Ανεπαρκή τα WPA και WPA2 για την ασφάλεια των WiFi συνδέσεων

[farcry]

για οσους ειπαν περι quantum cryptography ktl:


"Even quantum cryptography does not 'solve' all of cryptography. The keys are exchanged with photons, but a conventional mathematical algorithm takes over for the actual encryption."

Schneier explained that the weakest point of any network is not in the transmission of data itself but at the endpoints of the network. Quantum cryptography does not solve this basic problem.

Even quantum computing itself is not the be-all and end-all of computer security, Schneier argues.

http://www.vnunet.com/vnunet/news/22...m-cryptography

δεν είναι ακριβώς όπως τα λέει. απλά μεταφέρονται κάποιες πληροφορίες μέσο συμβατικών μέσον ώστε να γίνει αποκωδικοποιήσει τις μεταδιδόμενης πληροφορίας μέσο κβαντικής μεταφοράς.

και να την υποκλέψει αυτή δε κάνει κάτι ο κλέφτης χωρίς να έχει αναλλοίωτο το περιεχόμενο από την κβαντική μεταφορά. επειδή ισχύει το no cloning theorem αυτομάτως το original τις πηγής καταστρέφεται και μεταφέρεται μονο στον δεκτη. (κβαντική κρυπτογραφία και τηλεμεταφορά έχουν κοινά σημεία)

η πληροφορία γίνεται encrypted μέσο τον κβάντων. τα αλλα χρειάζονται για να διαβαστεί η πληροφορία από την quantum state.

για το άλλο που αναφέρει έχει σχέση με το hardware του συστήματος για το ποσο ευάλωτο είναι. δεν έχει να κάνει με την κβαντική κρυπτογραφία. δε μπορείς να πεις δηλαδή ότι έσπασε λόγο αστοχίας υλικού η κάτι άλλο.

για το τρίτο που λέει ναι δεν είναι το holy grail στο computer security γιατί ισχύει το no free lunch theorem. πέραν τούτου πάντως όταν το RSA θα πάρει το πουλάκι σε λίγα χρονια (shor's algorithm) να έρθει και να μας τα πει αυτά

........Auto merged post: farcry πρόσθεσε 2 λεπτά και 31 δευτερόλεπτα αργότερα ........

Αναρωτιέμαι πάντως, πόσες κλειδαριές έχει το σπίτι σας και πόσο σίγουροι είστε οτι δεν παραβιάζονται...

αυτό είναι ένα ωραίο παράδειγμα για την κβαντική κρυπτογραφία. φαντάσου ότι αυτή είναι η πόρτα ασφαλειας που δε μπορείς να την ανοίξεις και για να μπεις μέσα στο σπίτι ξηλώνεις την κάσα τις πόρτας η διαλύεις τον τοίχο που την συγκρατεί.

αυτό όμως δε σημαίνει ότι έχεις ανοίξει την πόρτα. έτσι και η κβαντική κρυπτογραφία δε μπορεί να σπάσει απλά να προσπεραστεί μέσο τον endpoints που ανάφερε ο Schneier

[A_gamer]

αυτό είναι ένα ωραίο παράδειγμα για την κβαντική κρυπτογραφία. φαντάσου ότι αυτή είναι η πόρτα ασφαλειας που δε μπορείς να την ανοίξεις και για να μπεις μέσα στο σπίτι ξηλώνεις την κάσα τις πόρτας η διαλύεις τον τοίχο που την συγκρατεί.

αυτό όμως δε σημαίνει ότι έχεις ανοίξει την πόρτα. έτσι και η κβαντική κρυπτογραφία δε μπορεί να σπάσει απλά να προσπεραστεί μέσο τον endpoints που ανάφερε ο Schneier

Όμως το θέμα με το σπάσιμο είναι να μη σε πάρουν χαμπάρι, άρα πάει περίπατο ο στόχος, θα σταματήσει η μεταφορά δεδομένων αμέσως. Σωστά;

[farcry]

Όμως το θέμα με το σπάσιμο είναι να μη σε πάρουν χαμπάρι, άρα πάει περίπατο ο στόχος, θα σταματήσει η μεταφορά δεδομένων αμέσως. Σωστά;

