Information Technology Reference
In-Depth Information
it is hashed with the SSID and the SSID length to create a 256-bit PMK. This key
is then used to derive all the other keys that are used in the TKIP algorithm. The
pre-shared key is appended with the SSID and the SSID length which are then fed
into the hashing algorithm defined by the PKCS #5 v2.0: Password-based Cryptogra-
phy Standard. The string is hashed a total of 4096 times to create a 256-bit Pairwise
Transient Key (PTK) that is used to derive all the other keys used in the algorithm.
Moskowitz states that the 802.11i standard declares that there are approximately 2.5
bits of security per PSK character. The formula becomes: 2
.
5n
+
12 bits
=
Security
Strength in bits, where n is the number of characters in the pre-shared key. This
means that a typical password of 10 characters will only provide 37 bits of security.
Because of this, Moskowitz claims, a dictionary attack on the hash can be performed
to recover the password.
Recently a utility called coWPAtty has been released which uses a hash compar-
ison based attack to recover the pre-shared key. coWPAtty captures the four way
handshake authentication packets that are sent between the access point and the
client. In these packets, coWPAtty finds the SSID of the network, the addresses of
the access point and the client, and the nonces sent between the two parties. The
SSID information and the passphrase from the dictionary are used to find a PMK.
Using the other information from the exchange, the PTK is found. Using the PTK,
the attacker can try to decrypt a message and see if the integrity check value found
in the packet matches the calculated value. If so, the passphrase has been found. If
not, the next passphrase in the dictionary is tried.
4.
Other Attack Modes
4 . 1 V P N s : P o i n t - t o - P o i n t Tu n n e l i n g P r o t o c o l
A Virtual Private Network (VPN) allows an apparent “private” connection be-
tween two remote computers or networks. This is achieved by encrypting the traffic
together with some sort of authentication. VPNs can be used by small office/home
office users as well as large corporations.
Several standards have been developed to implement VPNs. One of these is the
Point-to-Point Tunneling protocol (PPTP). This protocol allows a remote user to
connect to another network using a VPN and it assures, or at least tries to assure,
that the network that has been created is private. PPTP was created as an extension
to point-to-point protocol (PPP) where dial-up users could connect to their Internet
service provider (ISP) and then create a secure connection to the VPN server. Since it
was pioneered by Microsoft, among others, PPTP is relatively simple to configure on
Windows hosts and servers. As a result, a large number of VPN networks support-
