Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Curious about the timing of the wireless WPA


  • Please log in to reply
15 replies to this topic

#1 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,577 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:52 AM

Posted 07 March 2011 - 08:29 PM

When does WPA kick in for tranmission to a website? Please assume a home environment where PCs are using a router as a wireless access point.

An application such as Outlook or a browser sends some information out. It maybe a password, username, credit card number, search criteria, etc.

At what point does the encryption for WPA kick in so that plain text gets encrypted?
1. Between the application and the computer's wireless adapter?
2. Between the other side of the wireless adapter and the router's wireless adapter?
3. After the router's wireless adapter gets the information in text format and packets go out to the wild web?
4. Is the text information you type visible to sniffers on the street before it reaches the router via the RF?
5. How can one check this sort of thing?
6. Security implications?
I really would like to learn. I do understand that even WPA keys can be hacked - but that is not the issue I want to know about, so please no replies about breaking the key unless it answers my questions. Unless my questions aren't posed correctly to the issue, of course.

BC AdBot (Login to Remove)

 


#2 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 07 March 2011 - 08:33 PM

#1 is correct. WPA encrypts any\all data being sent between the wireless NIC on the PC and the router.

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 AM

Posted 08 March 2011 - 05:27 AM

Like ThunderZ said, communication between the wireless NIC and the wireless access point is encrypted (after association and authentication).

But strictly speaking, it is not all data that is encrypted. Encryption is done for OSI layer 3 and not for the lower layers. Data at layer 2, like the MAC address of sender and receiver, is not encrypted.

If you're not familiar with the OSI model, take a glance at the Wikipedia article: https://secure.wikimedia.org/wikipedia/en/wiki/OSI_model

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 AM

Posted 08 March 2011 - 07:34 AM

One more thing I want to add: not all wireless management traffic is encrypted.

For example, an access point can send a broadcast disassociation packet that instructs all associated NICs to disassociate: break the network connection. This disassociation packet is not encrypted, an can easily be spoofed.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 08 March 2011 - 08:38 AM

Thank you Didier Stevens. My education continues. :thumbup2:

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 AM

Posted 08 March 2011 - 10:01 AM

You're welcome ThunderZ :wink:

Here's another interesting fact about WPA/WPA2 encryption: unlike WEP, you can't decrypt traffic even if you know the pre-shared key.

So if you have to setup a free wireless access point (like at an hotel, conference, ...), it's a good idea to use WPA with a simple pre-shared key, and make this key public (you could even include it in the SSID). This way, everybody can still access the wireless network, but they can't listen in to other clients' network traffic.

There are ways to decrypt the traffic, but you need more info than the pre-shared key.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 08 March 2011 - 01:26 PM

Good stuff! Was totally unaware of that.

Would have come in handy in networking a while ago for a Member setting up a small wireless network at a Lodge or motel type business.

#8 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,577 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:52 AM

Posted 08 March 2011 - 01:38 PM

My eduction continues too. Thank you Didier Stevens.

Why did I ask about the point of encryption? Because I looked at Wireshark sniffer.
Considering that the router uses WPA2 Personal, and supports TKIP+AES algorithms, and Windows uses AES for WPA shared key, I thought that when I look at the wireless packets, there will be binary/hex gibberish to a human eye.

I understand that MAC addresses and various control messages are not encrypted (OSI level2). But I'm surprised to be able to read the text stuff in the http packets. Such as user name or password while logging in here or over at Wilders (https is no issue, done by the remote server key exchanges).

I didn't do anything funny in Wireshark, no unencrypting, nothing. Just watch.
Am I misinterpreting the meaning of what I think I see?

Bottom line - if a sniffer sits under my window, can they read, in plain text, the radio transmission between the computer and the router? I always assumed NO, but my assumption is now shaken a bit.

#9 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,577 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:52 AM

Posted 08 March 2011 - 01:43 PM

#1 is correct. WPA encrypts any\all data being sent between the wireless NIC on the PC and the router.

So I think your answer is #2 not #1, am I correct?

