June 29, 2008
Bruce Schneier is something of a legend in the computer security community. He's the author of the classic, oft-cited 1994 book Applied Cryptography, as well as several well-known cryptography algorithms.
The cheeky Norris-esque design above is a reference to the actor names commonly used in examples of shared secret key exchange.
What I find most interesting about Bruce, however, is that he has moved beyond treating computer security as a problem that can be solved with increasingly clever cryptography algorithms:
Schneier now denounces his early success as a naive, mathematical, and ivory tower view of what is inherently a people problem. In Applied Cryptography, he implies that correctly implemented algorithms and technology promise safety and secrecy, and that following security protocol ensures security, regardless of the behavior of others. Schneier now argues that the incontrovertible mathematical guarantees miss the point. As he describes in Secrets and Lies, a business which uses RSA encryption to protect its data without considering how the cryptographic keys are handled by employees on "complex, unstable, buggy" computers has failed to properly protect the information. An actual security solution that includes technology must also take into account the vagaries of hardware, software, networks, people, economics, and business.
This is the programming equivalent of realizing that Peopleware is ultimately a much more important book than The Art of Computer Programming. The shift in focus from algorithms to people is even more evident if you frequent Bruce's excellent blog, or read his newest books Practical Cryptography and Beyond Fear.
As much as I respect Bruce, I was surprised to read that he intentionally keeps his wireless network open.
Whenever I talk or write about my own security setup, the one thing that surprises people – and attracts the most criticism – is the fact that I run an open wireless network at home. There's no password. There's no encryption. Anyone with wireless capability who can see my network can use it to access the internet.
I've advocated WiFi encryption from the day I owned my first wireless router. As I encountered fewer and fewer open WiFi access points over the years, I viewed it as tangible progress. Reading Bruce's opinion is enough to make me question those long held beliefs.
It's a strange position for a respected computer security expert to advocate. But I think I get it. Security is a tough problem. If you take the option of mindlessly flipping a WPA or WEP switch off the table, you're now forced to think more critically about the security of not only your network, but also the fundamental security of the data on your computers. By advocating the radical idea that your wireless network should be intentionally kept open, Bruce is attempting to penetrate the veil of false algorithmic security.
I may understand and even applaud this effort, but I don't agree. Not because I'm worried about the security of my data, or any of the half-dozen other completely rational security arguments you could make against intentionally keeping an open wireless network. My concerns are more prosaic. I desperately want to protect the thin sliver of upstream bandwidth my provider allows me. Some major internet providers are also talking about monthly download caps, too. Bruce's position only makes sense if you have effectively unlimited bandwidth in both directions. Basically, I'm worried about the tragedy of the bandwidth commons. As much as I might like my neighbors, they can pay for their own private sliver of bandwidth, or knock on my door and ask to share if they really need it.
So, to me at least, enabling wireless security is my way of ensuring that I get every last byte of the bandwidth I paid for that month.
It's worth realizing, however, that wireless security is no panacea, even in this limited role. Given a sufficiently motivated attacker, every wireless network is crackable.
With that in mind, here are a few guidelines.
- WEP = Worthless Encryption Protocol
WEP, the original encryption protocol for wireless networks, is so fundamentally flawed and so deeply compromised it should arguably be removed from the firmware of every wireless router in the world. It's possible to crack WEP in under a minute on any vaguely modern laptop. If you choose WEP, you have effectively chosen to run an open wireless network. There's no difference.
- WPA requires a very strong password
The common "personal" (PSK) variant of WPA is quite vulnerable to brute force dictionary attacks. It only takes a trivial amount of wireless sniffing to obtain enough data to attack your WPA password offline – which means an unlimited amount of computing power could potentially be marshalled against your password. While brute force attacks are still for dummies, most people are, statistically speaking, dummies. They rarely pick good passwords. If ever there was a time to take my advice on using long passphrases, this is it. Experts recommend you shoot for a 33 character passphrase.
- Pick a unique SSID (name) for your wireless network
Default wireless network names just scream I have all default settings! and attract hackers like flies to honey. Also, pre-generated rainbow tables exist for common SSIDs.
