According to this article:
http://www.oreillynet.com/pub/wlg/4598
the «popular Hermes-based Orinoco 802.11b cards» don't have driver support
for dynamic keys.
On the other hand, the "802.1X Port-Based Authentication HOWTO" says:
«Many drivers developed outside the kernel, however, support for dynamic
WEP; HostAP, madwifi, Orinoco, and atmel should work without problems.»
(http://oreilly.linux.com/howtos/8021X-HOWTO/dynwep.shtml)
Who is right?
I have searched the Linux ORiNOCO Driver website and it's mailing lists and
I have not found a sinle reference to dynamic WEP. Am I blind or is this a
too esoteric feature for orinoco card users?
Showing posts with label dynamic WEP. Show all posts
Showing posts with label dynamic WEP. Show all posts
Sunday, 11 November 2007
Is dynamic WEP supported?
According to this article:
http://www.oreillynet.com/pub/wlg/4598
the «popular Hermes-based Orinoco 802.11b cards» don't have driver support
for dynamic keys.
On the other hand, the "802.1X Port-Based Authentication HOWTO" says:
«Many drivers developed outside the kernel, however, support for dynamic
WEP; HostAP, madwifi, Orinoco, and atmel should work without problems.»
(http://oreilly.linux.com/howtos/8021X-HOWTO/dynwep.shtml)
Who is right?
I have searched the Linux ORiNOCO Driver website and it's mailing lists and
I have not found a sinle reference to dynamic WEP. Am I blind or is this a
too esoteric feature for orinoco card users?
http://www.oreillynet.com/pub/wlg/4598
the «popular Hermes-based Orinoco 802.11b cards» don't have driver support
for dynamic keys.
On the other hand, the "802.1X Port-Based Authentication HOWTO" says:
«Many drivers developed outside the kernel, however, support for dynamic
WEP; HostAP, madwifi, Orinoco, and atmel should work without problems.»
(http://oreilly.linux.com/howtos/8021X-HOWTO/dynwep.shtml)
Who is right?
I have searched the Linux ORiNOCO Driver website and it's mailing lists and
I have not found a sinle reference to dynamic WEP. Am I blind or is this a
too esoteric feature for orinoco card users?
Is dynamic WEP supported?
According to this article:
http://www.oreillynet.com/pub/wlg/4598
the «popular Hermes-based Orinoco 802.11b cards» don't have driver support
for dynamic keys.
On the other hand, the "802.1X Port-Based Authentication HOWTO" says:
«Many drivers developed outside the kernel, however, support for dynamic
WEP; HostAP, madwifi, Orinoco, and atmel should work without problems.»
(http://oreilly.linux.com/howtos/8021X-HOWTO/dynwep.shtml)
Who is right?
I have searched the Linux ORiNOCO Driver website and it's mailing lists and
I have not found a sinle reference to dynamic WEP. Am I blind or is this a
too esoteric feature for orinoco card users?
http://www.oreillynet.com/pub/wlg/4598
the «popular Hermes-based Orinoco 802.11b cards» don't have driver support
for dynamic keys.
On the other hand, the "802.1X Port-Based Authentication HOWTO" says:
«Many drivers developed outside the kernel, however, support for dynamic
WEP; HostAP, madwifi, Orinoco, and atmel should work without problems.»
(http://oreilly.linux.com/howtos/8021X-HOWTO/dynwep.shtml)
Who is right?
I have searched the Linux ORiNOCO Driver website and it's mailing lists and
I have not found a sinle reference to dynamic WEP. Am I blind or is this a
too esoteric feature for orinoco card users?
Is Dynamic WEP Secure Enough enterprise solution ?
Dynamic WEP refers to the combination of 802.1x technology and the EAP. EAP is a flexible Layer 2 authentication protocol and a replacement to PAP and CHAP under Point-to-Point Protocol (PPP). The term dynamic WEP is derived from its unique ability to change (rekey) encryption keys. This prevents an attacker from being able to collect enough data to crack the current encryption keys. Each time a user logs into the network, a new key is created for that session. No other user will have the same session key, and the key lengths are such that reuse of the keys would be impossible to predict. Dynamic WEP also initiates more frequent key updates during the user's session, constantly changing the user's key by periodically renewing the keys every few minutes. This prevents an attacker from capturing significant data with the same key, thereby preventing any meaningful decryption of the WEP key.
