• 15.05.2010 14:46:43

    small programs for wep key and wpa2 secret generation
    Generate keys to secure your WLAN
    from: cpom | Comments: 0

  • The idea is simple: Changing the keys and/or shared secrets weekly or monthly will keep you WLAN protected. But how to get usable keys ? You can write a small program (in Java or C#) to generate a WEP Key or a shared secret for WPA2.

  • Background

    The German federal court decided this week that a WLAN-Device, from which the owner hasnt changed the default settings from the manufacturer, is insecure. It is insecure because the default settings are well known (for example: a lot of standard passwords are 0000).Therefore he could be held in charge if someone uses the WLAN and does illegal stuff (like downloading from an illegal file sharing service), but only for not securing his network, not for the things that are done over his network.

    The really interesting part is: The owner of this device was on vacation, so he couldnt do anything with his WLAN. Some unknown breached in and did illegal file sharing.

    Preface

    To prevent such annoyance: it is a must to change all the passwords and shared secrets shortly after unpacking and powering on such a device. And you should change passwords from time to time, the more often the more better.

    While I agree with not to do confidential or secret work over wireless network connections , it is for normal people a real threat not to use their laptop or net top computer with the built in wireless NIC because some criminal could decide to break into their WLAN and do bad things.

    Therefore, a moderate secure password should be easily generated with a program and entered via cut and paste into the shared secret or wlan key box of the router. The password or key is not as hard to crack as for high security solutions, but it should lower the risk for being hacked quickly, because you are using the default settings.

    WEP key generation

    WEP has been proven many times to be insecure, so you shouldnt use it today. But I know myself: there are a lot of old devices out there that do their work, in many small offices and at many homes and not everyone could effort a new wireless router every 2 years.

    And: there are a lot of wlan repeaters that able only to use WEP to communicate with each other. This is acceptable as long as you use SSL/TLS for connections to your mail server and other critical infrastructure and you use WPA2 with the maximal shared secret length on your access points. If you use unencrypted communication to access mail and other services you are open to a man-in-the-middle attack.

    To generate a WEP128 key you could , in Java and in C#, create a random byte sequence with a length of 13 bytes and make a hexadecimal string from it and - voila! - you have a WEP key.


        byte[] wep = new byte[13];
        RandomNumberGenerator.Create().GetNonZeroBytes(wep);
        String wepKey = string.Format("{0:2x}",BitConverter.ToString(wep).Replace("-",""));

    C# snippet WEP key

    The RandomNumberGenerator from C# is part of System.Security.Cryptography and provides you much better random numbers then the normal random class.


        public static String getWEP128(){
            String wepKey = "";
                try {
                    SecureRandom sRandom = SecureRandom.getInstance("SHA1PRNG");
                    byte[] firstStage = sRandom.getSeed(13);
                    // append every byte hexformated
                    for(byte bin: firstStage){
                        wepKey+=String.format("%X",bin).toLowerCase();
                    }
                } catch (NoSuchAlgorithmException ex) {
                    Logger.getLogger(RNGNumber.class.getName()).log(Level.SEVERE, null, ex);
            }
                return wepKey;
        }

    Java snippet WEP key

    In Java you could use SecureRandom, which resides in java.security. Once the sequence is created, you can loop through the byte array and convert every single byte to its hex string representation and add it to your WEP key string.

    WPA2 Personal

    Within WPA2 in small WLANs the weakest point is often the shared secret. Thats because it is to short or it can easily be guessed. I am sure that everyone will agree with me that Sharona2108 is not really a secret if everyone in the neighborhood knows: Your daughter or your wife Sharona was born on August, the 21st.

    Another issue is the SSID, using a randomly generated Secure System ID could improve the security a little bit, but not much. Even a hidden Secure System ID can easily be sniffed.

    A MAC filter is often useless. MAC adresses are transferred in "clear text" over the network. So after inspecting some packets you know them all. Because MAC adresses can be faked a MAC filter this is not an increase of security.

    That said, generating a secure shared secret is the most important part. A shared secret for WPA2 should be of max length (63 chars) and should contain upper and lower case letters, numbers and special characters like plus or slash in random order.

    To get this done from a program you need a byte sequence with 48 randomly generated bytes . This byte sequence will be BASE64 encoded (which gives a string of length 64 with upper and lower case letters and numbers and special characters ). The first 63 or the last 63 chars will become the shared secret, which is now hopefully long enough ;).


        byte[] wpa2 = new byte[48];
        RandomNumberGenerator.Create().GetNonZeroBytes(wpa2);
        String sharedSecret = Convert.ToBase64String(wpa2).Substring(1);


    C# snippet WPA2 shared secret

    With C# this is done very quickly because BASE64 encoding is built in. If Java is your preferred language you have to decide which Base64 encoder to use.

    Sun shipped the JDK/JRE with an encoder class which would be my first choice for simple tasks, but because it is not official supported this could cause problems if you use another java implementation to run your program. Or if Oracle/SUN will remove it in a future release of Java, your program will not run with the new Java release. If you want to work around this issue, use the base64 utilities provided with Apache Jakarta Commons (which works flawless).

    This is only the way, not the full solution !

    As you see, it is really easy to generate such keys with a few lines of program code. And it is not only easy for you, it is for the bad guys too. But with such a small solution you fulfill your obligation as citizen not to keep the default settings of your device. In case you are writing such a program you can switch your WEP key or your shared secret for WPA2 very fast. Wrap a small GUI with a button around it, save it somewhere on your dektop and next time you must change keys, you have a quick solution.

    To get started you can download Visual Studio Express for C# or the Netbeans IDE for Java


    Kommentar hinzufügen | nach oben

  • Comments are disabled

Kommentare augeschaltet

Profi-Admin
profi-admin.de
profi-admin.com
profi-admin.eu

Projekte
scprojekt.de
2bsg.de

Answerengine
smartjump.de

Portale
berufstaetigeeltern.de
berufstätigeeltern.de

Weitere
der-gewerbespezialist.de
dergewerbespezialist.de

2007 - 2010 ©   Claudius Pomorska

Profi-Admin is powered by MBlog Portal

Impressum