D-Link exposes WiFi routers with new 'security feature'
It's not a lock. It's a key
A new security feature added to some D-Link wireless routers actually makes users more susceptible to network intrusion, according to a hacker blog, which provides enough evidence to be taken seriously.
Manufacturer D-Link was still busy congratulating itself for adding a CAPTCHA designed to prevent malware bots from logging on to the devices when folks at the SourceSec Security Research blog showed how the upgrade could be manipulated to steal a WPA (or Wi-Fi protected access) password without even bothering to solve the test.
That's because the new firmware logs in using a GET request containing a salted MD5 hash of the password, along with with input that's unique to the CAPTHCHA image. It turns out all that's required to access the router's setup page is the hash, so the feature provides an easy way for anyone within range to access the panel that controls all kinds of sensitive settings and contains the WPA password.
What's more, the new firmware allows even those with user-level access the ability to log in to the control panel, so an attacker need not have administrative credentials to perform the attack.
When we learned earlier this week that D-Link added the CAPTCHA to some of its home and office routers, we dismissed it as little more than a gimmick designed to lull inattentive consumers into a false sense of security. After all, it does nothing that couldn't be achieved by taking 30 seconds to change the default password to a phrase that's strong and unique.
Now we learn that it can actually make it easier for people within range to sneak into private sections of a network and uses the notoriously insecure MD5 hash to boot. Now that's something worth writing about. ®
Good article. People will have to take protecting their privacy into their own hands. A great tool I found for WiFi security is Covert Surfer. It is a software application that is designed to encrypt your Internet connection wherever you are at. It also prevents cookies from collecting information about you as well. You can operate completely from a flash drive so you can use it on multiple computers. Smart Computing Magazine just did a great review on it. I found it at www.covertsurfer.com
Use of salt versus complexity
The reason extra entropy is added to a password prior to hashing ( the crypt system call which performs this hashing has a parameter called salt with exactly this purpose) is to increase the required rainbow table size needed to crack the hashed result. Personally I doubt that using 2 hash algorithms in sequence is as effective as using the stronger of the 2 and a long and random salt. This is because a good rule of thumb to follow (Bruce Schneier's rule ?) is that complexity is the enemy of security and simplicity is its friend. Combining a known weak and a considered to be strong hash with similar objectives in mind, in my understanding is more likely to lead to design errors resulting in vulnerabilities.
SHA1 is now thought to have weaknesses, not yet known to have been exploited, though based on the history of MD5 these are likely to be exploitable in future. So some variant of SHA2 is probably now preferred, e.g. SHA512. For comparative information about the SHA family of hash functions see: http://en.wikipedia.org/wiki/SHA_hash_functions .
Also for many purposes a system using a weak hash algorithm and password is likely to be secure enough if the attacker can't obtain a copy of the hashed password and many repeated failed login attempts in a short period are logged and blocked. For similar reasons your home probably doesn't need a bank vault style lock and multilayer fireproof reinforced steel front door. There is very little entropy in your banking PIN, but banks having to balance user support against fraud costs seem to prefer people to have short PINs they can easily remember without having to write these down.
"The problem is is that there is still an md5 or sha1 hash to rainbow table with, and though your password may be crazy complex and impossible to brute force with reasonable hardware, the hash may still collide with the hash for dog."
That's true. For every hash, there will always be collisions. The point of my comment was that a cracker would not be able to use a rainbow table to find a collision. The end result would be that the cracker would need to brute-force to find a collision (either trying to brute-force the authentication algorithm, or by creating a new rainbow table using the authentication algorithm).
So, if anyone is still reading these comments, how about this:
1. Take the user's password, append a piece of non-changing data, and generate the MD5 hash of the concatenated string.
2. Take the MD5 hash, append the user's password, and append a piece of non-changing data, then generate the SHA1 hash of the concatenated string.
3. Store the MD5 hash and the SHA1 hash as the user's authentication tokens.
Because the two hashes are not derived from identical strings, a cracker could not find matching collisions to get the original password.