;d": very good, but hard ] to type in. Passphrases should be at least 20 characters. ] ] ] Use randomness to choose a passphrase: A random ] passphrase of at least 96 bits and preferably 128 bits ] will defeat the cracking that Moskowitz wrote about, ] according to his paper. Tools like SecureEZSetup from ] Broadcom and AOSS (AirStation One-touch Setup System) ] from Buffalo are two automated ways to produce better ] passwords of this variety. ] ] ] Use WPA Enterprise or 802.1X WPA: Deploy ] enterprise-based authentication which will allow a strong ] WPA key to be uniquely assigned to each user. This isn't ] as expensive as it once was. The TinyPEAP folks are ] pushing their method, but you can also turn to Interlink ] Networks's LucidLink product (for on-site control), ] Gateway Computer's 7000 series of access points with ] on-board PEAP service, and Wireless Security ] Corporation's WSC Guard, available from them directly or ] for certain Linksys models via Linksys. |