- Use WPA2 if available
As of 2006, WPA2 is required on any router that bears the WiFi certification. WPA2, as the name might suggest, is designed to replace WPA. It has stronger and more robust security. There's no reason to use anything less, unless your hardware doesn't support it. And if that's the case, get new hardware.
In the end, perhaps wireless security is more of a deterrent than anything else, another element of defense in depth. It's important to consider the underlying message Bruce was sending: if you've enabled WEP, or WPA with anything less than a truly random passphrase of 33 characters, you don't have security.
You have the illusion of security.
And that is far more dangerous than no security at all.
Posted by Jeff Atwood
Secure: one-time pads are crackable in reality... just not in theory. :)
its as good as it gets tho afaik, you are right.
you need to transmit the decoding info... how does that get encrypted? with another one time pad? ad infinitum...
i take that back. cos i just showed how its crackable in theory. nm, eh?
reductio ad absurdem. :)
I never thought my security was strong. I see it like a lock ona door. the determined hacker can force it open but the passerby will not try not knowing the risks involved. of course if the door is wide opened well I am kind of asking for people to come in and take what is mine. In this case my capped bandwidth. And since all my neighbors have default named networks I am not worried.
If I wanted it to be better I'd set something to attack back at intruders, like an alarm system or a guard dog. As they say if they come in my house uninvited I have the right to shoot then ask questions.
A true one time pad is actually 100% unbreakable. The problem is meeting the conditions for OTP.... truely random, only used once. And, of course, the biggest problem is key distribution. If you have a secure channel for delivering the key, why not just deliver the message over that channel?
An open network is still worse than a WEP-protected network. If your neighbor finds your network asks for a password, he probably won't try to crack the encryption. He will try another of the 20 wireless networks in the neighborhood, and quickly find an idiot who left it open. Simple.
I recently went near a friend's house, grabbed my iPod touch, connected to his completely open wireless network, connected to MSN Messenger using a web-based service, and told him hey look out the window. That was fun :) Now, imagine it was WEP-protected, with a password of 'qwerty'. No wireless-cracking software for the iPod touch; and I wasn't about to start bruteforcing by typing passwords on the tiny keyboard.
...I have the right to shoot then ask questions.
In your fucked-up war-centric country, maybe.
Oh and I recently had somebody get into my open network (I used to have it secured, but changed router and forgot to re-secure). I just got into his Windows shared folders, deleted everything I found, then set up MAC filtering. There's still no password, and I haven't had another intruder since.
I'd have more fun if I was using an old Linux computer as wireless AP instead of an off-shelf router with an antenna on it. You know, like redirecting all HTTP traffic to goatse.
I would have to disagree that WEP or any encryption protocol is the same as having an open network. Unless you live in a neighborhood that is super rich in knowledgeable hackers, chances are pretty small that anybody is going to crack your WEP.
Obviously a better protocol is going to be... better... but any basic security protocol is going to stop most of the people who would steal your bandwidth, which makes it much better than none at all.
I do not do networks. They move data faster than I can think and that slows down my writing. No wonder I am still in the fascicle mode after 25 years of longhand.
I use a 63-character WPA2 passphrase. Yeah, keying that into my Wii wasn't much fun.
@Jesper - While the default version of XP does not connect to WPA-2, that functionality can be added with a download from MS (http://support.microsoft.com/kb/893357).
I have no doubts that my network is breakable. However, its not going to be easy for the average joe/jane who lives in/around my network. I have 2 routers, 1 wired (hardware firewall with deep packet inspection) only and 1 wireless only. I use MAC filters, limited IP's, static IP's, Isolation (no wireless device may talk to another wireless device which is not a problem in my network), 40 key WPA-2 Personal and lastly, I turn off wifi when I'm not using it. Yeah, I pull the power cable out. Tada!