ναι αλλα δεν έχει και πολύ σημασία γιατί ούτος η άλλος δε μπορεί να το διαβάσει 100%. το πρόβλημα έγκειται στα end points. εκεί είναι άλλο θέμα όπου μπορεί να γίνει η ζημια

[A_gamer]

ναι αλλα δεν έχει και πολύ σημασία γιατί ούτος η άλλος δε μπορεί να το διαβάσει 100%. το πρόβλημα έγκειται στα end points. εκεί είναι άλλο θέμα όπου μπορεί να γίνει η ζημια

Δηλαδή να διαβάσει τα δεδομένα κατευθείαν από τα μηχανήματα που χρησιμοποιούνται στην επικοινωνία και όχι το σήμα;

[farcry]

Δηλαδή να διαβάσει τα δεδομένα κατευθείαν από τα μηχανήματα που χρησιμοποιούνται στην επικοινωνία και όχι το σήμα;

yes............

[trv]

farcry, σου παραθέτω ένα αρθρό αντί απάντησης στα όσα γράφεις παραπάνω.

Quantum cryptography is useless

Bruce Schneier is right on the money with this article criticizing quantum crypto. Quantum cryptography (not quantum computing) is one of those concepts that appeals to the public and the more theoretically-minded, but is next to useless for providing actual security. Here are some less-known problems with it that I haven’t seen discussed much elsewhere.


Quantum cryptography is focused on one narrow aspect of security: key establishment. To put it simply, this involves exchanging photons with a particular polarization. The transmitter randomly sets their polarizer to one angle or the other and sends a photon. The receiver also tunes their detector to a particular polarization. The measured value at the receiver is dependent both on the sending and receiving polarizer states, as well as the bit transmitted. The sender and receiver repeat this process many times in both directions to get a set of bits. Some will be errors and some will be usable as a key, shared between both but secret.


To receive a photon, an attacker also has to choose a polarization. By measuring the photon, the state of the attacker’s polarizer is encoded in the photon. This means that the attacker cannot learn the bits without desynchronizing the sender and receiver. If the error rate is too high, an attacker is present (or the fibre is bad).


There are a number of well-known issues with quantum crypto. This key exchange process requires a reliable, non-influencable source of random bits at both the sender and receiver. Also, there needs to be some kind of pre-existing shared secret between both parties to authenticate themselves. The only way to do this is through classic crypto (e.g., public key). Otherwise, the attacker could just splice a receiver and transmitter into the cable and perform a standard MITM attack. Finally, the actual communication between the two parties is encrypted with a traditional cipher like AES, using the shared key.


I think this alone is enough to undermine the case for quantum crypto. If you are convinced to spend lots of money and effort to replace classical crypto for the sole purpose of key exchange, shouldn’t standard crypto be considered unreliable for authentication and bulk encryption also? This is Bruce’s point and is based on simple threat analysis.


Recently, this paper was published describing how bright flashes of light could temporarily overwhelm the detector circuit, allowing an attacker to trick the receiver into accepting bits as unmodified. The receiver has multiple detectors, each with a different polarization. Normally, only a photon with the proper polarization triggers the corresponding detector. But a bright pulse at a particular frequency can temporarily blind multiple detectors, leaving the remaining one to trigger on a subsequent pulse. By varying the frequency of the bright pulse to select individual detectors, the attacker can manipulate the receiver into thinking the originally transmitted bits are being received correctly.


This is a clever attack because it is based on unstated assumptions. Quantum crypto doesn’t specify how a perfect detector circuit can be designed. That’s just a black box. The designers assume that individual photons can go into the black box and be measured securely. But it’s not a black box, it’s a real world circuit that depends on optoelectronics and has associated limitations.


You can draw an analogy here to side channel or differential fault analysis. The AES algorithm might be considered computationally secure, but there are many underlying assumptions in a real-world system that implements it. There has to be a computer running the algorithm. It may be realized in hardware or software. It requires memory (DRAM, disk, core, tape?) to store intermediate state. It takes up physical space somewhere. It gets its input over some kind of busses. The environment may be hostile, with varying voltage, heat, clock frequency, etc.


What other attacks could there be? Is it possible to determine which polarizer was selected in the transmitter by probing it with light while it is preparing to send the photon? Does it consume more current when switching from one state to another? Are there timing variations in the transmitted photons based on whether the polarizer switched state or not?


