Wireless Security
The Skinny On How Not To Write An Article About WPA-PSK Nov 15 2010 08:21PM
Paul Asadoorian (paul pauldotcom com) (4 replies)
Re: The Skinny On How Not To Write An Article About WPA-PSK Nov 16 2010 01:45PM
Rob Fuller (jd mubix gmail com) (1 replies)
Re: The Skinny On How Not To Write An Article About WPA-PSK Nov 17 2010 02:06PM
Christopher Byrd (chris riosec com) (1 replies)
Re: The Skinny On How Not To Write An Article About WPA-PSK Nov 18 2010 04:47PM
dragorn kismetwireless net
Re: The Skinny On How Not To Write An Article About WPA-PSK Nov 16 2010 02:28AM
Richard Farina (sidhayn gmail com)
Re: The Skinny On How Not To Write An Article About WPA-PSK Nov 16 2010 01:57AM
Grant Moerschel (gm wavegard com)
Re: The Skinny On How Not To Write An Article About WPA-PSK Nov 16 2010 01:00AM
Kenneth Voort (listbounce-01 voort ca) (1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10-11-15 3:21 PM, Paul Asadoorian wrote:
> http://nakedsecurity.sophos.com/2010/11/09/dear-starbucks-the-skinny-on-
how-you-can-be-a-security-hero/
>
> They did come clean and present the real (?) facts, that in a WPA-PSK
> network you can decrypt anyone's traffic that joins the network after
> you (which I am assuming is correct, unless the experts on this list
> present evidence to the contrary or I get off my lazy ass and look it up
> myself).

This is theoretically true - the pairwise temporal key is a hash of (group temporal key + nonces +
MAC addresses), so given the shared secret, there is nothing you know that I don't, as the nonces
and mac addresses used to build the PTK are only encrypted with a shared secret.

It still raises the bar for Firesheep attacks. Firesheep is only designed to work over unencrypted
WiFi connections (and will work on WEP networks as well, or in conjunction with Ettercap). So yes,
it is /possible/ to decrypt anyone's traffic on a WPA network who joins after you do, but there
exists no skiddieproof tool to do it.

The bottom line is that although WPA will protect us from Firesheep alone, the problem cannot
entirely be solved with WPA encryption and a well-known password - we need end to end encryption
from the Facebook side, or client-based certificates from the Starbuck's side.
- --
Kenneth Voort - kenneth {at} voort <SPAMGUARD> {dot} ca
FDF1 6265 EBAB C05C FD06 1AED 158E 14D6 37CD E87F | pgp encrypted email preferred
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkzh18cACgkQFY4U1jfN6H/L9gCeNdeRN9WlqPcwhwvmYRao/3S5
9WgAn0CAbx3OASHJOcbXIoBBXBH/0XhZ
=76WX
-----END PGP SIGNATURE-----

[ reply ]
Re: The Skinny On How Not To Write An Article About WPA-PSK Nov 17 2010 06:24AM
Cedric Blancher (blancher cartel-securite fr)


 

Privacy Statement
Copyright 2010, SecurityFocus