Wi-Fi Protected Access, thought to be a significant security improvement for wireless LANs compared to Wireless Equivalent Privacy, has a significant built-in flaw, a paper has claimed.

The flaw is not newly-discovered but rather was discussed during the ratification process, according to the paper's author, Robert Moskowitz, senior technical director for ICSA Labs. Network equipment vendors could easily solve the problem but they have provided no assistance, he said in an interview.

"Vendors have, in the large part, let the user community down," Moskowitz said. He was part of the IEEE's ratification process and voted for the standard.

Moskowitz said in his paper that hackers can successfully launch offline dictionary attacks against short pre-shared keys (PSKs), which are passphrases used for WPA. He stressed that such attacks can't succeed when longer passphrases are used. He also noted that enterprises that use RADIUS back-ends for security were not at risk.

In an interview, Moskowitz stressed that this security flaw was well known and was discussed during the ratification process for the standard. The standard itself notes the problem and states that passphrases with 20 or more characters are likely to be immune to the attacks.

"We discussed this in one meeting and somebody even posted the dialogue of the meeting online and named names," he said. He added that the problem wasn't with the standard, but rather the security tools and other help Wi-Fi equipment vendors provide.

"Vendors should say, 'You can use PSKs, and let us help you choose good ones,'" Moskowitz said.

The tools were needed because passphrases of 20 characters "are more than most people will ever use." Vendor-supplied tools were needed to create random numeric passphrases, Moskowitz said.

"If you have a random number that's even 80-bits long and convert it to a hex value or alphanumeric and use that as your passphrase, it won't be in a dictionary," Moskowitz said. "If vendors would supply just a little tool that generates a random number, you're protected against an outsider finding the PSK."

Most larger enterprises used RADIUS back-ends for security because the PSK process was impractical in larger environments, he noted. Rather, he said the PSK process was aimed at smaller enterprises and private users. However, enterprises that were simply trying out WLAN equipment may not connect this equipment to the broader security infrastructure and, as a result, are open to attack.

In his paper, Moskowitz noted that the problem comes from attacks both from within and outside the network. Of the two, an attack from inside the network had fewer barriers, he said.

The initial exchange of PSKs is not particularly private, Moskowitz pointed out, and that made it easy for anybody passively sniffing the wireless network to pick up key exchange data frames and subject them to the dictionary attack.

An initial draft of the paper is posted at Wi-Fi Networking News. Moskowitz said a final draft should be available for distribution in the next several days.

Copyright (c) 2003 CMP Media LLC