Classical crypto implementations have been continually hardened in response to these kinds of attacks. I think the perceived theoretical invulnerability of quantum crypto has resulted in less attention to preventing side channel or fault analysis attacks. In this sense, quantum crypto systems are less secure than those based on classical crypto. Given its cost and narrow focus on strengthening only key exchange, I can’t see any reason for using quantum crypto.

[farcry]

farcry, σου παραθέτω ένα αρθρό αντί απάντησης στα όσα γράφεις παραπάνω.

Quantum cryptography is useless

Bruce Schneier is right on the money with this article criticizing quantum crypto. Quantum cryptography (not quantum computing) is one of those concepts that appeals to the public and the more theoretically-minded, but is next to useless for providing actual security. Here are some less-known problems with it that I haven’t seen discussed much elsewhere.


Quantum cryptography is focused on one narrow aspect of security: key establishment. To put it simply, this involves exchanging photons with a particular polarization. The transmitter randomly sets their polarizer to one angle or the other and sends a photon. The receiver also tunes their detector to a particular polarization. The measured value at the receiver is dependent both on the sending and receiving polarizer states, as well as the bit transmitted. The sender and receiver repeat this process many times in both directions to get a set of bits. Some will be errors and some will be usable as a key, shared between both but secret.


To receive a photon, an attacker also has to choose a polarization. By measuring the photon, the state of the attacker’s polarizer is encoded in the photon. This means that the attacker cannot learn the bits without desynchronizing the sender and receiver. If the error rate is too high, an attacker is present (or the fibre is bad).


There are a number of well-known issues with quantum crypto. This key exchange process requires a reliable, non-influencable source of random bits at both the sender and receiver. Also, there needs to be some kind of pre-existing shared secret between both parties to authenticate themselves. The only way to do this is through classic crypto (e.g., public key). Otherwise, the attacker could just splice a receiver and transmitter into the cable and perform a standard MITM attack. Finally, the actual communication between the two parties is encrypted with a traditional cipher like AES, using the shared key.


I think this alone is enough to undermine the case for quantum crypto. If you are convinced to spend lots of money and effort to replace classical crypto for the sole purpose of key exchange, shouldn’t standard crypto be considered unreliable for authentication and bulk encryption also? This is Bruce’s point and is based on simple threat analysis.


Recently, this paper was published describing how bright flashes of light could temporarily overwhelm the detector circuit, allowing an attacker to trick the receiver into accepting bits as unmodified. The receiver has multiple detectors, each with a different polarization. Normally, only a photon with the proper polarization triggers the corresponding detector. But a bright pulse at a particular frequency can temporarily blind multiple detectors, leaving the remaining one to trigger on a subsequent pulse. By varying the frequency of the bright pulse to select individual detectors, the attacker can manipulate the receiver into thinking the originally transmitted bits are being received correctly.


This is a clever attack because it is based on unstated assumptions. Quantum crypto doesn’t specify how a perfect detector circuit can be designed. That’s just a black box. The designers assume that individual photons can go into the black box and be measured securely. But it’s not a black box, it’s a real world circuit that depends on optoelectronics and has associated limitations.


You can draw an analogy here to side channel or differential fault analysis. The AES algorithm might be considered computationally secure, but there are many underlying assumptions in a real-world system that implements it. There has to be a computer running the algorithm. It may be realized in hardware or software. It requires memory (DRAM, disk, core, tape?) to store intermediate state. It takes up physical space somewhere. It gets its input over some kind of busses. The environment may be hostile, with varying voltage, heat, clock frequency, etc.


What other attacks could there be? Is it possible to determine which polarizer was selected in the transmitter by probing it with light while it is preparing to send the photon? Does it consume more current when switching from one state to another? Are there timing variations in the transmitted photons based on whether the polarizer switched state or not?


Classical crypto implementations have been continually hardened in response to these kinds of attacks. I think the perceived theoretical invulnerability of quantum crypto has resulted in less attention to preventing side channel or fault analysis attacks. In this sense, quantum crypto systems are less secure than those based on classical crypto. Given its cost and narrow focus on strengthening only key exchange, I can’t see any reason for using quantum crypto.

δε λέει κάτι καινούργιο. τα ίδια πράγματα που είπα και εγώ αναφέρει ότι τα vulnerabilities βρίσκονται στα endpoints και αυτά μπορούν να γίνουν exploited. όχι κατά την μεταφορά. εγώ δηλαδή τι είπα?

