[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...

Adam Glauser adamglauser at gmail.com
Wed Nov 3 13:19:44 EDT 2010


On 03/11/2010 12:40 PM, Khalid Baheyeldin wrote:
> To answer the original question on whether moving from no encryption/no
> password to WPA/WPA2 ...
>
> This comments says that it is very unlikely that Firesheep will affect
> WPA networks, even with a shared key.
>
> http://it.slashdot.org/comments.pl?sid=1851220&cid=34106546
> <http://it.slashdot.org/comments.pl?sid=1851220&cid=34106546>
>
> More specifically, it quotes this:
>
> http://en.wikipedia.org/wiki/IEEE_802.11i-2004#The_Four-Way_Handshake

I think Lori mentioned this earlier, but it seems that the session key* 
is not securely exchanged.  It seems that WPA-PSK and WPA2-PSK (aka 
-Personal) add the additional effort of capturing these handshake 
packets.  Firesheep may not automate this yet, but it perhaps it could.

It seems that the -EAP (aka -Enterprise) versions of WPA use a proper 
key-exchange algorithm and aren't vulnerable to this attack**.  I don't 
know all the details, but it seems that using -EAP versions of WPA 
require setting up (or hiring) a RADIUS server.  This also seems to 
involve purchasing a certificate from a trusted authority.  I'm not 
sure, but it might also require extra settings on the client side.  Does 
anyone know?

In any case, it seems that using WPA2-EAP is the way to go from a 
security standpoint, but is probably impracticable for most AP 
administrators.

* more correctly, the "Pairwise Transient Key"
**
More detail here: 
http://superuser.com/questions/156869/can-other-people-on-an-encrypted-wi-fi-ap-see-what-youre-doing




More information about the kwlug-disc mailing list