Sunday, November 9, 2008

WPA - Give It A Crack [Podcast Recorded Today]

German graduate students Erik Tews and Martin Beck have discovered an exploitable hole in WPA, a popular wireless encryption protocol. This week, Tews will present a paper on the topic at the PacSec conference in Tokyo. In this 32 minute and 50 second podcast Mike Qaissaunee and I discuss wireless network security and the newly discovered WPA hole.

Here's a list of questions asked during the podcast:

Where is the information for this podcast coming from?

Why is this important?

So, we've now got a security issue with WPA encryption! Before we get to WPA - can you give us a little background on wireless encryption?

So, the first attempt was WEP. Most devices still support it - why should we not use it?

So, that's not good. What did the IEEE do?

What else did the 802.11i group do - what was the second solution?

So, let me make sure I understand. Older wireless devices can be updated to support WPA which includes TKIP. Now, I've heard of WPA2 - what is that?

So, the new products support both but old products only support WPA. I think I've got it! What did Tews and Beck actually crack?

So the problem is with old devices that only support WPA and TKIP and not WPA and AES?

What is the problem with TKIP?

Now, didn't WEP use checksums this way?

The ars technica piece mentioned short packets are ideal - especially ARP broadcasts. Why?

Let me see if I understand, an attacker sniffs a packet, makes minor
modifications to affect the checksum, and checks the results by sending
the packet back to the access point.

So it is not something we should be worried about?

What can we do to protect our networks?

Can you describe rekeying?

Now, I've heard of this - you need to be careful. You don't want to enable rapid rekeying unless ALL of your clients support IEEE 802.1x and an authentication method (e.g. EAP-TLS) that supports key distribution.

So, let's get to the point here - WPA really is not broken?

Here's how you can get the answers:

To read show notes and listen to Mike Q and my 32 minute and 50 second podcast (Sept 2006) titled WPA - Give It A Crack , click here.

Listen to it directly in your web browser by clicking here.

If you have iTunes installed you can subscribe to our podcasts by clicking here.

*****

Podcast Reference from ars technica: Battered, but not broken: understanding the WPA crack

No comments: