WPA Wireless Security Standard Flawed

New WPA security standard, set to replace flawed WEP, has security vulnerability of its own.

Here we go again.

According to a paper by security expert Robert Moskowitz, the new WPA security scheme designed to protect 802.11 wireless networks has a fundamental flaw. The problem isnt with the scheme itself, but with how keys are exchanged.

Using a Pre-Shared Key (PSK) scheme—as opposed to 802.1X—can leave a network wide open in certain situations. The PSK is similar to a WEP key, in that it is a single string of bytes unique across an entire SSID.

When home users or naive network managers choose a PSK passphrase of less than 20 characters using English words, such as "Dragon Food" or "That Seventies Show," the PSK can easily be deciphered via a relatively simple dictionary attack.

And once the PSK has been swiped, its simple to then gain the Pairwise Master Key (PMK), which is used to protect transmissions from a computer to another device. The additional parameters used to generate the PMK, including both MAC addresses and the SSID, can be found simply by passively snooping network traffic.

According to Moskowitz, this type of network penetration should be easier to execute than WEP-based ones.

To be safe, anyone setting up a WPA-based wireless network should use a PSK passphrase larger than 20 characters, using a mix of letters and numbers. This is standard practice for most network administrators, certainly. But because most home wireless router products let end users enter in any word or phrase, this could become a major problem for small businesses and homes—and the corporate networks they connect to.

You can read the full analysis at WiFi News, and a detailed discussion of the issue at Slashdot.

Discuss This in the eWEEK Forum