PDA

View Full Version : quick way to enter WPA password?



grimholtz
2006-11-21, 20:43
Hi,

I have a 64-character (hex) WPA2 password that I need to enter into a bunch of SB3s. Is the only way to do it with the remote control? Is there a faster way than cycling through the characters on the remote's keypad?

Thanks,
grimholtz

Mark Lanctot
2006-11-21, 20:55
Yeah, me too - I decided to make things harder for a dictionary attacker by using capitalization, punctuation, letters, numbers and misspelling. I suspect I only made it harder on myself.

No, there are no shortcuts. Thankfully you don't have to do it all that often.

If you haven't discovered it already, a time saver is that when you get your character, you can just press the next button to enter the next character, you don't have to scroll right. But if it's a character mapped to the same number you either have to scroll or wait for the cursor to advance.

In my case, I'm doing this with a universal remote that doesn't show letter mapping with the numbers, so the first 5-6 characters are wild guesses.

BTW there was a recent post that referenced a blog where the blogger insisted that 10 characters was good enough. I'm still using a 63-character passphrase though.

I'm curious - you say a bunch of SB3s. How many? Are you getting into whole-house Squeezeboxing? :-)

grimholtz
2006-11-21, 21:09
Well, I fibbed. I only have two SB3s right now, and I'm lucky enough to have some of my house wired with CAT5e, so only one of those two SB3s uses its wifi connection right now.

The reason I fibbed is that I thought it would be easier than explaining that I periodically change my WPA pre-shared key every month or so. I don't do that because I'm paranoid; I do it because I hack my linksys wifi router all the time, and usually end up having to reset it and/or reflash it every month. You'd think I'd learn to save the AES pre-shared key and reuse it each time, but I haven't learned that lesson yet.

grimholtz
2006-11-21, 21:32
By the way, to get the best security from your WEP/WPA passwords, use true random characters as generated by hotbits (https://www.fourmilab.ch/hotbits/secure_generate.html) or similar. Pseudo-random and non-random strings aren't nearly as secure.

Mark Lanctot
2006-11-21, 21:34
By the way, to get the best security from your WEP/WPA passwords, use true random characters as generated by hotbits (https://www.fourmilab.ch/hotbits/secure_generate.html) or similar. Pseudo-random and non-random strings aren't nearly as secure.

Never thought of that. Thanks for the tip.

radish
2006-11-21, 21:53
I wrote a little program which generates random passwords. My WPA key is 10 chars (lower case + numbers) which is really perfectly secure and much easier to type.

EDIT: Oh and write it on a post-it attached to the router. If the wannabe intruder can read it, you've got bigger problems :)

grimholtz
2006-11-21, 22:18
I wrote a little program which generates random passwords.
Software and most hardware is only capable of generating pseudo-random numbers. These are not truly random and often aren't cryptographically secure.

JJZolx
2006-11-22, 00:35
I have a 64-character (hex) WPA2 password that I need to enter into a bunch of SB3s. Is the only way to do it with the remote control? Is there a faster way than cycling through the characters on the remote's keypad?

No, there isn't. And I feel your pain. Then again, what else would you suggest? Until the player is able to get on the network, there's not much it can do - such as cloning another player's settings or pulling the password from the server. I'ts a bit of chicken and egg.

At least the password entry has gotten _much_ better with the newer versions of the firmware, though there's still some room for improvement. I've filed a number enhancement requests for data entry on the Squeezebox, some of which have been addressed. One of them that hasn't been implemented yet is that the data entry uses non-fixed width characters. This causes the display to jump all over the damned place when entering long passwords.

smc2911
2006-11-22, 02:17
I wrote a little program which generates random passwords. My WPA key is 10 chars (lower case + numbers) which is really perfectly secure and much easier to type.

EDIT: Oh and write it on a post-it attached to the router. If the wannabe intruder can read it, you've got bigger problems :)

Here's a perfect source of WPA keys: https://www.grc.com/passwords.htm (unique every time).

bergek
2006-11-22, 03:39
Here's a perfect source of WPA keys: https://www.grc.com/passwords.htm (unique every time).

Sure, if you trust grc.com. Personally I prefer to make passwords up myself (either by just typing away at the keyboard or making my own application to generate them). I know that this may reduce the entropy per character but using an Internet site to generate passwords doesn't exactly strike me as the most secure alternative. What's preventing Steve at grc.com from selecting passwords from a list of, say, one million passwords? He could even store information about which user got which keys from his web site which would be devastating if you use it for services which are exposed to the Internet.

radish
2006-11-22, 08:20
Software and most hardware is only capable of generating pseudo-random numbers. These are not truly random and often aren't cryptographically secure.