We have all considered how insecure Wireless is using dynamic WEP in the scenario mentioned and I quote - "Due to one of our applications, we will be sending a clear strong signal to the parking lot". As also the mail says "Right now my plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my corporate SSID" to quote from the mails of Rocko.
My understanding of Dynamic WEP is that, in the case of PEAP or for that matter any other form of EAP derived security, there is no single common WEP key that is derived and used for all the clients. The point I am trying to lay my stress on is "no single common WEP key". In this scenario - if we were to look at this organization where we assume, should I say about 100 Wireless clients, then at an average of 15 people under each Access Point, this translates to 15 different keys - one key per person on the same Access Point. Add to this the probability of people moving from one Access Point to another at every (say) 3hours interval. Add to that the probability that the keys are not all changing at a defined point in time - this implies that based on when the user has derived the first dynamic key - the key changes at configured intervals.
To an external user (sitting in the parking lot) this poses 5 levels of randomness -
1. different users have different keys
2. different users changing their keys at different points in time
3. different users traversing across Access Points and hence changing their keys
4. The physical security that is existing on the ground that can contribute (if not greatly - at least to a reasonable extent) and hence the probability of finding out a parking lot hacker
5. Add again the probability of this guy getting sufficient numbers of weak IV's
Add to this, the number of users that are really sitting down in an area that provides a strong signal to the parking lot. Add also "direction finding capabilities" - (I am not too sure what this direction finding capability of the Access Point is, but based on context I guess it is something that deals with improving security).
SHOULD WE STILL BE AS PARANOID AS THESE MAILS SOUND OR CAN WE RELAX A BIT.
Ofcourse I would also like to add that we have not looked at whether this is a scenario where we have a Patch Antenna/ Parabolic Antenna that transmits signals in a defined direction - in this scenario there is a possibility of the replies above being used as an effective hack
Moreover, most Organizations that have this level of consideration for security should be having some form of IDS/ IPS - NIDS/ HIDS - wouldn't these have detected/ alarmed the Admin in some way or the other if he is on the LAN/ some Server/ workstation
Technically, if we were to sit down in front of a box, it will crack after sometime, but realistically in the scenario - is this possible, I guess this is the outlook that we should take when we discuss on such problems. Moreover, this immediately puts a doubt in the mind of the person about PEAP and EAP related security measures or for that matter any solution when thought from this point angle
I WOULD LIKE TO KNOW THE COMMUNITIES' VIEW IN THIS SCENARIO.
Is Dynamic WEP Secure Enough enterprise solution ?
Dynamic WEP refers to the combination of 802.1x technology and the EAP. EAP is a flexible Layer 2 authentication protocol and a replacement to PAP and CHAP under Point-to-Point Protocol (PPP). The term dynamic WEP is derived from its unique ability to change (rekey) encryption keys. This prevents an attacker from being able to collect enough data to crack the current encryption keys. Each time a user logs into the network, a new key is created for that session. No other user will have the same session key, and the key lengths are such that reuse of the keys would be impossible to predict. Dynamic WEP also initiates more frequent key updates during the user's session, constantly changing the user's key by periodically renewing the keys every few minutes. This prevents an attacker from capturing significant data with the same key, thereby preventing any meaningful decryption of the WEP key.
We have all considered how insecure Wireless is using dynamic WEP in the scenario mentioned and I quote - "Due to one of our applications, we will be sending a clear strong signal to the parking lot". As also the mail says "Right now my plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my corporate SSID" to quote from the mails of Rocko.
