Hams Report 85-mile 802.11b File Transfers @ Oregon
Mark C. Langston
mark at bitshift.org
Wed Apr 14 16:13:54 PDT 2004
On Wed, Apr 14, 2004 at 04:01:13PM -0700, Roy S. Rapoport wrote:
> On Wed, Apr 14, 2004 at 03:23:26PM -0700, Mark C. Langston wrote:
> > Since it hardly ever gets mentioned, except as a "secure substitute" for
> > WEP, I'll point out that WPA is also broken, in a manner somewhat
> > similar to WEP:
> >
> > http://www.icsalabs.com/html/communities/WLAN/wp_SimpleSecrets.pdf
> >
> > (note that the weakness is related to choosing simplistic keys for WPA
> > and is not due to ISV problems as WEP is).
>
> If I read the document correctly, then you're OK as long as your
> pre-shared key is, in fact, a good one. In other words, WPA is broken in
> much the same way that Linux is HIGHLY VULNERABLE because users sometimes
> pick stupid passwords.
>
Basically. The difference here being that simple passwords on hosts
either have to be sniffed directly, or their hashes obtained and
brute-forced (which generally requires compromising security on the
host in question to begin with).
On WPA-secured systems, the hash is available in the air to anyone who
wants it, so one could spend one's time simply grabbing hashes out of
the ether and brute-forcing them, waiting for one to fall.
Were the solution simply "don't use weak (low-entropy) passwords", we
could put up web pages containing the contents of everyone's
/etc/shadow, confident that all the passwords contained therein were
strong.
In much the same way that were the solution simply, "teach users not to
open email from strangers", we wouldn't have a virus problem.
I'm afraid that, while the solution is trivial, the practical
application of the WPA weakness is still very valid, because the weak
link is biological.
>
> Pshaw. That's really naive and trusting.
>
> For the truly paranoid, turn off your systems and go live under a rock.
> When someone comes near, throw that rock at them. Then, find another rock.
> Repeat as necessary.
>
Piffle. You're an optimist.
If you want to be really paranoid, turn off your systems, encase them in
Lucite, set the Lucite blocks in cement, drop the cement blocks down the
Marianas Trench, and use mass drivers and shaped charges to deflect the
planet's orbit into the heart of a convenient star.
With luck, some of your data may escape prying eyes.
--
Mark C. Langston Sr. Unix SysAdmin
mark at bitshift.org mark at seti.org
Systems & Network Admin SETI Institute
http://bitshift.org http://www.seti.org
More information about the Baylisa
mailing list