Matt26
join:2007-07-06
| breaking 256 bit AES encryption
i have a wireless network set up at home with WPA2 using PSK authentication and 256 bit AES encryption.
from what i understand about wireless security, someone can easily sniff my wireless traffic however they would need to break the AES encryption before they could actually see what any of the data is.
assuming my understanding here is correct, is the PSK authentication key that i use to access my wireless network required in order to break the AES encryption, or can the encryption be broken using only brute force?
thanks for any information on this topic. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| It might be breakable with brute force if you use a poor choice of your PSK key. That's why a key of at least 20 characters is recommended, preferably using a non-obvious string of characters.
Beyond that, AES has been well tested by cryptographers, and there is no known easy way of breaking it if the key is well chosen.
Technically speaking, brute force will always work. But if it will take billions of years of computation, we don't worry much about it and we consider it adequately secure. |
|
jbibe
Premium,MVM
join:2001-02-22
1 edit | reply to Matt26
said by Matt26  :i have a wireless network set up at home with WPA2 using PSK authentication and 256 bit AES encryption. The Temporal Key used to encrypt the unicast traffic contains 128 bits, not 256 bits. The group key to encrypt the broadcast and multicast traffic also contains 128 bits. |
|
Matt26
join:2007-07-06 | reply to nwrickert
so does this mean that the PSK is required in order for the encryption to be broken, or can it be broken without the key being known? |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| Let me try rewording my answer.
The only known method for breaking AES is trial and error - testing possible keys until you find one that works. Cryptography researchers have not found any weakness such as might allow an easier way of breaking it.
Testing all possible keys would take billions of years, so does not pose a plausible threat.
Trial and error can be a lot faster with a dictionary attack - testing only keys obtained in dictionaries, dictionaries of phrase, etc. Likewise, trial and error restricted to short keys is a lot faster. As long as you choose a key that is long enough (20 or more characters is recommended), and is not a common word or phrase, there is no reason for concern.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.8 |
|
docrice
join:2008-03-31
Fremont, CA
| reply to Matt26
In addition to "AES," you might want to look up "CCMP" as well.
The use of encryption in securing data isn't for creating an expectation of absolute security. In another lifetime far away, WEP may have been enough of a security measure. Times have changed, of course, and very quickly. It's all about understanding the risk level in regards to your information, how much it costs to secure it, and what's a reasonable level of security.
If your data only needs to be secure for 100 years but it's well-known that the encryption could be defeated in 10, assuming the attacker had x amount of computing resources at her disposal and y amount of time to try out all possible keys, would that be acceptable? For most people probably not. But flip it a bit and say that it couldn't be done under a million years, then it's probably "good enough."
New attack methods are eventually discovered, bugs exist within implementations, etc.. For right now, WPA2 using AES-CCMP is good enough, but if you're using pre-shared key it all assumes that you chose a relatively strong passphrase to build your Pairwise Master Key upon. Anything can be brute-forced given enough resources. It's just a matter of making it difficult enough to deter the attacker to go somewhere else. |
|
caedmon
@cox.net
| reply to nwrickert
quote:
The only known method for breaking AES is trial and error
This is commonly called a "brute force attack". It is virtually impossible when using AES with a random 128 bit key at this time.
Important Note
The PSK key you configure has nothing to do with the keys used with the AES encryption. The PSK is used for authentication and as part of the algorithm used to setup the keys used by AES. The PSK is the only known weak point in WPA-PSK when using CCMP(AES encryption). If someone captures the initial 4 messages when a client first joins a network they can use a brute force attack on the PSK. If they crack the PSK they can decrypt those 4 messages and determine what the AES key is.
Each client negotiates a different AES key each time they join the network but knowing the PSK allows one to obtain the AES key used by that client if they capture the initial 4 messages when that client joins the network. |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
 ·Shaw
| reply to Matt26
said by Matt26 :...someone can easily sniff my wireless traffic... A slight correction of terms here. Someone can easily see your network, that's all. The traffic data is secure.
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous |
|
docrice
join:2008-03-31
Fremont, CA | Actually, I'd say that sniffing the wireless traffic is easy, but reading the original contents of the data is the problem if the traffic is encrypted. After all, the 802.11 frame information is always cleartext. |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | I'll stand corrected then. Thanks! |
|
Matt26
join:2007-07-06
| reply to caedmon
ok, just so i'm clear- there are two separate keys involved in WPA/WPA2- the PSK key (which would be the password/passphrase used to authenticate a user to the network) and an AES key used for the encryption of the data- and these AES keys change each time a client authenticates to the network. is this correct?
as far as a brute force attack is concerned- my understanding is that the more complex the passphrase the harder it will be to crack it, and i use a passphrase made of 63 random ASCII characters- so my guess is that this would be next to impossible for anyone to crack. would this be reasonable to assume?
thanks for all the replies. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | Yes, that's a very reasonable assumption. |
|
caedmon
@cox.net | reply to Matt26
Yes to both questions. |
|
KodiacZiller
join:2008-09-04
73368
| Brute forcing AES is simply out of the question and will likely always be out of the question, at least until quantum computing comes around (and even then it seems unlikely).
Someone above said it would take millions of years to brute force 128 bit AES. That is incorrect. It would take trillions of times longer than the age of the universe. And even then, the energy requirements would be so large that the energy of the sun would need to be harnessed. |
|
crevis12
join:2009-05-01
256 | reply to Its a Secret
how can some body see your wireless connection?  |
|
DownTheShore
Tar and Feather Joe Lieberman
Premium
join:2003-12-02
Beautiful NJ
clubs:
| The wireless routers broadcast signal, each with an identifying SSID (name). That's what people see when they click on "connect to network" on their wireless-equipped device. When I click on that, the window that opens up shows all of the wireless networks within reach of my laptop, e.g. "Sam", "Belkin", "foshizzle", etc. It also tells me if they are secure or unsecure, what wireless protocol they're using (a, g, n, etc.) and what encryption type they're using (WEP, etc.), but that's all information it provides.
--
Patriotism is not waving a flag, it is living the ideals
Sarah Palin & Michele Bachmann: Not A Single Brain Cell Between Them |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
·Shaw
| reply to crevis12
Peek-a-boo, I see you |
said by crevis12 :how can some body see your wireless connection? Something like this ring a bell? |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| I think something like AirPcap is more what they mean as it allows you to capture the packets sent via wireless.
»www.cacetech.com/products/airpcap.html
Strong encryption is a good thing, so use it and you don't need to worry about someone sniffing your wifi packets.
Blake
yep I carry one of those in my laptop bag and for even more fun one of these »www.metageek.net and other wireless goodies (bluetooth etc), but wireless security (all frequencies) is an 'interest' of mine.
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