My understanding of Dynamic WEP is that, in the case of PEAP or for that matter any other form of EAP derived security, there is no single common WEP key that is derived and used for all the clients. The point I am trying to lay my stress on is "no single common WEP key". In this scenario - if we were to look at this organization where we assume, should I say about 100 Wireless clients, then at an average of 15 people under each Access Point, this translates to 15 different keys - one key per person on the same Access Point. Add to this the probability of people moving from one Access Point to another at every (say) 3hours interval. Add to that the probability that the keys are not all changing at a defined point in time - this implies that based on when the user has derived the first dynamic key - the key changes at configured intervals.
To an external user (sitting in the parking lot) this poses 5 levels of randomness -
1. different users have different keys
2. different users changing their keys at different points in time
3. different users traversing across Access Points and hence changing their keys
4. The physical security that is existing on the ground that can contribute (if not greatly - at least to a reasonable extent) and hence the probability of finding out a parking lot hacker
5. Add again the probability of this guy getting sufficient numbers of weak IV's
Add to this, the number of users that are really sitting down in an area that provides a strong signal to the parking lot. Add also "direction finding capabilities" - (I am not too sure what this direction finding capability of the Access Point is, but based on context I guess it is something that deals with improving security).
SHOULD WE STILL BE AS PARANOID AS THESE MAILS SOUND OR CAN WE RELAX A BIT.
Ofcourse I would also like to add that we have not looked at whether this is a scenario where we have a Patch Antenna/ Parabolic Antenna that transmits signals in a defined direction - in this scenario there is a possibility of the replies above being used as an effective hack
Moreover, most Organizations that have this level of consideration for security should be having some form of IDS/ IPS - NIDS/ HIDS - wouldn't these have detected/ alarmed the Admin in some way or the other if he is on the LAN/ some Server/ workstation
Technically, if we were to sit down in front of a box, it will crack after sometime, but realistically in the scenario - is this possible, I guess this is the outlook that we should take when we discuss on such problems. Moreover, this immediately puts a doubt in the mind of the person about PEAP and EAP related security measures or for that matter any solution when thought from this point angle
I WOULD LIKE TO KNOW THE COMMUNITIES' VIEW IN THIS SCENARIO.
Is Dynamic WEP Secure Enough enterprise solution ?
Dynamic WEP refers to the combination of 802.1x technology and the EAP. EAP is a flexible Layer 2 authentication protocol and a replacement to PAP and CHAP under Point-to-Point Protocol (PPP). The term dynamic WEP is derived from its unique ability to change (rekey) encryption keys. This prevents an attacker from being able to collect enough data to crack the current encryption keys. Each time a user logs into the network, a new key is created for that session. No other user will have the same session key, and the key lengths are such that reuse of the keys would be impossible to predict. Dynamic WEP also initiates more frequent key updates during the user's session, constantly changing the user's key by periodically renewing the keys every few minutes. This prevents an attacker from capturing significant data with the same key, thereby preventing any meaningful decryption of the WEP key.
We have all considered how insecure Wireless is using dynamic WEP in the scenario mentioned and I quote - "Due to one of our applications, we will be sending a clear strong signal to the parking lot". As also the mail says "Right now my plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my corporate SSID" to quote from the mails of Rocko.
My understanding of Dynamic WEP is that, in the case of PEAP or for that matter any other form of EAP derived security, there is no single common WEP key that is derived and used for all the clients. The point I am trying to lay my stress on is "no single common WEP key". In this scenario - if we were to look at this organization where we assume, should I say about 100 Wireless clients, then at an average of 15 people under each Access Point, this translates to 15 different keys - one key per person on the same Access Point. Add to this the probability of people moving from one Access Point to another at every (say) 3hours interval. Add to that the probability that the keys are not all changing at a defined point in time - this implies that based on when the user has derived the first dynamic key - the key changes at configured intervals.
To an external user (sitting in the parking lot) this poses 5 levels of randomness -
1. different users have different keys
2. different users changing their keys at different points in time
3. different users traversing across Access Points and hence changing their keys
4. The physical security that is existing on the ground that can contribute (if not greatly - at least to a reasonable extent) and hence the probability of finding out a parking lot hacker
5. Add again the probability of this guy getting sufficient numbers of weak IV's
Add to this, the number of users that are really sitting down in an area that provides a strong signal to the parking lot. Add also "direction finding capabilities" - (I am not too sure what this direction finding capability of the Access Point is, but based on context I guess it is something that deals with improving security).
