Security Now 337

From The Official TWiT Wiki

Security Now
Episode 337


"WPS A Troubled Protocol"Hosts: Leo Laporte and Steve Gibson Topic: WPS A Troubled Protocol Transcript Previous episode – Next episode

Security Now 337: WPS A Troubled Protocol

45:50 - 1:18:32

The protocol requires mutual authentication. i.e. the client needs to prove it knows the routers pin and the router needs to prove it knows the pin. To prevent a rouge access point from pretending to be your router.
All data is being sent in the clear using radio waves, so attackers can easily listen to whats being sent and modify data being sent
How does each end prove it knows the pin without revealing it?
- It uses a hash

The client takes the pin it knows and it adds a random blob (a nonce) (128 bits) and hashes it
- This prevents rainbow table attacks on the pin
It then sends this to the access point
The access point does the same things, adds a nonce to the pin and hashes it, then sends it to the client.

The access point can then concatenate the pin and nonce hash it and compare it to what the client sent
They will only be the same if the access point and client have the same pin

The problems

The protocol was cut in half to attempt to provide protection against a active attacker (talking to a bad guy, not our access point)
The attacker can now brute force the protocol
The first two messages give all the info you need to brute force the pin
So they chopped the pin in half
- Hash first 4 digits and send that
- Verify the first half
- Then send the second half

There is no way to make this protocol secure
In the worst case in a day you can get the 1st 4 digits of the pin
The problem is the pin is static
- All the original documentation says the pin can only be used once
- The wifi alliance decided this would be too expensive to implement though

This area is for use by TWiT staff only. Please do not add or edit any content within this section.