PDA

View Full Version : Hide SSID ?



Mnyb
2008-04-28, 20:57
Hello during the setup off my Duet combo, I had to broadcast my SSID to make the setup procedure work (well it didn't really ).

But if I hide the SSID now then the communication crashes ? at least for the controller, the SB3 and SBR is unaffected.
all things are on fixed ip's this should not matter for any connected component.

I'm using an Linksys WRT54GL with tomato software 1.17 WPA2 AES and MAC filtering is used on the wireless.
I'm I alone with this setup anyone else with tomato ?

I have 1 controller 1 Reciever 1 SB3 1 server 1 destop.
The desktop and the server is wired to the router.

Is this an known issue ? or should I... you know... file another bug... (they wont like me anymore :-/ )

SuperQ
2008-04-28, 23:09
Hide SSID is a non-security feature. It's useless and just invites more haxx0rs to try and get into your network.

WPA2-AES is reasonably secure as long as your key is moderately complex.

peter
2008-04-29, 01:34
SuperQ wrote:
> Hide SSID is a non-security feature. It's useless and just invites more
> haxx0rs to try and get into your network.
>
> WPA2-AES is reasonably secure as long as your key is moderately
> complex.
>

MAC filtering is useless too and only complicates things.
WPA2 has not been cracked with a sufficiently complicated key AFAIK,
which would make it more than reasonably secure.

Regards,
Peter

Mnyb
2008-04-29, 11:51
Well I can see that MAC filtering can be cracked.

Does it not do any good as my filtered devices SB SBR and SBC are on the net all the time.
and the only Mac's the router lets through is these 3 adresses.
So any hack has to compete with these for bandwith.
The Mac filterings works without any problems, I don't see why it would be bad, my setups rarely changes.
So i don't see it as a hustle to alter the router settings once or twice a year.
My network is so static that it is in fact completely static, no DCHP

I do use WPA2 AES but i'm not so paranoid that i have an completely randomized code... yet.
it's 15 characters long. And i skipped the most obvious traps and did not use a pass based on family names, pets etc or common language.

So what would happen's if someone did crac my security you have to spoof 1 mac adress crac my WPA2 code spoof an IP nr, would not something crash if 2 devices had the same MAC and IP or same MAC and 2 different IP's. What would the router do ?

I could change my code to something random but then i have to setup the receiver again, ouch !

btw why would an hidden SSID invite haxx0rs ? how fun can a 4port router at a private home be ?
I just don't want to invite the local kids to do something.

A real hacker would probably crac it instantly. but who would want to get me ?

radish
2008-04-29, 13:02
So to get into your network you would have to do the following:

1. Find the network (given that SSID beacon is off)
2. Break the WPA encryption
3. Grab a valid MAC to associate with the AP
4. Select an unused IP (no spoofing required)

Of these, all are trivially easy to do except step 2, which given a decent password is basically impossible unless (and possibly even if) you're the NSA. Hence, you could switch on the SSID and switch off the MAC filtering and still be just as secure as you were before. However now you wouldn't have all those niggly little issues with devices which like to see the SSID or which have a new MAC to add to the router. More convenience, more compatibility, same security.

bhaagensen
2008-04-29, 13:25
Nonetheless I agree that it is a bug if the SBC cannot handle hidden SSID, so if it is not working a bug report should be filed (if one does not already exist). Of course it might not get very high priority.

jth
2008-04-29, 13:31
My SBC works fine with SSID broadcast turned off. There were some problems very early on in the
beta test but it has been fine for several months.

I have a similar setup to yours (WRT54GL, Tomato 1.19), but I don't have any encryption turned on.

pfarrell
2008-04-29, 15:17
radish wrote:
> 2. Break the WPA encryption
>[snip]
> decent password is basically impossible unless (and possibly even if)
> you're the NSA.

This is much too strong of a statement without some qualifications.
WPA with AES-CCMP is strong, WPA with RC4 is substantially weaker, and
is used in many (most?) places.

And the requirement for "decent password" is not often met. Weak
passphrases can be detected and cracked with widely available and easy
to use tools such as kismet.

To be 'decent' a password has to have a lot of entropy, which means true
random values. Just being long is not sufficient. A passphrase of:
"A SlimDevices Transporter is a great audiophile component" is long, but
has trivial amounts of entropy, especially among folks on this forum.