SHOULD WE STILL BE AS PARANOID AS THESE MAILS SOUND OR CAN WE RELAX A BIT.
Ofcourse I would also like to add that we have not looked at whether this is a scenario where we have a Patch Antenna/ Parabolic Antenna that transmits signals in a defined direction - in this scenario there is a possibility of the replies above being used as an effective hack
Moreover, most Organizations that have this level of consideration for security should be having some form of IDS/ IPS - NIDS/ HIDS - wouldn't these have detected/ alarmed the Admin in some way or the other if he is on the LAN/ some Server/ workstation
Technically, if we were to sit down in front of a box, it will crack after sometime, but realistically in the scenario - is this possible, I guess this is the outlook that we should take when we discuss on such problems. Moreover, this immediately puts a doubt in the mind of the person about PEAP and EAP related security measures or for that matter any solution when thought from this point angle
I WOULD LIKE TO KNOW THE COMMUNITIES' VIEW IN THIS SCENARIO.
Hack most wireless LANs in minutes!
by: George Ou
Even after two years of WPA certification and nearly one year after 802.11i ratification, you might be wondering why I’m still talking about WEP encryption. The fact is, I would love to stop talking about it if there weren’t such an overwhelming percentage of corporations, retail outlets, and hospitals still using WEP. Although WPA brought us TKIP (think of TKIP as WEP 2.0) encryption and 802.11i brought us AES encryption, the upgrade process has been extremely painful and many products still don’t support TKIP let alone AES. The sad state of wireless LAN security is that the majority of corporations and hospitals still use dynamic per-user, per-session WEP keys while the majority of retail outlets that I’ve seen still use a single, fixed WEP key.
In the past, a hacker was at the mercy of waiting long periods of time for legitimate traffic on a wireless LAN to collect 10 million of packets to break a WEP key. In my previous blog on this topic, which was based on Mike Ossmann’s WEP article, I alerted you to the startling fact that even wireless LANs that used 802.1x/EAP authentication to dynamically assign unique per-user, per-session WEP keys were no longer safe against WEP hacking since WEP cryptanalysis had improved 50 fold. Instead of waiting for hours or even days for those 10 million packets, you now only needed about 200,000 packets to break WEP. Even though dynamic WEP key rotation could change a user’s WEP key every few minutes or so (note that key rotation isn’t always implemented by default), the new WEP cryptanalysis techniques put even dynamic WEP in striking range. Now with the new active attacks on WEP described in Ossmann’s follow-up article, hackers no longer need to passively wait for legitimate packets on a wireless LAN because they can actively inject packets into a wireless LAN to ensure a speedy packet collection session. The end result is, any WEP based network with or without Dynamic WEP keys can now be cracked in minutes! If you’re scared, you should be and you’d better go back and read the recommendations in the end of my previous blog if you’re still running WEP in any form.
Even after two years of WPA certification and nearly one year after 802.11i ratification, you might be wondering why I’m still talking about WEP encryption. The fact is, I would love to stop talking about it if there weren’t such an overwhelming percentage of corporations, retail outlets, and hospitals still using WEP. Although WPA brought us TKIP (think of TKIP as WEP 2.0) encryption and 802.11i brought us AES encryption, the upgrade process has been extremely painful and many products still don’t support TKIP let alone AES. The sad state of wireless LAN security is that the majority of corporations and hospitals still use dynamic per-user, per-session WEP keys while the majority of retail outlets that I’ve seen still use a single, fixed WEP key.
