[Dshield] Wireless networks and corporate Lans

Chris Brenton cbrenton at chrisbrenton.org
Mon Mar 1 15:17:50 GMT 2004


Hey dude! :)

On Mon, 2004-03-01 at 08:45, John Holmblad wrote:
>
> your points are well taken and I agree that "successful" and "security" 
> are not the same thing. My use of the word "successful" in this context 
> simply means that the algorithm in question is good enough that it is 
> used  as you point out in the implementation of SSL.

Agreed but as I mentioned the application is different. TKIP moves the
use of RC4 in wireless to be closer to what is currently done with SSL
(change the keys more frequently but not on a per packet basis per RSA).
This does not mean that RC4 all of a sudden has as high a level of
integrity as say DES, just that the frequent key changes can help mask
the problems.

Let me put it this way, a hammer is a very successful tool and has been
used for hundreds of thousands of years in a verity of applications.
That does not mean I want to use it for installing screws into fine
furniture, although it could potentially do that job as well.

Actually, it will be interesting to see if RC4 comes back to haunt us
again now that SSL is being turned into a full VPN solution which will
move the use of RC4 closer to where we had problems with WEP. I'm
guessing maybe not as (hopefully) for SSL as a VPN most people will
implement 3DES. 

> I think that if TKIP had been used in the original  802.11 standard
> instead of  WEP,  we would not be having this discussion. 

Agreed, if the original spec was tighter we would not have had so many
issues.

> In other words,  similar to the 
> Data Encryption Standard (DES) say 20 years ago,  TKIP would have been 
> good enough until a) the AES standard was finalized,

Actually, many feel the jury is still out on the integrity of AES.
Rijndael was a pretty new algorithm at the time it was considered and
had not been heavily scrutinized. Even NIST describes its security as
simply "adequate" and mentions "its security margin is low" and that
"its mathematical structure lends itself to attack". This is why many
folks (like myself) stick with Blowfish when ever possible. Its kind of
like a major M$ service pack release, you don't want to be the first one
to figure out its broken. ;-)

Also, you really have to look at the time value of the data to determine
what crypto is appropriate. For example 20 years ago DES would have been
"good enough" for things like bank transactions and balances because by
the time DES was easy to brute force the data had no value. It was not
sufficient for things like social security numbers and info, medical
records, etc. which could still be very valuable today.

> Unfortunately because that was not 
> the case and WEP was introduced instead due to insufficient "crypto" 
> know-how among the IEEE 802.11 standards development team,

I don't think missing the mark on the crypto was the root cause. It was
more A) How quickly and completely wireless would be adopted B) Vendors
will only implement the lowest common denominator required to meet
specification. It was being off on those two items that lead to the poor
choices for WEP, like the crypto. Had they got these right I think WEP
would have looked a lot more like IPSec, and again we would not be
having this discussion as life would be cool.

> I defer to their judgement and expertise and so far I have not seen
> any papers exposing significant weaknesses in TKIP. 

I see it as being pretty similar to CHAP with PPTP. Many people have
adopted a "Bored now!" attitude. CHAPv1 has heavily beat up on as
everyone wanted to be the first to crack it and expose weaknesses. When
CHAPv2 was released, many didn't bother to go through it and publish
because they would never receive the same level of attention as the
original people who highlighted the problems. for example you will not
find much published that talks about the bad things with CHAPv2, but you
will not find much saying that its actually secure either. People just
lost interest.

So I doubt you will see much with TKIP more because the community has
moved on to other things rather than anything else.

> The success of  TKIP is a matter of no small 
> economic  importance because otherwise fork lift upgrades of all of the 
> hardware and software throughout the world will be required to achieve 
> successful security.

TKIP's success or failure will have nothing to do with security.
Microsoft has shown us that by making a functional product with horrible
security and yet people bought it in droves. Heck, _WEP_ has shown us
that. Its not like the sales of wireless gear has really suffered due to
the insecurities with WEP. Its not like most people even implement the
minimal level of security available with WEP. I still see more wide open
AP nodes than nodes with *any* level of security protection.

What may or may not kill TKIP is the ability to upgrade. If current
devices support TKIP but will not easily upgrade to 802.11i or possibly
higher speeds, people may sit on their hands and wait till it all gets
sorted out before spending money on an interim solution.

HTH,
Chris





More information about the list mailing list