[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...
Adam Glauser
adamglauser at gmail.com
Wed Nov 3 13:19:44 EDT 2010
On 03/11/2010 12:40 PM, Khalid Baheyeldin wrote:
> To answer the original question on whether moving from no encryption/no
> password to WPA/WPA2 ...
>
> This comments says that it is very unlikely that Firesheep will affect
> WPA networks, even with a shared key.
>
> http://it.slashdot.org/comments.pl?sid=1851220&cid=34106546
> <http://it.slashdot.org/comments.pl?sid=1851220&cid=34106546>
>
> More specifically, it quotes this:
>
> http://en.wikipedia.org/wiki/IEEE_802.11i-2004#The_Four-Way_Handshake
I think Lori mentioned this earlier, but it seems that the session key*
is not securely exchanged. It seems that WPA-PSK and WPA2-PSK (aka
-Personal) add the additional effort of capturing these handshake
packets. Firesheep may not automate this yet, but it perhaps it could.
It seems that the -EAP (aka -Enterprise) versions of WPA use a proper
key-exchange algorithm and aren't vulnerable to this attack**. I don't
know all the details, but it seems that using -EAP versions of WPA
require setting up (or hiring) a RADIUS server. This also seems to
involve purchasing a certificate from a trusted authority. I'm not
sure, but it might also require extra settings on the client side. Does
anyone know?
In any case, it seems that using WPA2-EAP is the way to go from a
security standpoint, but is probably impracticable for most AP
administrators.
* more correctly, the "Pairwise Transient Key"
**
More detail here:
http://superuser.com/questions/156869/can-other-people-on-an-encrypted-wi-fi-ap-see-what-youre-doing
More information about the kwlug-disc
mailing list