A good password looks like:
642435996fa7035bde1adaef4ec16368687a8b74
and this is actually a bad example, as it is not at all random, rather
its the md5 checksum of a common file.

I generally do not make casual comments about NSA's code breaking
ability. They are very good. If they want to break in, they probably will.

A chain is only as strong as its weakest link.


--
Pat Farrell
http://www.pfarrell.com/

radish
2008-04-29, 17:31
This is much too strong of a statement without some qualifications.
WPA with AES-CCMP is strong, WPA with RC4 is substantially weaker, and
is used in many (most?) places.

True, but I haven't found any evidence for a better attack than brute force. Provided your key isn't in the dictionary, you're looking at a pretty long search time. The examples I've seen indicate around 20keys/sec. Assuming I have hardware 10 times faster than that and a 10 character random key (using a-zA-Z0-9) I get a max search time of approx 4e15 seconds. Half that for an average hit time (assuming random searching) and we're still looking at 6e7 years. (Apologies for any math errors, corrections welcome!)

http://www.linuxjournal.com/article/8312
http://wirelessdefence.org/Contents/coWPAttyMain.htm
http://blogs.zdnet.com/Ou/?p=127



To be 'decent' a password has to have a lot of entropy, which means true
random values. Just being long is not sufficient. A passphrase of:
"A SlimDevices Transporter is a great audiophile component" is long, but
has trivial amounts of entropy, especially among folks on this forum.

How does the amount of entropy affect the crack time for brute force, provided there's a trivial amount so the key isn't in a dictionary? Let's say, for an example, that I have a really lame dict file that only includes english words. In this situation "Bonjour" is just as hard to crack as "aX2*i9:", and in fact "1111111" isn't any easier. Of course in real life Bonjour and 1111111 would be in the dictionary, so the random-ish key is better. I guess I'm just not understanding your comment on an MD5 hash not being good enough. Provided the attacker doesn't know you make a habit of using MD5 to generate your keys I think you're fine.

Of course there's another issue for the attacker once he's done with the dictionary, and that's that he doesn't know how much entropy is in my key, so he has to assume the maximum. I may have chosen to only use upper case letters, but he has no idea that my key doesn't have numbers in so he has to test those all the same. Now he may be smart and think that I'm probably an idiot and have a really small character set, so statistically he's better off hitting the lower-case-only keys first, but you get my point.



A chain is only as strong as its weakest link.

Agreed. The easiest way to break into WPA is probably to attack a node on the network directly (via a trojan for example) and get the PSK from an OS vulnerability.

pfarrell
2008-04-29, 18:13
radish wrote:
> How does the amount of entropy affect the crack time for brute force,
> provided there's a trivial amount so the key isn't in a dictionary?

This is getting OT, and complicated.

First, it depends on the cipher and the amount of ciphertext you have
access to. With WiFi, its easy to get huge amounts of cipher text and
you can get some known clear text. For example, if the user checks his
email every 10 minutes, you can see traffic, which will have known text
as he does the POP3 access to the ISP.

With better ciphers, every bit in the key changes every byte of output.
But you don't know, without doing a lot of serious post-doc-level
analysis, if changing the key from "Bonjour" to "Bonj0ur" changes it
completely, or if you can do partial attacks.

Birthday paradox become a big deal with sufficient amounts of ciphertext.


You also don't know how the attack works. For example, with a cable
modem or DSL line, a little work wearing all black can let you plug in a
'butt set' to pick up the clear text. With both clear text and cipher
text, a lot of attacks are much easier.

Its all about how paranoid you want to be. Remember, just because you
are paranoid, it doesn't mean that they are not out to get you.

> in so he has to test those all the same. Now he may be smart and think
> that I'm probably an idiot and have a really small character set, so
> statistically he's better off hitting the lower-case-only keys first,
> but you get my point.

If you look at the serious research, you find that even folks using what
they think are good passphrases use the same, weak ones. There are about
30,000 words in a typical college educated English speaker's vocabulary.
That is a trivial number to push through a dictionary attack. Even if
you change from Englist to LeetSpeak, its still a fairly small number in
crypto terms.

