NetStumbler.org Forums

Go Back   NetStumbler.org Forums > Software > Unix/Linux
Reload this Page Shared Key Authentication in Linux ???
Register Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
Old 05-24-2004   #1 (permalink)
samalex
Registered Member
 
Join Date: May 2004
Posts: 1
Shared Key Authentication in Linux ???
Hi all,

Has anyone successfully connected to an Access Point that has Shared Key Authentication enabled? I'm using an Orinoco Gold a/b Combo card on SuSE 9.1 Pro, and though the card works fine with an open access point, it won't connect to one with WEP and Shared Key Authentication enabled.

I've tried the stock drivers that come with SuSE 9.1 Pro plus Linuxant, but either seem to work. I was about to try Madwifi, but they FAQ's for Madwifi say they don't work with shared key or restricted.

The card is working fine and seeing the access point fine with 'iwlist scan', but it's giving this error in /var/log/messages: authentication failed (reason 13)

Thanks for any insight or info,

Sam Alex.
samalex is offline   Reply With Quote
Old 05-24-2004   #2 (permalink)
Thorn
Did you do the math?
 
Thorn's Avatar
 
Join Date: Apr 2002
Location: Villa Straylight
Posts: 10,494
Quote:
Originally Posted by samalex
Hi all,

Has anyone successfully connected to an Access Point that has Shared Key Authentication enabled? I'm using an Orinoco Gold a/b Combo card on SuSE 9.1 Pro, and though the card works fine with an open access point, it won't connect to one with WEP and Shared Key Authentication enabled.

I've tried the stock drivers that come with SuSE 9.1 Pro plus Linuxant, but either seem to work. I was about to try Madwifi, but they FAQ's for Madwifi say they don't work with shared key or restricted.

The card is working fine and seeing the access point fine with 'iwlist scan', but it's giving this error in /var/log/messages: authentication failed (reason 13)

Thanks for any insight or info,

Sam Alex.
You don't want to use Shared Key WEP. It is less secure than Open Key WEP. While this may seem counterintuitive due to the names, Open Key systems are actually the more secure of the two types of key systems. In an Open Key network, the key is not exchanged over the wireless link as it is with a Shared Key network.
__________________
Thorn
"Read Altas Shrugged. Compare it to today. Repeat as necessary"
Thorn is offline   Reply With Quote
Old 05-25-2004   #3 (permalink)
firefighter99
Registered Member
 
Join Date: Apr 2004
Posts: 17
Quote:
Originally Posted by Thorn
You don't want to use Shared Key WEP. It is less secure than Open Key WEP. While this may seem counterintuitive due to the names, Open Key systems are actually the more secure of the two types of key systems. In an Open Key network, the key is not exchanged over the wireless link as it is with a Shared Key network.
That's what I read also, but I'm not sure why it's less secure. Okay, you can see the challenge text and the encrypted text and you even know if the authentication worked or not, but I can't think of one tool which uses this authentication to crack wep.
Could you provide me an detailed information WHY it's not good.
firefighter99 is offline   Reply With Quote
Old 05-25-2004   #4 (permalink)
Chris
Bad as Can
 
Chris's Avatar
 
Join Date: Jul 2002
Posts: 1,141
Quote:
Originally Posted by firefighter99
That's what I read also, but I'm not sure why it's less secure. Okay, you can see the challenge text and the encrypted text and you even know if the authentication worked or not, but I can't think of one tool which uses this authentication to crack wep.
Could you provide me an detailed information WHY it's not good.
Googled, not original:
Quote:
The 802.11b standard supports two means of client authentication between the wireless NIC and the AP: open and shared key authentication. Open key authentication involves supplying the correct SSID. With shared key authentication, the AP sends the client device a challenge text packet that the client must then encrypt with the correct WEP key and return to the AP. If the client has the wrong key or no key, authentication will fail and the client will not be allowed to associate with the AP. Shared key authentication is not considered secure, because a hacker who detects both the clear-text challenge and the same challenge encrypted with a WEP key can decipher the WEP key.

With open key authentication, even if a client can complete authentication and associate with an AP, the use of WEP prevents the client from sending data to and receiving data from the AP, unless the client has the correct WEP key.

In the 802.11 standard, a device first Authenticates to the AP, and then Associates. The original designers intended that there would be a number of different Authentication methods to control who could use an AP.

In the 1999 version of the standard, 2 Authentication methods are defined: Open and Shared. In Open, any device can Authenticate to the AP. In Shared, only devices with the WEP key can successfully Authenticate. Sounds good so far.....

The problem with Authenticate, is that were it is in the process of establishing connectivity, none of the higher-level protocols, like 802.1X can be run inside of the Authenticate 802.11 frames. So 802.11i does not use it, just uses Open Authenticate.

Shared Authenticate has a serious flaw, in that it is a simple challenge/response protocol. This design is very open to offline dictionary attacks. A WEP key would easily be exposed. Additionally, even in Open Authentication, a device that did not have the WEP key would not be able to communicate via the AP, as the AP would discard all data packets from the device.

Bottom line: Shared Authentication does not add any security, and may weaken your security. Don't bother with it.
__________________
perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
Chris is offline   Reply With Quote
Old 05-25-2004   #5 (permalink)
Thorn
Did you do the math?
 
Thorn's Avatar
 
Join Date: Apr 2002
Location: Villa Straylight
Posts: 10,494
Quote:
Originally Posted by firefighter99
That's what I read also, but I'm not sure why it's less secure. Okay, you can see the challenge text and the encrypted text and you even know if the authentication worked or not, but I can't think of one tool which uses this authentication to crack wep.
Could you provide me an detailed information WHY it's not good.
What Chris said.

