Yesterday’s story about wired and wireless network security, and policy-based networking (sort of) was really just preparation for WiFi Net News’ WPA Cracking story. Glenn Fleishman’s lead is quite direct, “we warned you: short WPA passphrases could be cracked — and now the software exists.”
He explains further:
a weakness in shorter and dictionary-word-based passphrases used with Wi-Fi Protected Access render those passphrases capable of being cracked. The WPA Cracker tool is somewhat primitive, requiring that you enter the appropriate data retrieved via a packet sniffer like Ethereal. Once entered, it runs the cracking algorithms.
Remember that to crack WEP, an attacker has to gather many packets, possibly millions, but can then easily crack any key. For WPA, certain shorter or dictionary-based keys are highly crackable because an attacker can monitor a short transaction or force that transaction to occur and then perform the crack far away from the physical site.
What are the solutions?
- Choose a better passphrase
Pick passphrases that aren’t entirely comprised of dictionary words…. “My dog has fleas”: very bad. “Mdasf;lkjadfklja;dfja;dfja;d”: very good, but hard to type in. Passphrases should be at least 20 characters.
- Use randomness to choose a passphrase
- Use WPA Enterprise or 802.1X + WPA
Or, as is my usual answer to all matters of wired and wireless network security: use good application layer security. Use SSH, SSH tunnelling, SSL, HTTPS, and anything else to make sure your passwords and other sensitive data never travel in the clear on any part of the network.