WPA's got a little weakness: poor key choice. This was true with WEP, too: an ASCII WEP key was substantially easier to crack than a random hex key, although both were vulnerable. (It was estimated by one fellow at the 802.11 Planet conference a couple of years ago that ASCII WEP keys took 1/6th as much effort to crack.)
Now we have a similar but worse problem with WPA. If you capture the initial key exchange on association and the key is 20 ASCII characters or less comprising only dictionary words, a dictionary attack can be carried out offline without any additional data interception. You can send a disassociate command force a new key exchange to capture. You could be on an off the network in, say, 2 minutes, and have everything you need to crack at leisure. This was well known, but the early interface designs for WPA key entry of pre-shared keys (PSK) lets users enter passphrases of as few as eight ASCII characters. (Apple's is the only one I know of that also allows a full 32-byte/256-bit hex key entry.) The solution is very simple, according to Robert Moskowitz. Enter keys that are at least 80 bits long and random (10 hex bytes or 20 characters) although 96 to 128 bits is much better. 256 bits is overkill, but just fine, if you want to enter it. Robert's let me post his paper on the topic, and I've written a kind of executive summary of it intended for a more general audience: <http://wifinetnews.com/archives/002453.html> Before the flames arrive, please remember that although this problem has been discussed before, it hasn't been pinned down and analyzed in conjunction with the user interface design. The flaw isn't exactly a flaw. WPA is still fine. It's really a key choice issue. The way that this affects 802.1X and WPA is more interesting: because 802.1X/EAP allows key rotation, no one key gets used by more than one station and no one key is used for very long. The key choice can be quite long, too, because it's being generated automatically, not manually entered. ---------------------------------------------------------------------- Glenn Fleishman, Unsolicited Pundit: read my work at http://glennf.com Senior editor of JIWIRE, your guide to Wi-Fi - http://www.jiwire.com/ Macintosh columnist, The Seattle Times http://seattletimes.com/ptech/ Contributing editor, News, InfoWorld magazine http://www.infoworld.com Contributing editor, TidBITS, -the- Mac newsletter http://tidbits.com Read daily wireless networking industry news at http://wifinetnews.com -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
