Over the weekend, this really hit the Irish blogosphere — several Irish guys have apparently figured out the algorithm used by Eircom to generate WEP keys.
I blogged that page in the link-blog this morning, but it’s worth writing about a little more. WEP is apparently easy to crack nowadays, so in a way all those wifi users were insecure anyway — but this is interesting as a case study of how not to write a key generator:
Compiled code != secret: the first mistake Eircom made was to generate the WEP key entirely from a little “secret” text, some “secret” shuffles, and the serial number of the hardware. There should always be some randomness in there. Compiled code running on a user’s desktop, is not secret.
Don’t share secrets: Secondly, it’s a good demo of why you don’t generate two separate key values from the same source data. In this case, both the WEP key and the SSID are generated from the Netopia router’s serial number — and sufficient bits are accidentally exposed in the SSID to enable computation of the WEP key. (This is kind of moot in many cases, since the serial number is also exposed in the MAC address, in even more detail.)
As far as I can tell — although it’s not quite clear who did what — that guy Kevin Devine did a pretty great job of reversing this code. Nice one.
I’m impressed that there’s now an app which detects the static tables (S-boxes, constants etc.) used in crypto algorithms — that idea seems very clever in retrospect, hadn’t occurred to me.
Here’s a boards.ie thread where this exploit was discussed; there are plenty more details there, if you’re curious. It seems this has been quietly floating around back-channels since the start of September.
(By the way, am I missing something, or did Eircom ship unstripped binaries for the key generator library? I could swear that when I looked at the Boards thread earlier today, there was a cut-and-paste from IDA Pro listing a function prototype. Oh dear; if so, add that to the ‘case study’ list above. ;)
It seems Eircom are now recommending all customers switch to WPA — good luck with that, since it’ll break all those Nintendo DSes. That won’t be popular!