A dictionary attack tool designed to exploit a weakness the Wi-Fi Protected Access security for wireless LANs has been published on the Web.
The software, called WPA Cracker, exploits one option that can be used in WPA, usually in consumer applications or residential WLANs: a pre-shared encryption key. This key is simpler to use and deploy than using the more complex 802.1x for authentication.
With the pre-shared key, a common shared pass phrase is set for users and the WLAN access point. This phrase and the Service Set Identifier (SSID) (the network name) of the WLAN access point then are changed via an algorithm into an encryption key used to scramble the packets between clients and the access point.
The story was first reported last Friday by the Wi-Fi Networking News Web site. WPA Cracker is available at the tinypeap.com site, which also offers a very compact RADIUS server supporting 802.1x authentication using PEAP as its authentication protocol, designed to run on WLAN access points such as the Linksys WRT54G. A white paper on the WPA Cracker code and the dictionary attack is here.
Network World Test Alliance gurus Joel Snyder and Rodney Thayer highlighted the same weakness in this October article.
The WPA vulnerability was first disclosed a year ago in a paper. The author, Robert Moskowitz, a senior technical director as ICSA Labs, noted that using the pre-shared key broadcasts in the clear certain information needed to create and verify the session encryption key. This information can be recovered and then subjected to an offline dictionary attack, usually with a program that runs through words and character combinations until it finds the original pass-phrase.
The attack will not work against nets that don’t use the pre-shared key option. But Moskowitz paints a disturbing picture for those that do rely on it, saying this attack is even easier than those mounted against the original WLAN encryption scheme called WEP. WPA was designed to correct key weaknesses in WEP.
“As the (WPA) standard states, passphrases longer than 20 characters are needed to start deterring (dictionary) attacks. This is considerably longer than most people will be willing to use,” he writes. “This offline attack should be easier to execute than the WEP attack.”