Thread: WPA and WPA2 - Won't be good security for much longer
View Single Post
Old 11th October 2008, 20:07   #25
Cruicky
Code Monkey
 
Join Date: Dec 2004
Posts: 26
permalink
Notice the key phrase in that article: -
‘password recovery'

So again, it's attacking stupidly insecure passphrases, such as words, patterns, etc., i.e. the only known 'attack' against WPA and WPA2.

Allow me to present some very simple mathematics...

The Pairwise Master Key (PMK) in WPA and WPA2 is 256 bits. Just so we can visualise just how many combinations that is, here is how many: -

115792089237316195423570985008687907853269984665640564039457584007913129639936

When you enter a passphrase, your passphrase goes through 'expansion' using SHA1, to produce an output of 256 bits to form the PMK. So, with weak passphrases, you can get to the PMK faster. If you have a truly garbage passphrase made out of random upper and lower case letters, numbers and symbols, and is over 30 characters long, which gives 81966203577338201924328653819419157670749425717340457140224 combinations, I really wouldn't worry about this 'break-through', as a speed up of even 10000 times isn't going to help due to the complexity added to convert a passphrase into a PMK to make it take longer if you try this approach. If you are using WPA/WPA2 with secure EAP methods (I know this applies to EAP-TLS, as the PMK is derived from the SSL master secret), the PMK's are randomly generated for each new client, so you then have to try at most 2^256 combinations to get to the PMK, which is improbable with today's computing power, and would only work for one client session.

The PMK is then used in the handshake to generate a Pairwise Temporal Key (PTK). This changes regularly due to rekey'ing, usually hourly, although your wireless access point may allow you to set the interval.

For the actual cipher which encrypts your data, in WPA, it's RC4 with a per packet key based from a 128-bit key from the PTK, and with WPA2, it's AES with a 128-bit key derived from the PTK, with a per packet initialisation vector. Again, let's visualise 2^128:-

340282366920938463463374607431768211456

So again, this would require huge computing power to try that many combinations, and does a speed of 10000 times help, no, not really. Plus you would only be able to get on average 1 hour of data even if you did somehow manage to get the key before you have to start again from scratch for the next hour of data due to the rekey event.

So my personal opinion of this article, nothing to worry about for people who are already doing it right and using a large chunk of random junk for passphrases, or are using secure EAP methods.
__________________
Resident IRC slave
i-series full event: i23, i31, i32, i33
i-series spectator: i21, i22, i24, i27, i29, i30, i34
Cruicky is offline   Reply With Quote