Understanding what our wireless password protects

October 22, 2017

I don't have a deep understanding of wireless networking protocols. Usually this is fine and I can get by on broad knowledge and superstition. But as part of reading about KRACK, I found myself not sure of how exposed we were in some ways, because I wasn't sure what wireless passwords actually protect. Did they only protect access to your WPA/WPA2 wireless network, or did they also secure data being transmitted and received?

(This may sound like a silly question, but Diffie-Hellman key exchange can arrange encryption between parties without any shared secret. It's perfectly possible for wireless networking to only use the wireless password to authenticate your access to the network and then have you and the AP use some form of Diffie-Hellman to negotiate the actual encryption keys.)

The short answer is that wireless passwords are used for both authentication and encryption. As best I can determine from following along in the four-way handshake from IEEE 802.11i and reading people's discussions of it, the wireless password is the only piece of secret information that goes into the encryption keys negotiated between a wireless client and the AP; everything else is visible to eavesdroppers and so doesn't protect the eventual key. If you know a network's password, you can decrypt all traffic from other people that you can snoop, provided that you captured their initial authentication to the AP.

(Confirmation for this comes from things such as Wikipedia's discussion of the lack of forward secrecy in WPA.)

This means that KRACK is in some senses much less nasty against wireless networks where the wifi password is already widely known and you assume that your network may already have eavesdroppers on it. KRACK basically gives outsiders some or a fair bit of the power that a semi-insider with the password already has. Your pool of attackers may be wider, but the severity is no worse than it was before; your worst case is still a complete loss of encryption on wireless communication.

PS: I'm not surprised by this result, because it's what my broad knowledge and superstition had led me to believe was the case. But it's one thing to just believe something because it's what I think I've heard and another thing to have actually tried to look it up to be sure.

Comments on this page:

From 193.219.181.219 at 2017-10-22 06:05:01:

It's perfectly possible for wireless networking to only use the wireless password to authenticate your access to the network and then have you and the AP use some form of Diffie-Hellman to negotiate the actual encryption keys.

I think wpa_supplicant is working on exactly this feature (presumably based on a standard being drafted). It would be useful.

By newt0311 at 2017-10-22 20:59:15:

DH can't protect against MITM attacks. For that you need a shared secret.

By Danny Howard at 2017-10-23 14:35:04:

"I don't have a deep understanding of wireless networking protocols. Usually this is fine and I can get by on broad knowledge and superstition."

Cracked me up! Thanks!

Written on 22 October 2017.
« Multi-Unix environments are less and less common now
I've now seen something doing SMTP probing of IPv6 addresses »

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Mastodon: @cks
Twitter @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web
Also: (Sub)topics

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: View Source, View Normal, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.
Last modified: Sun Oct 22 02:08:52 2017
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.