Cracking Wi-Fi Protected Access (WPA), Part 1
Read Part 2 of this article.
Since the turn of the century, wireless networking has grown from a very exclusive tech toy into a full-blown phenomenon. For less than $50, anyone who can plug in a toaster can essentially set up a wireless local area network (WLAN). The problem with this plug-and-play generation of users is that very few understand how their data is sent through the air, much less comprehend the associated risks. Even as I write this, an estimated 40–50% of all wireless users are not implementing any form of protection. On the bright side, this percentage is falling, albeit very slowly.
The security problem is exacerbated by the fact that early attempts at encryption were flawed. Wired Equivalent Privacy (WEP) was found to be vulnerable to various statistical weaknesses in the encryption algorithm it employed to scramble data passed over the WLAN. While attempts were made to correct the problem, it's still a relatively simple feat to crack WEP and essentially pull the password right out of the air. In addition, WEP suffers from other problems that make it unacceptable for use in any secure environment.
The wireless community knew early on that these problems existed. However, they also realized that it would take years until the standardized correction was designed and implemented into new hardware. In the meantime, millions of users needed reliable protection. The Wi-Fi Alliance stepped up to the challenge and created an interim "standard" called Wi-Fi Protected Access (WPA).
WPA did an excellent job of patching the problems in WEP. With only a software upgrade, it corrected almost every security problem either created or ignored by WEP. However, WPA also created new problems:
- One flaw allowed an attacker to cause a denial-of-service attack, if the attacker could bypass several other layers of protection.
- A second flaw exists in the method with which WPA initializes its encryption scheme. Consequently, it's actually easier to crack WPA than it is to crack WEP. This flaw is the subject of this article.