In the past, a hacker was at the mercy of waiting long periods of time for legitimate traffic on a wireless LAN to collect 10 million of packets to break a WEP key. In my previous blog on this topic, which was based on Mike Ossmann’s WEP article, I alerted you to the startling fact that even wireless LANs that used 802.1x/EAP authentication to dynamically assign unique per-user, per-session WEP keys were no longer safe against WEP hacking since WEP cryptanalysis had improved 50 fold. Instead of waiting for hours or even days for those 10 million packets, you now only needed about 200,000 packets to break WEP. Even though dynamic WEP key rotation could change a user’s WEP key every few minutes or so (note that key rotation isn’t always implemented by default), the new WEP cryptanalysis techniques put even dynamic WEP in striking range. Now with the new active attacks on WEP described in Ossmann’s follow-up article, hackers no longer need to passively wait for legitimate packets on a wireless LAN because they can actively inject packets into a wireless LAN to ensure a speedy packet collection session. The end result is, any WEP based network with or without Dynamic WEP keys can now be cracked in minutes! If you’re scared, you should be and you’d better go back and read the recommendations in the end of my previous blog if you’re still running WEP in any form.
Hack most wireless LANs in minutes!
by: George Ou
Even after two years of WPA certification and nearly one year after 802.11i ratification, you might be wondering why I’m still talking about WEP encryption. The fact is, I would love to stop talking about it if there weren’t such an overwhelming percentage of corporations, retail outlets, and hospitals still using WEP. Although WPA brought us TKIP (think of TKIP as WEP 2.0) encryption and 802.11i brought us AES encryption, the upgrade process has been extremely painful and many products still don’t support TKIP let alone AES. The sad state of wireless LAN security is that the majority of corporations and hospitals still use dynamic per-user, per-session WEP keys while the majority of retail outlets that I’ve seen still use a single, fixed WEP key.
In the past, a hacker was at the mercy of waiting long periods of time for legitimate traffic on a wireless LAN to collect 10 million of packets to break a WEP key. In my previous blog on this topic, which was based on Mike Ossmann’s WEP article, I alerted you to the startling fact that even wireless LANs that used 802.1x/EAP authentication to dynamically assign unique per-user, per-session WEP keys were no longer safe against WEP hacking since WEP cryptanalysis had improved 50 fold. Instead of waiting for hours or even days for those 10 million packets, you now only needed about 200,000 packets to break WEP. Even though dynamic WEP key rotation could change a user’s WEP key every few minutes or so (note that key rotation isn’t always implemented by default), the new WEP cryptanalysis techniques put even dynamic WEP in striking range. Now with the new active attacks on WEP described in Ossmann’s follow-up article, hackers no longer need to passively wait for legitimate packets on a wireless LAN because they can actively inject packets into a wireless LAN to ensure a speedy packet collection session. The end result is, any WEP based network with or without Dynamic WEP keys can now be cracked in minutes! If you’re scared, you should be and you’d better go back and read the recommendations in the end of my previous blog if you’re still running WEP in any form.
Even after two years of WPA certification and nearly one year after 802.11i ratification, you might be wondering why I’m still talking about WEP encryption. The fact is, I would love to stop talking about it if there weren’t such an overwhelming percentage of corporations, retail outlets, and hospitals still using WEP. Although WPA brought us TKIP (think of TKIP as WEP 2.0) encryption and 802.11i brought us AES encryption, the upgrade process has been extremely painful and many products still don’t support TKIP let alone AES. The sad state of wireless LAN security is that the majority of corporations and hospitals still use dynamic per-user, per-session WEP keys while the majority of retail outlets that I’ve seen still use a single, fixed WEP key.
In the past, a hacker was at the mercy of waiting long periods of time for legitimate traffic on a wireless LAN to collect 10 million of packets to break a WEP key. In my previous blog on this topic, which was based on Mike Ossmann’s WEP article, I alerted you to the startling fact that even wireless LANs that used 802.1x/EAP authentication to dynamically assign unique per-user, per-session WEP keys were no longer safe against WEP hacking since WEP cryptanalysis had improved 50 fold. Instead of waiting for hours or even days for those 10 million packets, you now only needed about 200,000 packets to break WEP. Even though dynamic WEP key rotation could change a user’s WEP key every few minutes or so (note that key rotation isn’t always implemented by default), the new WEP cryptanalysis techniques put even dynamic WEP in striking range. Now with the new active attacks on WEP described in Ossmann’s follow-up article, hackers no longer need to passively wait for legitimate packets on a wireless LAN because they can actively inject packets into a wireless LAN to ensure a speedy packet collection session. The end result is, any WEP based network with or without Dynamic WEP keys can now be cracked in minutes! If you’re scared, you should be and you’d better go back and read the recommendations in the end of my previous blog if you’re still running WEP in any form.
