Passphrase Flaw Exposed in WPA Wireless Security
Nov 6, 2003 3:12 PM PT
A research paper posted online warns of holes in the latest WiFi (or 802.11) wireless cryptography protocol and outlines how WiFi Protected Access (WPA) can be compromised using a traditional network assault known as a dictionary attack.
The paper, written by TruSecure's ICSA Labs senior technical director Bob Moskowitz, who indicates WPA can be compromised by intruders using network sniffers, cautions against use of weak passwords that could allow attackers to gain unauthorized access.
Moskowitz, who has worked extensively with standards-setting bodies on WiFi technology, told TechNewsWorld that the passphrase issue is an old one that had been discussed during development of the WPA standard.
However, unless WPA users take advantage of the ability to use longer passphrases -- up to 63 characters -- instead of the more common, simpler eight-character passwords, the new wireless security protocol is in some cases less secure than the older Wired Equivalent Protocol (WEP), according to Moskowitz.
Ease of Deployment and Attack
Moskowitz said that although the weak passphrase issue was discussed as the newer, stronger WPA specification was developed and released about a year ago, the standard was made easier to deploy and, as a result, easier to attack.
The researcher said the actual WPA specification dictates the use of passphrases that are at least 20 characters long, but the recommendation has not been put into practice because most passphrases are eight characters long -- making them easy pickings for attacks that zero in on simple words or character combinations, also known as dictionary attacks.
"As it was discussed, the vendors should have got word back and at least let consumers know they have to take extra steps because the vendors didn't," Moskowitz said.
False Sense of Security
Moskowitz indicated that the passphrase weakness in WPA, which does not apply to WiFi networks or wireless LANs that have the extra security of an authentication server, could allow access through network sniffers.
Users of the WPA protocol might have a false sense of security because the wireless security standard is perceived as the latest proven defense. But the use of weak passphrases renders the protection inadequate, Moskowitz said.
"If vendors supplied a tool to make good passphrases and allow people to put them in, that's all that would be needed," he said.
Moskowitz stressed the passphrase vulnerability is no reflection on the security of the WPA standard, which is now being touted as a step up from WEP. "WPA is good, the basic protocol is good," he said. "It has nothing to do with the underlying WPA." Moskowitz did add, however, that the security issues are not being sufficiently addressed by wireless hardware vendors.
"This is a well-known issue," he said. "It is going unaddressed, and it is something the standard should not address. It's something for the integrators to take steps to ensure people do it right."
While he blamed vendors for the lack of solutions containing strong passphrase generation and management and for ignoring the WPA specification's support for per-device passwords or secrets, Moskowitz referred to Microsoft's WPA solution as more adequate.
The company's free Windows XP WPA software uses separate encryption keys for different systems that connect to the network, rather than a shared key that would allow an easy internal breach, according to Moskowitz's findings.