#10 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:12:52 AM

Posted 08 March 2011 - 02:18 PM

No, #1 is correct. It's just that Wireshark sniffs packets before they are sent/encrypted:

Browser <---> Wireshark <---> WPA Encrypt/Decrypt <---> Wireless Net <---> Router <---> WPA Encrypt/Decrypt <---> Internet

#11 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 08 March 2011 - 02:49 PM


#1 is correct. WPA encrypts any\all data being sent between the wireless NIC on the PC and the router.

So I think your answer is #2 not #1, am I correct?


Yes.

But keep in mind Andrew`s answer as well.

Seem`s when it comes to PC`s there are more if`s, and`s, and but`s then just about anything else I can think of. :lmao:

#12 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,577 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:52 AM

Posted 08 March 2011 - 03:18 PM

I keep in mind all your answers, don't worry. Yes, it is a bit confusing :)

#13 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,577 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:52 AM

Posted 08 March 2011 - 03:19 PM

No, #1 is correct. It's just that Wireshark sniffs packets before they are sent/encrypted:

Browser <---> Wireshark <---> WPA Encrypt/Decrypt <---> Wireless Net <---> Router <---> WPA Encrypt/Decrypt <---> Internet

Thanks Andrew for the picture. We all use different words, so this picture clarified. Now I understand.

Two related questions:
(1) Does the packet travel with its WPA key to be unencrypted by the destination? What and when unencrypts?
and
(2) It begins to look to me that if I want to protect my Bleeping password or the unencrypted password for Verizon mail (*), I might actually be safer using wireless with WPA than the wired connection. Is it? I realize that while wired, the entire path the packets travel from Outlook are within the verizon servers. But the packet carrying my password between my browser and their web mail servers might hop all over the world.

(*) Why do I drag in verizon mail? Password sent by Outlook2003 to the verizon server, or password entered on their webmail, verizon.net, is not encrypted. No SSL. No https. See glnz post #6 on page 1 and and the tail end of page 7 here:
http://www.dslreports.com/forum/r24816137-Is-Verizon-email-UNencrypted-

I have just gotten off the phone with Verizon, and they admitted (1) that the link to their website -- webmail.verizon.net -- is UNencrypted, and (2) that the connections between my Outlook Express and their servers (incoming.verizon.net and outgoing.verizon.net) are UNencrypted.



#14 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:12:52 AM

Posted 08 March 2011 - 04:22 PM

The WPA encryption key is NOT attached to the packets. WPA uses what is known as a pre-shared key. That is, both your PC and the router know the key already.

WPA encryption ONLY protects data as it's traveling through the air from your PC to your router. After that, WPA is out of the picture. In order to have a secured connection from your PC all the way to the server you're communicating with (like a website or e-mail server) then the server must support SSL. Verizon's mail servers don't seem to support SSL (which is incredibly stupid, approaching negligent in my opinion) so you're just plain out of luck if you want to secure your password while it's in transit. I would advise you to avoid using Verizon's e-mail service altogether until they fix this. Use a service that offers SSL on all connection types. GMail does this by default.


Edit to add:

My little text diagram up there has an error in it. Should be:
Browser <---> Wireshark <---> WPA Encrypt/Decrypt <---> Wireless Net <---> WPA Encrypt/Decrypt <---> Router <---> Internet

Edited by Andrew, 08 March 2011 - 04:26 PM.


#15 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,577 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:52 AM

Posted 08 March 2011 - 05:33 PM

Verizon's mail servers don't seem to support SSL (which is incredibly stupid, approaching negligent in my opinion) so you're just plain out of luck if you want to secure your password while it's in transit. I would advise you to avoid using Verizon's e-mail service altogether until they fix this. Use a service that offers SSL on all connection types. GMail does this by default.

It is not approaching negligent. It is negligent. It is certainly unbelievable. Criminal since they, IMO, break a trust/contract between them and a paying customer, who assumes that at least some common-sense standards are in place.

Well, I learned a lot. I got my answers. Thank you very, very much.

Yes, at this point, having just discovered this major flaw in how Verizon mail servers work, you bet I'm going to a server that uses SSL. It has never occured to me before to think that what in Outlook looks like ***** and in webmail looks like ***** when I enter it, that it goes out as plain text. And it is this issue that started this whole thread. I needed to learn from you guys what to expect.

Andrew, I like your fancy, modern diagrams :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users