Of course if the router has a security flaw then all this amounts to zilch.
too bad that's what you got out of my post, what I was meaning to say is we aren't taking the right approach to network security...
to expand my metaphor, if we built houses like we want to build our networks we would end up with a immense door with an unbreakable lock, of course they'll be able to go through the window. What we need is a way to be notified when someone want to enter the network and say yes or no (go awnser the door). next we need an alarm system when we're not there or a guard dog that would attack the intruder trying to sneak in. we end up by placing sticker warning people that if they enter they will trigger our alarm system and open themselves for retaliation. We know this won't be able to deter the best hackers in the world but as always it is a matter of how much is your security worth.
re: Peopleware vs TAOCP
Peopleware is about a much more important (and under-explored) topic than TAOCP, but Knuth rules my heart 4-ever. TAOCP is _placed in relation to its subject_ a better book. I long for the TAOCP-level book about social processes. That's not intended to knock Peopleware.
re: WEP vs open
I've shamelessly piggybacked on open networks but WEP, if nothing else, gives the hint that the person didn't intentionally leave the network open. It's a flimsy, unglued envelope vs a postcard.
I just use WEP and turn of SSID for a little extra security, mainly because I have a couple of computers with old wireless cards that don't support anything but WEP. I also have all my machines in a domain with strong passwords.
I don't worry much about getting hacked, especially after I realized that four of my neighbors have completely open WiFi routers happily broadcasting themselves everywhere. I figured a hacker would just hop on one of theirs instead of bothering to look for mine.
re: ...war-centric country... - which of the countries that our bleeped-up country sacrificed lives and treasure to safeguard/liberate do you come from?
How much of your nation's treasure did not go into fending off Soviet aggression in the second half of the 20th century?
I desperately want to protect the thin sliver of upstream bandwidth my provider allows me.
You know there's this thing called QoS...
Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.
I think you are wrong. While I am not personally a fan of guns, I completely agree with the idea that, if someone is busting into your house, you can assume they are malicious and possibly intent on killing you. Shoot first is a reasonable policy in that instance. A security response should be appropriate for the level of threat.
That's the house though. A wireless network is different.
WEP, the original encryption protocol for wireless networks, is so fundamentally flawed and so deeply compromised it should arguably be removed from the firmware of every wireless router in the world.
The MacBook Air has firmware support for booting over wireless, and no it does not have WEP support, only WPA and WPA2 are supported.
Shoot first is a reasonable policy in that instance
Unless it happens to be somebody you know and merely mistake for a robber, which is probably a more likely scenario, given the number of people you know and the number of robbers you expect.
If all cars have no locks, then your car with a lock is much less likely to be stolen
If all cars have locks, then your car with an alarm is much less likely to be stolen
If all cars have alarms, then your car with an immobiliser is much less likely to be stolen
If all cars have mechanical locks, then your car with a electronic immobiliser as well as a lock, means that the only way to steal your expensive, new car is to hit you very hard and take the key.
You're actually less safe this way ;). It's all a matter of security/convenience and every individual has to make their own call on it.
I profoundly disagree with the proposition that given a sufficiently motivated attacker, every wireless network is crackable. This might be true with any implementation of WEP, or a hashed-passphrase variant of WPA (although WPA is optimized against passphrase-guessing attacks), but if you use a proper 256 bit randomly generated key (the 64 hexadecimal digits variant in your wifi network setup) that simply isn't crackable with today's technology. So long as no breaks in AES exist, an exhaustive search through a 256 bit keyspace simply isn't possible with any conceivable technology current or future.
Of course, if you said a sufficiently motivated attacker will find some kind of way into your network this is more likely to be true -- but if you use the strongest variant of WPA, this will involve techniques like bugs and breakins, not subverting the security of your encryption itself. All the indications are that WPA does what it says, and secures your network.
Pardon my ignorance, but wouldn't mac address white-listing be a good enough solution together with WPA encryption? Granted WPA can be brute forced, and a mac address can be spoofed, but it would take a very good ammount of resources, time and well crafted social engineering to get to base with all of the above. If your connection and data roaming within is so important, then don't use wireless altogether!
I agree with Jeff on this one. The greatest algorithm in the world won't save you from a team where everyone hates each other.
The dirty secret of this industry is that a well gelled team of the much maligned mediocre developers will totally outclass a team of geniuses that can't work together.