By Ryan Naraine
November 06, 2003
A glaring weakness in the interface design of the WPA protocol could open the door to passphrase cracking attacks.
A wireless security expert has detected a glaring weakness in the interface design of a highly touted Wi-Fi Protected Access (WPA) protocol deployed in numerous Wireless LAN products.
According to a research paper posted on Wi-Fi Networking News, the weakness could allow intruders to crack poorly chosen passphrases via offline dictionary attacks.
The weakness detailed in the research paper written by IEEE and IETF committee member Robert Moskowitz means that Wi-Fi hardware products that ship with WPA might be less secure than the older Wireless Encryption Protocol (WEP), which it replaced.
The WPA standard, unveiled in late 2002 as the replacement for WEP , was designed to improve upon the security features in wireless networks. Specifically, WPA offered improved data encryption through the temporal key integrity protocol (TKIP).
The TKIP feature scrambles the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the keys haven’t been tampered with. WEP, on the other hand, uses a static key that is seldom changed by users. This cryptographic weakness is responsible for many of the known security issues in WLANs because intruders could easily figure out an encryption key and access a wireless network.
The latest weakness only takes effect when short, text-based keys are used and does not reflect a fault in the WPA protocol. The weakness was described as an interface problem that allows a user to enter weak keys that can be cracked with offline dictionary attacks.
And, according to Moskowitz, the weakness can be avoided if WLAN hardware manufacturers build units with the ability to generate random keys that can be copied and pasted across systems. Manufacturers can also restrict the ability to enter weak keys by requiring passphrases with numerous characters instead of words that can be found in the dictionary.
The researcher warned that dictionary based programs used to crack passwords are heavily used by criminal hackers.
Microsoft has rolled out a free Windows XP download with support for WPA. The XP update tweaks the way the OS communicates with the Wi-Fi protocol. Instead of having one encrypted key for everyone to connect to the network, Microsoft said its WPA update would provide separate keys for each system connecting to the Wi-Fi network.