Networking & Wireless forum


Tsitroulis, Lampoudis, Tsekleves WPA2 vulnerability

by roboster2013 / January 26, 2015 12:25 AM PST


A little under a year ago Tsitroulis, Lampoudis, and Tsekleves, published a paper on a possible WPA2 vulnerability. Has anyone heard anymore information regarding it. None of my searches have come up with anything more recent than the initial reports.


Discussion is locked
You are posting a reply to: Tsitroulis, Lampoudis, Tsekleves WPA2 vulnerability
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Tsitroulis, Lampoudis, Tsekleves WPA2 vulnerability
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Clarification Request
It's not a big deal.
by R. Proffitt Forum moderator / January 27, 2015 12:53 AM PST
Collapse -
by roboster2013 / January 27, 2015 4:01 AM PST
In reply to: It's not a big deal.

Thanks for the reply Bob. It seem to get a lot of press for about a week, and then it just dropped off the radar.


Collapse -
It's on some radars.
by R. Proffitt Forum moderator / January 27, 2015 4:23 AM PST
In reply to: Thanks

But as WPA2 was put to cloud cracking it buckled and as the cloud grew I've heard it cracks in minutes now so any other method is, well, interesting the bottom line is that WiFi isn't that secure. It takes a lot of determination and the attacker has to be in range to do the work.

Most of the time you can piss off the attacker by putting the WiFi on a timer so it shuts off when you aren't there as well as changing passwords and SSID every week so they give up and go after something else.

For me this is more newsworthy ->

With that, who needs to crack WiFi?

Collapse -
by roboster2013 / January 27, 2015 7:10 PM PST
In reply to: It's on some radars.

Yeah, I noticed all the bundled stuff on the CNET downloads quite some time ago. If I download something from there, which isn't often anymore, I always look for the bundleware and un-click what I don't want.

As far as my wireless networks are concerned, for the devices that don't support WPA2 Enterprise where I have to use WPA2-PSK on that subnet, I use a maximum length value for the key. So, hopefully they'll go in search of an easier target. Wink

Have a good one.

Collapse -
The thing is, key length doesn't matter.
by R. Proffitt Forum moderator / January 28, 2015 12:52 AM PST
In reply to: Downloads

The cloud crackers obliterated that last year. Still, it does give you a day of safety if they are using that.

The timer on the router or WiFi looks to be the best way to secure a hot spot.

In parting, I find that it's best to let a client think that key length helps. It does for the homebrew cracking but then there's the cloud cracker. Measure your client's tolerance levels for how deep they can go. Don't go too deep or you may sound too much like Dr. Doom.

Collapse -
by roboster2013 / January 28, 2015 1:21 AM PST

Really? Last thing I read from a while back indicated an ability for around 3.84 e11 keys per second. What is it up to now?

Collapse -
by R. Proffitt Forum moderator / January 28, 2015 1:26 AM PST
In reply to: Keys

All I know is the cloud is bigger, the code is finely tuned so it's like an arms race. For fun I think the best line is from War Games. " The only winning move is not to play "

That is, you can avoid most of the attempts by turning off WiFi when you can. I really like routers that let you set hours of operation. Why?

Most of these folk want a connection to run Torrents so it can really upset them when the connection is not 24x7.

Now there were folk that thought MAC filtering would work but we know that is too easy to spoof today.
Bob is not Dr. Doom.

Collapse -
by roboster2013 / January 28, 2015 3:12 AM PST
In reply to: Sorry

I guess I'm stunned by the mathematical implications. Suppose I have a PSK consisting of a 64 digit hex. This avoids the PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256) hashing process and becomes the 256 bit AES key. This provides approximately 1.15e+77 possible keys. The article I referenced earlier indicated the ability to try 3.84e+11 possibilities per second. If we factor in that the current cloud cracking capability increases that ability by a magnitude of 1 trillion(an obvious WAG) or 3.84e+23, it would still take 9.55e+45 years to exhaust the possible key space for a 256 bit key. To exhaust the key space in one day would require the ability to run 1.34e+72 possibilities per second, which is a magnitude increase of e+61 over the referenced ability and e+49 over my WAG. I would think that folks like Schneier, would be shouting it from the rooftops if this were the case. Happy Yet, I can find nothing of the sort. So, I'm obviously missing something.

Collapse -
Sure. Look at bitcoin miners.
by R. Proffitt Forum moderator / January 28, 2015 3:39 AM PST
In reply to: Math

They often reach 1 terahash per second on one box. Folk have created boxes with a gang of video cards to do something similar. All this is on the web so I'll skip duplication and share how I mitigate the risk. Nod to the War Games line.

But you seem to want to believe it can't be done, so what about "/WPA2-E) they can enumerate the whole space in 1 day." which was noted in May 2013? Advancements in computing (custom ASICs, code and GPUs) mean they cover it all in minutes now.

Collapse -
by roboster2013 / January 28, 2015 4:16 AM PST

All I can say is wow! The implications of this is enormous. That effectively means that no encryption currently in use is secure, since the key can now be effectively brute forced.

Collapse -
Part of why this is, is our governments.
by R. Proffitt Forum moderator / January 28, 2015 4:32 AM PST
In reply to: Wow

There are laws concerning "too secure" communications and export there of.

Read more about Lavabit's closure over well, not wanting to install taps from a certain government. PGP's author was hounded forever it seems.

--> Most folk will be fine with a WPA2 secured WiFi but to think it's secure, well, we have to think about what our goals are. Here I follow my advice and check the connection log from time to time to see if anything pops out. The usage log helps here and my thought is that no one in the area is war or other driving.

Collapse -
by roboster2013 / January 28, 2015 7:13 AM PST

Yes, I check my authentication server logs fairly frequently as well.

All Answers

Collapse -
Pick your battles?
by R. Proffitt Forum moderator / January 28, 2015 7:27 AM PST

We've pretty dashed that WPA2 is secure enough to stand up to the most determined person that wants on your connection so moving on.

I don't want to sound as if the game is over, but we can pick our battles and win a few. Timed outages of the WiFi is one of the better moves.
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?