Check out the reference to a CERT advisory (Cert advisory CA-2003-08)
on lame passwords. Its sad.
http://www.pfarrell.com/technotes/lamepasswords.html


> Agreed. The easiest way to break into WPA is probably to attack a node
> on the network directly (via a trojan for example) and get the PSK from
> an OS vulnerability.

Social engineering is how most cracks are done. With the popularity of
wireless keyboards, it doesn't take much to just capture the key strokes
and skip all the WiFi stuff complete.


--
Pat Farrell
http://www.pfarrell.com/

radish
2008-04-29, 20:37
All very true....but I don't see anything suggesting a particularly good KPT attack on RC4. There's one paper I read suggesting a way to reduce the search space a little, but TKIP solves the major problem with WEP.


If you look at the serious research, you find that even folks using what
they think are good passphrases use the same, weak ones. There are about
30,000 words in a typical college educated English speaker's vocabulary.
That is a trivial number to push through a dictionary attack. Even if
you change from Englist to LeetSpeak, its still a fairly small number in
crypto terms.

Obviously, anything which is in a dictionary is as good as broken, but that's not really what I'm talking about. Once you get out of the realm of anything in a reasonable dictionary (i.e. random chars) you start getting into _how_ random it is (like your comment about an MD5 hash not being random enough). My point is that whilst good randomness is needed to implement an algo, it's not needed to generate a key, provided the attacker doesn't have access to or knowledge of how you did it.

Anyway, this is, as you say, way off topic. I'm off to bed with my old copy of Applied Crypto :)

Mnyb
2008-04-29, 21:23
Interesting responses, some of you must be in to encryption and such ?
this has gone very off topic but interesting.

On the same tangent, the SBC has a limited charset, so all phassprases are not possible to type with the controller, the same applies to the SB

I see that tomato has got to 1.19 ill have a look at that.


Quote:
If you look at the serious research, you find that even folks using what
they think are good passphrases use the same, weak ones. There are about
30,000 words in a typical college educated English speaker's vocabulary.
That is a trivial number to push through a dictionary attack. Even if
you change from Englist to LeetSpeak, its still a fairly small number in
crypto terms.

How do you check your passphrase if it's good ?
To be more specific mine is 15 letters and one number. the words used comes from rather obscure literature.

I found this test online

http://rumkin.com/tools/password/passchk.php

there my pass is judged as "resonable" with "Entropy: 48.9 bits "

and it flunks completely, according to http://www.passwordmeter.com/

But my real security is that my desktop computer is off when i'm not at home and not able to wol
My server contains only music (with its own firewall and passw).
Thats the equivalent off putting a class off water or a wiff of fresh air in a safe.
All music in the world is aviable on any torrent tracker.

the router also has passw and i use the https:/ variant off admin page.

The only concern is if some hack use's my server as a spambot or similar.

Thank you for the replys, I don't think i have the energy to write that bug report now.
My concern was realy that i had to alter perfectly functional router settings to connect the duet.

Good Morning (it's 6:22 in sweden)

pfarrell
2008-04-29, 21:51
Mnyb wrote:
> Interesting responses, some of you must be in to encryption and such ?
> this has gone very off topic but interesting.

Yes, way OT.


> On the same tangent, the SBC has a limited charset, so all phassprases
> are not possible to type with the controller, the same applies to the
> SB

Which in the grand scheme of things is not terribly important. And
inside the SqueezeBox is just a commodity WiFi card, so there are hidden
weak links in the chain, if you are NSA class paranoid.

To secure music, its not really an issue.

> How do you check your passphrase if it's good ?
> To be more specific mine is 15 letters and one number. the words used
> comes from rather obscure literature.

What is obscure in Swedish may be off the chart in America.

The real answer is that you can not tell. There are good rules of thumb,
such as this:

http://www.microsoft.com/protect/yourself/password/create.mspx


> there my pass is judged as "resonable" with "Entropy: 48.9 bits "

There is a fundamental flaw in measuring entropy in this context.
The definition comes from Claude Shannon's work, which is also the basis
for PCM audio, so I can make a tenuous connection back to audio,
squeezeboxen, etc. and is based on probability.

The usual measure is based on characters. So in theory, the information
value of an eight bit character is 1/256. But in English, we use far
fewer characters in "words". And as pointed out above, the character set
may have other limitations. So the values may be radically different in
practice.