όπως επίσης να σπάσει και τον AES για την μεταφορά τις κλασσικής πληροφορίας από την μέτρηση που κάνει ο sender.

μα δε μπορείς να πεις ότι η κβαντική κρυπτογραφία είναι useless επειδή το hardware είναι black box. αυτό είναι άκυρο. η κρυπτογραφία και η κρυπτανάλυση είναι μαθηματικές μέθοδοι δεν είναι υλικά πράγματα.

[trv]

Μα αυτη ακριβως ειναι η ενταση και του Bruce και ολων των 'μεγαλων' του security field, με τους οποιους διαφωνεις.

Οτι η κβαντική κρυπτογραφία ειναι άχρηστη στον τομέα της ασφαλειας, απο πρακτικής αποψης.

Το αρθρο του Bruce Schneier στο Wired το διαβασες αραγε?

Το παραθέτω:


Quantum Cryptography: As Awesome As It Is Pointless

Bruce Schneier 10.16.08

Quantum cryptography is back in the news, and the basic idea is still unbelievably cool, in theory, and nearly useless in real life.

The idea behind quantum crypto is that two people communicating using a quantum channel can be absolutely sure no one is eavesdropping. Heisenberg's uncertainty principle requires anyone measuring a quantum system to disturb it, and that disturbance alerts legitimate users as to the eavesdropper's presence. No disturbance, no eavesdropper — period.

This month we've seen reports on a new working quantum-key distribution network in Vienna, and a new quantum-key distribution technique out of Britain. Great stuff, but headlines like the BBC's "'Unbreakable' encryption unveiled" are a bit much.

The basic science behind quantum crypto was developed, and prototypes built, in the early 1980s by Charles Bennett and Giles Brassard, and there have been steady advances in engineering since then. I describe basically how it all works in Applied Cryptography, 2nd Edition (pages 554-557). At least one company already sells quantum-key distribution products.

Note that this is totally separate from quantum computing, which also has implications for cryptography. Several groups are working on designing and building a quantum computer, which is fundamentally different from a classical computer. If one were built — and we're talking science fiction here — then it could factor numbers and solve discrete-logarithm problems very quickly. In other words, it could break all of our commonly used public-key algorithms. For symmetric cryptography it's not that dire: A quantum computer would effectively halve the key length, so that a 256-bit key would be only as secure as a 128-bit key today. Pretty serious stuff, but years away from being practical. I think the best quantum computer today can factor the number 15.

While I like the science of quantum cryptography — my undergraduate degree was in physics — I don't see any commercial value in it. I don't believe it solves any security problem that needs solving. I don't believe that it's worth paying for, and I can't imagine anyone but a few technophiles buying and deploying it. Systems that use it don't magically become unbreakable, because the quantum part doesn't address the weak points of the system.

Security is a chain; it's as strong as the weakest link. Mathematical cryptography, as bad as it sometimes is, is the strongest link in most security chains. Our symmetric and public-key algorithms are pretty good, even though they're not based on much rigorous mathematical theory. The real problems are elsewhere: computer security, network security, user interface and so on.

Cryptography is the one area of security that we can get right. We already have good encryption algorithms, good authentication algorithms and good key-agreement protocols. Maybe quantum cryptography can make that link stronger, but why would anyone bother? There are far more serious security problems to worry about, and it makes much more sense to spend effort securing those.

As I've often said, it's like defending yourself against an approaching attacker by putting a huge stake in the ground. It's useless to argue about whether the stake should be 50 feet tall or 100 feet tall, because either way, the attacker is going to go around it. Even quantum cryptography doesn't "solve" all of cryptography: The keys are exchanged with photons, but a conventional mathematical algorithm takes over for the actual encryption.

I'm always in favor of security research, and I have enjoyed following the developments in quantum cryptography. But as a product, it has no future. It's not that quantum cryptography might be insecure; it's that cryptography is already sufficiently secure.

[farcry]

The AES algorithm might be considered computationally secure, but there are many underlying assumptions in a real-world system that implements it. There has to be a computer running the algorithm. It may be realized in hardware or software. It requires memory (DRAM, disk, core, tape?) to store intermediate state. It takes up physical space somewhere. It gets its input over some kind of busses. The environment may be hostile, with varying voltage, heat, clock frequency, etc.