Hack most wireless LANs in minutes!
by: George Ou
Even after two years of WPA certification and nearly one year after 802.11i ratification, you might be wondering why I’m still talking about WEP encryption. The fact is, I would love to stop talking about it if there weren’t such an overwhelming percentage of corporations, retail outlets, and hospitals still using WEP. Although WPA brought us TKIP (think of TKIP as WEP 2.0) encryption and 802.11i brought us AES encryption, the upgrade process has been extremely painful and many products still don’t support TKIP let alone AES. The sad state of wireless LAN security is that the majority of corporations and hospitals still use dynamic per-user, per-session WEP keys while the majority of retail outlets that I’ve seen still use a single, fixed WEP key.
In the past, a hacker was at the mercy of waiting long periods of time for legitimate traffic on a wireless LAN to collect 10 million of packets to break a WEP key. In my previous blog on this topic, which was based on Mike Ossmann’s WEP article, I alerted you to the startling fact that even wireless LANs that used 802.1x/EAP authentication to dynamically assign unique per-user, per-session WEP keys were no longer safe against WEP hacking since WEP cryptanalysis had improved 50 fold. Instead of waiting for hours or even days for those 10 million packets, you now only needed about 200,000 packets to break WEP. Even though dynamic WEP key rotation could change a user’s WEP key every few minutes or so (note that key rotation isn’t always implemented by default), the new WEP cryptanalysis techniques put even dynamic WEP in striking range. Now with the new active attacks on WEP described in Ossmann’s follow-up article, hackers no longer need to passively wait for legitimate packets on a wireless LAN because they can actively inject packets into a wireless LAN to ensure a speedy packet collection session. The end result is, any WEP based network with or without Dynamic WEP keys can now be cracked in minutes! If you’re scared, you should be and you’d better go back and read the recommendations in the end of my previous blog if you’re still running WEP in any form.
Even after two years of WPA certification and nearly one year after 802.11i ratification, you might be wondering why I’m still talking about WEP encryption. The fact is, I would love to stop talking about it if there weren’t such an overwhelming percentage of corporations, retail outlets, and hospitals still using WEP. Although WPA brought us TKIP (think of TKIP as WEP 2.0) encryption and 802.11i brought us AES encryption, the upgrade process has been extremely painful and many products still don’t support TKIP let alone AES. The sad state of wireless LAN security is that the majority of corporations and hospitals still use dynamic per-user, per-session WEP keys while the majority of retail outlets that I’ve seen still use a single, fixed WEP key.
In the past, a hacker was at the mercy of waiting long periods of time for legitimate traffic on a wireless LAN to collect 10 million of packets to break a WEP key. In my previous blog on this topic, which was based on Mike Ossmann’s WEP article, I alerted you to the startling fact that even wireless LANs that used 802.1x/EAP authentication to dynamically assign unique per-user, per-session WEP keys were no longer safe against WEP hacking since WEP cryptanalysis had improved 50 fold. Instead of waiting for hours or even days for those 10 million packets, you now only needed about 200,000 packets to break WEP. Even though dynamic WEP key rotation could change a user’s WEP key every few minutes or so (note that key rotation isn’t always implemented by default), the new WEP cryptanalysis techniques put even dynamic WEP in striking range. Now with the new active attacks on WEP described in Ossmann’s follow-up article, hackers no longer need to passively wait for legitimate packets on a wireless LAN because they can actively inject packets into a wireless LAN to ensure a speedy packet collection session. The end result is, any WEP based network with or without Dynamic WEP keys can now be cracked in minutes! If you’re scared, you should be and you’d better go back and read the recommendations in the end of my previous blog if you’re still running WEP in any form.
Subscribe to:
Posts (Atom)