That's it, really. In a netshell, if you have the clear word and you have the coded word, you've just been given what you need to work out the actual encryption key. Cryptography types call that a "crib."

As far as a specific WEP cracking tool which uses this method, I don't know of one. However, from a coding standpoint it should be straightforward. We know the encrytion algorithm, and we now have a crib.

Actually, considering that most recent firmwire has made the "weak" packets are getting to be a thing of the past, I'd think that this has the potential to be used more often for people who want to break WEP.
__________________
Thorn
"Read Altas Shrugged. Compare it to today. Repeat as necessary"
Thorn is offline   Reply With Quote
Old 05-25-2004   #6 (permalink)
firefighter99
Registered Member
 
Join Date: Apr 2004
Posts: 17
@chris: you qoute that open system is using the ssid to authenticate in the network, but I read other articles claiming that if you enter no ssid you get access to the ap as well.

About the shared key weakness. Isnt it true that every encrypted package is starting with a first plaintext byte 0xAA (SNAP designation), so that every package could be used to test an WEP key and crack it this way? If that works the shared key authentication doesnt add any further weakness - it's already bad enough.

- http://ftp.die.net/mirror/papers/802.11/wep_attack.html
Last edited by firefighter99 : 05-25-2004 at 07:04 AM.
firefighter99 is offline   Reply With Quote
Old 05-25-2004   #7 (permalink)
Chris
Bad as Can
 
Chris's Avatar
 
Join Date: Jul 2002
Posts: 1,141
Quote:
Originally Posted by firefighter99
@chris: you qoute that open system is using the ssid to authenticate in the network, but I read other articles claiming that if you enter no ssid you get access to the ap as well.
It depends. If the AP is broadcasting it's SSID, then a blank or "Any" SSID on the client side will often authenticate. If the AP is not broadcasting that isn't the case, you have to use the SSID for authentication.
__________________
perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
Chris is offline   Reply With Quote
Old 01-03-2005   #8 (permalink)
Trunkmonkey
Registered Member
 
Trunkmonkey's Avatar
 
Join Date: Aug 2004
Location: Haverhill, MA USA
Posts: 5
Bump!

Quote:
From: http://www.cisco.com/warp/public/102/wlan/confwep.html

Accept Authentication Types

Select the Open option, the Shared Key option, or both, to set the authentications the Access Point will recognize.

Open (RECOMMENDED)

This default setting allows any device, regardless of its WEP keys, to authenticate and attempt to associate.

Shared Key

This setting tells the Access Point to send a plain-text, Shared Key query to any device attempting to associate with the Access Point. This query can leave the Access Point open to a known-text attack from intruders. Therefore, it is not as secure as the Open setting.

...

Caution: The Shared-key mode is not recommend. When the Shared-key mode is used, a clear text and encrypted version of the same data is transmitted on the air. It does not gain anything. If the user's key is wrong, the unit does not decrypt the packets and the packets cannot gain access to the network.
Quote:
From: http://www.redhat.com/archives/fedor.../msg00132.html

By doing Shared Key Authentication, you are providing potential
crackers with both the Plaintext and the Ciphertext for the same data.
This makes is much much easier for a third party to basically figure
out what the WEP key is.

Here is an excerpt from Jon Edney and William A. Arbaugh's book, Real
802.11 Security, pp. 91-92:

"During [shared key] authentication the access point sends a random
string of 128 bytes. The way in which this "random" string is
generated is not defined, but one would hope at least that it was
different for each authentication attempt. The mobile station
encrypts the string and sends it back. Sounds good, but hang on a
moment--WEP encryption involves generating a sequence of pseudorandom
bytes called the key stream and XORing it with the plaintext. So any
one watching this transaction now has the plaintext challenge and the
encrypted response. Therefore, simply by XORing the two together, the
enemy has a copy of the RC4 random bytes.
[...]
The attacker is "authenticated" without ever knowing the secret key.
Hopless!
[...]
So not only does this approach not authenticate, it actually assists
the enemy to attack the encryption keys"
Trunkmonkey is offline   Reply With Quote
Reply

« WPA Supplicant and Orinoco 0.13e | Atheros (MADWIFI) compared to Hermes »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Google
 
Web NetStumbler.org

All times are GMT -7. The time now is 02:21 PM.

Contact Us - NetStumbler.org - NetStumbler.com - Online Backup - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0 ©2007, Crawlability, Inc.


All messages express the views of the author and are for entertainment purposes only. Netstumbler.org cannot be held responsible for the authenticity of the content or the actions of its members. By using this site and its services, you warrant that you will not post any messages that are discriminating, obscene, hateful, threatening, or otherwise violates any laws and you release Netstumbler.org from any future claims of any kind whatsoever including, but not limited to, addiction and loss of productivity. All forum messages, private messages and any other content are properties of Netstumbler.org. Even if publicly available, personal or copyrighted information are not to be posted without the consent of the owner. Distribution of licensed and copyrighted materials in any way not endorsed by the copyright owner is strictly prohibited. You may not use this site and its resources to spam other sites or individuals or perform any action that violates any law. Items sold or bought in the For Sale forum are sold as is and no warranty or insurance of any kind is provided. Netstumbler.org cannot be held responsible for the outcome of any transactions and no warranty of any kind is provided, either express or implied. Vulgar words are not allowed in the subject lines ; they may be used in the message body in any forum. The Administrator, Super Moderators and Moderators of Netstumbler.org have the right to remove, edit, move or close any thread for any reason and to reveal your identity and other known information in the event of a complaint or legal action arising from any message posted by you.