Alert: WPA Vulnerable to Dictionary Attack

Wireless networking has a new weakness, according to a new research paper. The problem is with Wi-Fi Protected Access (part of the 802.11i standard) and the way it uses pre-shared keys.

Wireless networking has a new weakness, according to a research paper by Robert Moskowitz, a senior technical director with ICSA Labs, a division of TruSecure Corp. The problem is with Wi-Fi Protected Access (WPA)—part of the 802.11i standard—and the way WPA uses pre-shared keys (PSK).

Note that another method for using keys between Wi-Fi devices—general 802.11X key establishment—is not vulnerable to this attack.

WPA was designed to be easier to use than the 802.11X approach, and it is. Users can enter a PSK passphrase, which is hashed to create the necessary 256-bit number. The problem is what happens with the PSK: it’s used as a master key—the foundation --to drive the four-way handshake that authenticates wireless devices to each other.

The vulnerability comes from two things working together. The first is that “there is a straightforward formula for converting a passphrase PSK to the 256-bit value needed for the PMK,” Moskowitz writes. Normally that wouldn’t be a problem.

Getting hold of the PSK, however, is easy, which makes reverse-engineering the password a possibility. How easy is it to get the PSK? It’s freely available to any device that requests it. Alternately, “any device can passively listen [wirelessly] for these frames and then generate the PTK,” he warns.

Once an attacker has the PTK, he can do an offline dictionary attack against it to try and crack the password and gain access to the wireless network. “There is a long history of offline dictionary attacks against hashes,” notes Moskowitz, saying that today’s attack dictionaries contain just about any real-word phrase of eight characters or less someone might write.

Against this kind of attack, a real-word passphrase with fewer than 20 characters is vulnerable. “Passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use.”

Ironically, though WPA was invented to replace notoriously easy-to-crack Wired Equivalent Privacy (WEP) standard, “this offline attack should be easier to execute than the WEP attacks,” Moskowitz writes.

He recommends WPA be used only with truly random passphrases of greater than 20 characters, and then only if deployers fully understand how the standard works, as well as its risks. Better still, use 802.11X.

For more information, see:

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.