αυτό που λέει είναι αστείο. τότε για κανένα δεν είναι ο AES ασφαλής.



λες και υπάρχει κρυπτογραφικός αλγόριθμος που δεν χρειάζεται hardware για να υλοποιηθεί......αναρωτιέμαι αυτά λέει και στα κρυπτογραφικά συστήματα των τραπεζών?

[trv]

ε κοιτα, ο bruce ειναι, για να τα λεει, κατι παραπανω γνωριζει

[farcry]

ε κοιτα, ο bruce ειναι, για να τα λεει, κατι παραπανω γνωριζει

ναι οκ. αυτα που λεει ομως ισχυουν για ολα τα συστηματα. θα μπορουσε να πει οτι επειδη χρησιμοποιει τον AES η εφαρμογη αυτου εμπιπτει στην ταδε risk analysis που ισχυει παντου. βεβαια δεν εχω ακουσει πουθενα για τετοια προβληματα που αναφερει. ουτος η αλλως παντου μπορει να βρισκεται ενας insider.

για να το γενικεψω. πιστευει κανεις οτι μπορει να υλοποιηθει οποιαδηποτε κρυπτογραφικη μεθοδος με το τελειο αδιαπεραστο απο οποιονδηποτε παραγοντα συστημα?

και ενα υπολογιστη να ειχαμε αντι για ανθρωπινο παραγοντα παλι καποια στιγμη θα εβγαζε faults.

ΑΡΑ ΔΕΝ ΓΙΝΕΤΑΙ. οποτε πανω σε αυτην την παραδοχη βασιστηκε ολος ο κλαδος της κρυπτογραφιας που ασχολειται ο κυριος bruce. δεν υπαρχει ποτε τελειο στην υλη. εδω και στα μαθηματικα δεν γινεται να ειναι ολα ροδινα (incompleteness theorem). αρα τι μιλαμε για τις φυσικες επιστημες?


Οποτε για μενα αυτα που λεει ο bruce απλα δεν στεκουν πανω στον κλαδο της κρυπτογραφιας γιατι ειναι παραδοχες που εχεις αποδεχτει

[keysmith]

Ο κ. bruce ακόμα φαίνεται τον πονάει που ΔΕΝ επελέγη ο δικός του αλγόριθμος (ο Twofish) για AES αλλά ο Rijndael που μου φαίνεται δεν χάνει την ευκαιρία να τον θάβει.. Βλέπεται τώρα θα εισέπραττε αυτός τα δικαιώματα χρήσης του AES.

Οτι δεν φτάνει η αλεπού τα κάνει κρεμαστάρια

[MNP-10]

Ωραια, τωρα αρχισε να εχει τρυπες και εκτος απο brute force

http://news.cnet.com/8301-10789_3-10083861-57.html


WPA wireless encryption cracked

Researchers have found a method of cracking a key encryption feature used in securing wireless systems that doesn't require trying a large number of possibilities. Details will be discussed at the sixth annual PacSec conference in Tokyo next week.

According to PCWorld, researchers Erik Tews and Martin Beck have found a way to crack the Temporal Key Integrity Protocol (TKIP) key, used by Wi-Fi Protected Access (WPA). Moreover, they can do so in about 15 minutes. The crack apparently only works for data aimed at a Wi-Fi adapter; they have not cracked the encryption keys used to secure data that goes from the PC to the router

TKIP has been known to be vulnerable when using a high volume of educated guesses, or what's called a dictionary attack. The methods to be described by Tews and Beck do not use a dictionary attack. Apparently their attack uses a flood of data from the WPA router combined with a mathematical trick that cracks the encryption.

Some elements of the crack have already been added to Beck's Aircrack-ng Wi-Fi encryption hacking tool used by penetration testers and others.

Tews is no stranger to cracking Wi-Fi encryption. In 2007, he broke 104-bit WEP (Wired Equivalent Privacy) (PDF) in 2007. WEP was used by TJX Corp. to secure wireless cash register transmissions from its stores but criminals were able to exploit weaknesses in its encryption to commit the largest data breach in U.S. history.

Given that WEP and WPA are not secure, experts recommend using WPA2 when securing wireless networks.

[nnn]

http://www.adslgr.com/forum/showthread.php?t=245680

[MNP-10]