Most folks use something close to words in their native language. This
is the basis for all dictionary attacks. The Microsoft paper cited
above, talks about how conversions to EleetSpeak, or similar things are
weak. They specifically say that "M1cr0$0ft" is not much more 'random'
than "Microsoft".

As the Microsoft paper says: "Avoid dictionary words in any language.
Criminals use sophisticated tools that can rapidly guess passwords that
are based on words in multiple dictionaries, including words spelled
backwards, common misspellings, and substitutions. This includes all
sorts of profanity and any word you would not say in front of your
children."


The problem is always social engineering, humans simply can't remember
strong random things. We have not evolved to do so. So we either use
something not random, like the phrase about Transporters in my posting
up thread, or we write it down on yellow sticky pads and past them to
the monitor.


> All music in the world is aviable on any torrent tracker.

The primary rule of serious security is to make the cost of the attack
higher than the value of the target. So if all that is in the target is
music, which is all over the torrent world, then there is little value
in the attack.

This could change if your music is flac and all the torrents have is
over compressed MP3.

Realistically, the primary value in attacks on home servers is either:
1) access to bank accounts, brokerage accounts, or identity theft enablers
2) hosts for botnets to attack other systems.

What is interesting to me is that nearly all of the information for this
stuff is ancient. I wrote Towards a Model of Computer Security October
1992 National Computer Security Conference, Fort Meade, MD, with William
H Murray. That was nearly 15 years ago. We modeled how a machine can be
used as a resource for attacks on other systems.

Some folks might notice how close "Fort Meade, MD" is to a agency of
interest.

--
Pat Farrell
http://www.pfarrell.com/

peter
2008-04-29, 22:57
Pat Farrell wrote:
> The problem is always social engineering, humans simply can't remember
> strong random things. We have not evolved to do so. So we either use
> something not random, like the phrase about Transporters in my posting
> up thread, or we write it down on yellow sticky pads and past them to
> the monitor.
>

We're talking about a home network here. It's perfectly acceptable to
create a random key with lots of entropy and put it in a file on a USB
key from where you can easily copy & paste it when you want to add a new
machine. WPA-AES can only be brute forced AFAIK and with a random enough
key that's practically impossible. With WPA you use a stream cipher and
the keys are constantly changed so that should be fairly secure, bugs in
the implementation not withstanding.

The new controller is of interest here, because if I understand it
correctly, during the initialization process the device transmits your
home WPA key over an unencrypted wifi link (or encrypted with a
fixed/guessable WEP key, I forget which). Any NSA agents in your garden
may steal it. So be particularly vigilant for black vans just after
ordering your Duet.

Regards,
Peter

bobkoure
2008-05-01, 05:37
There at least used to be a web site that would generate passwords that were "strong" but were at the same time at least somewhat memorizable.
I've lost it. Anyone remember it (and care to share)?

pnharrison
2008-05-01, 09:46
there's www.goodpassword.com

For what it's worth; I use a similar manual system; which creates a strong password which are very easy to remember. (ie password containing a mix of upper case letters, lower case letters and numbers.)

Think of a phrase which is personal to you and shrink it into an acronym, combining a relevant number:

For example:
You have two cats called Tiddles and Cuddles which were born in 2002
= TidCud02

Your friends called John and Stacy who live at number 98
= John98Stacy

[I don't have any cats... or any friends... at #98 :-) ]

pfarrell
2008-05-01, 13:24
> For what it's worth; I use a similar manual system; which creates a
> strong password which are very easy to remember. (ie password
> containing a mix of upper case letters, lower case letters and
> numbers.)
> You have two cats called Tiddles and Cuddles which were born in 2002
> = TidCud02

Still moving waaay OT.

This approach generates keys that appear strong, and are moderately
strong against a bad guy who picks you at random. But not all bad guys
do that. Many (most?) serious attacks start with some social
engineering. Finding your name, wife's name, kids names, pets names is
fairly easy, whether it be by looking at facebook or just walking down
the street and being friendly when you are walking the dog.

Your tidcut02 example is not close to random. A dictionary of your
favorite words, pets, etc. with all sorts of variant spellings is still
tiny.