I know. The PRNG used to generate a WPA key has no need to be cryptographically secure. The difference between pseudo- and really-random numbers is only exploitable if the attacker has some knowledge of the PRNG used and ideally a large sample of output so they can predict sequential values. In this example they don't have either, they have a stream which is encrypted using a single value from the PRNG as key - that's not enough to exploit the PRNG.

There's currently no known attack against WPA which is better than brute force, and provided your key isn't in a dictionary then any value is as good as any other (of the same entropy). What matters is that the key you use is long enough and contains enough entropy, and isn't in any dictionary (or isn't generatable based on a dictionary transformation).

grimholtz
2006-11-22, 08:39
I know. The PRNG used to generate a WPA key has no need to be cryptographically secure.
I disagree, seeing as the encryption algorithm used by WPA (in my case) is AES.


The difference between pseudo- and really-random numbers is only exploitable if the attacker has some knowledge of the PRNG used and ideally a large sample of output so they can predict sequential values. In this example they don't have either, they have a stream which is encrypted using a single value from the PRNG as key - that's not enough to exploit the PRNG.
I understand.


There's currently no known attack against WPA which is better than brute force, and provided your key isn't in a dictionary then any value is as good as any other (of the same entropy). What matters is that the key you use is long enough and contains enough entropy, and isn't in any dictionary (or isn't generatable based on a dictionary transformation).
Attacks against AES are transferrable to WPA if you use AES instead of TKIP (AES is preferred). Bottom line: by not using a cryptographically secure key for AES encryption, you are increasing the chances of a successful brute-force attack.

pfarrell
2006-11-22, 08:56
grimholtz wrote:
> Attacks against AES are transferrable to WPA if you use AES instead of
> TKIP (AES is preferred). Bottom line: by not using a cryptographically
> secure key for AES encryption, you are increasing the chances of a
> successful brute-force attack.

Any one who considers arithmetical methods of producing random digits
is, of course, in a state of sin.
John von Neumann, 1951, quoted by Knuth

all true, but the first question in any discussion of cryptography is
"what is the value of the resource?" and then "what attacks are expected?"

For 99% of folks, the value of the resource is pretty small, and the
typical attack is someone freeloading off your WiFi to get free access.
In my house, I can see four neighbor's WiFi access points, none
with serious security. I live in a fairly spread out suburb.
My daughter lives in an apartment near a college campus, she
can see a dozen unprotected WiFi points.

If you have lots of financial information on your computers, or are
running a porn website out of your basement, you have higher
concerns. If you are just protecting some music on a slimserver,
there are other things to worry about than the strength of
your crypto keys.


--
Pat
http://www.pfarrell.com/music/slimserver/slimsoftware.html

radish
2006-11-22, 10:12
Attacks against AES are transferrable to WPA if you use AES instead of TKIP (AES is preferred). Bottom line: by not using a cryptographically secure key for AES encryption, you are increasing the chances of a successful brute-force attack.
This isn't quite true. When attacking a WPA2-AES network you have two choices - attack AES or attack WPA. Attacking AES requires you to brute force (or otherwise derive) the session key (which is generated for you by WPA and as far as I can tell is not dependent on the security of your PSK). Attacking WPA directly will allow you to authenticate as a legitimate client and get your own session key, this negating the need to attack AES.

Simply put: the PSK you generate & enter is not used as the AES key, it's used to protect the AES key. Thus, I still don't believe it need to be any more secure than is required to defeat a dictionary attack.

grimholtz
2006-11-22, 10:35
For 99% of folks, the value of the resource is pretty small
I'm in the 1% you didn't include. I store The Truth on my PCs and transmit it back and forth between them constantly :)


which is generated for you by WPA and as far as I can tell is not dependent on the security of your PSKI thought the PSK is used as the initial key in the key renewal interval (typically 3600 seconds). If you have other info, I'd like to hear about it with references, please.


Attacking WPA directly will allow you to authenticate as a legitimate client and get your own session key, this negating the need to attack AES.I'm not so concerned about someone gaining access to the network as I am with someone snooping encrypted OTA packets. Both have been shown to be enormously difficult with WPA2, but I believe the former is more difficult than the latter.