Better than leaving it as "linksys" but really a false security.

I personally believe that remembered passwords just don't work for
serious security. If its random enough to be strong, you won't remember
it. If you can remember, its not really strong.

Protecting your music library does not require serious security.

Pat
--
Pat Farrell
http://www.pfarrell.com/

bobkoure
2008-05-01, 14:25
>
Protecting your music library does not require serious security.

Indeed.
But it's nice to be able to come up with a password that can both be remembered (there are a lot of passwords on post-its) and that is at least not totally susceptible to dictionary attack.
I'm a contractor (mostly software, but I end up doing IT sometimes as well), Sometimes I get asked about passwords. Sometimes they're on a post-it on a user's monitor, or the password is "password" or "Secret" and I figure I'd ought to at least say something. Up to now, I've been telling folks about "book codes" (i.e. find a phrase you can remember) and then interject some numbers and/or punctuation. So for instance, even without the punctuation you get things like tpwshbnhv (Twain) or iwtbotiwtwot (Dickens).
While we're going way off topic, IMHO it's worth reading what Clay Shirky has to say about downloading, the RIAA and encryption The RIAA Succeeds Where the Cypherpunks Failed (http://www.shirky.com/writings/riaa_encryption.html). It does have a connection to music (sort-of).

pfarrell
2008-05-01, 14:46
bobkoure wrote:
> But it's nice to be able to come up with a password that can both be
> remembered (there are a lot of passwords on post-its) and that is at
> least not totally susceptible to dictionary attack.

post-it-notes is the death of security.

> iwtbotiwtwot (Dickens).

This is actually a better example, assuming you are not internationally
known as an expert on dickens.

> 'The RIAA Succeeds Where the Cypherpunks Failed'

I was there, wrote up the NIS&T conference when they tried to sell
Clipper and key escrow.
http://w2.eff.org/Privacy/Key_escrow/Clipper_II/farrell_nist_key_escrow_meet_0995.summary


--
Pat Farrell
http://www.pfarrell.com/

DVB
2008-05-01, 15:57
https://www.grc.com/passwords.htm

/DVB

bobkoure
2008-05-01, 18:19
This is actually a better example, assuming you are not internationally known as an expert on dickens.
Well, if I was, I'd pick a line from Hemingway - assuming that I could find a line with more than nine words in it :-)

I remember when Clipper was introduced. Lots of folks were exercised about it (I was working in Cambridge at the time - RMS was making a really big deal about it). And then it just, basically... disappeared. I hadn't realized that it was withdrawn because it could be made to be too secure. Maybe that part got downplayed...(?)

pfarrell
2008-05-01, 19:00
Beyond way OT....

bobkoure wrote:
> I remember when Clipper was introduced. Lots of folks were exercised
> about it (I was working in Cambridge at the time - RMS was making a
> really big deal about it). And then it just, basically... disappeared.
> I hadn't realized that it was withdrawn because it could be made to be
> -too- secure. Maybe that part got downplayed...(?)

I am not sure it was ever withdrawn. What happened was that at the NIS&T
conference, every business interest, every speaker, every lobbyist,
except two who had products to sell for Clipper/Skipjack, was against it.

Key escrow is a fine idea, you use crypto to secure your data, and
escrow the keys to someone trusted so if the guy managing it, say Pat,
is gone to a tropical island, you can get access to the key, unlock your
data and continue business.

What was not fine was having some Government agency hold it, require
that they hold it, and just ask you to 'trust us'.

The many widely publicized problems with VA and Social Security losing
laptops with huge amounts of private data, had not happened, but folks
were still asking "trust you why?"

What really happened is that Mark Shuttleworth and others made
businesses selling strong crypto outside the US, and even the
politicians decided that the idea that only programmers in the US could
make ciphers became OBE. Shuttleworth made enough money to become a
space tourist and start Ubuntu.

Over time, the restrictions on strong crypto were loosened, and became
unenforceable.


All this was about protecting strong keys. Not keys that look random
like the "TidCud02" example, but real random keys. The reality, and back
to something vaguely on topic, is that most folks don't want the hassle
of managing real strong keys.

At least TidCud02 is a lot better than 'password' for a key

Pat

--
Pat Farrell
http://www.pfarrell.com/