Why does OpenWrt still include the vulnerable RC4 encryption algorithm (TKIP cipher)?

Is WPA-TKIP also vulnerable?

Yes. We can break a WPA-TKIP network within an hour. More precisely, after successfully executing the attack, an attacker can decrypt and inject arbitrary packets sent towards a client. In general, any protocol using RC4 should be considered vulnerable.

What now?

The only good countermeasure is to stop using RC4.

The best way stop using people from using RC4 would be to strip it from the openwrt images completely like all major browsers (firefox, chrome , edge/ie) did already back in the year 2016.

Are people using it because it's available in OpenWRT?

there could be some iot device that may require it...

laptop with windows for example dropped support for it so in a normal and working case nobody would use it.

We can totally consider to disable it by default and provide an option to reenable it... but that would require for sure a discussion on the mailing list.

Is it even something that could currently be selected by default? Having briefly looked at the wifi options on my router it looks like something I'd have to specifically select if I did want to use it.

your suggestion was to drop support for it by default aka not compiling support for it in the firmware. With "disable by default" i mean not compiling it and providing an option to compile it if someone needs it he will have to build a custom firmware.

It may be the only option for devices with lower hardware capability like older hardware or IOT devices.
So a discussion on this would be recommended.

Some Internet of shit device? I don't really think so. Even a $1 esp12 module is capable of WPA2.

RC4 was used by WEP and is the default (TKIP) for WPA. Still WPA can also make use of CCMP (AES)

I'm not aware of ANY device that requires WPA-TKIP (RC4). Actually I'm only aware of devices that required WEP and couldn't handle any WPA (including the RC4 based TKIP). On the other hand every WPA capable device I'm aware of does not only work with WPA-TKIP and WPA-CCMP at the same time but all of them also have support for WPA2.

People often forget that WPA2 (2004?) was shortly released after WPA (2003?) and other than WEP it allowed a software update path for devices to make use of WPA2. Also (if I'm not mistaken) was it necessary to have WPA2 support when it was released because new devices weren't allowed to (only) support WPA then. So literally any device from the last 18 years should have at least support for WPA2.

Maybe there also could be a device which requires the over 20 year old WEP? Indeed, but could that be a reason to add WEP again to openwrt? No way I would say! Instead people can use a unencrypted (open) network because all devices support it - and now doubts about security too then!

Fun Fact: Ron’s Code 4 (RC4) from 1987 worked by the principle of "Security by Obscurity". :pinched_fingers:

If you go to your wifi settings and trust the (imho totally false claim) of using "medium security" encryption (WPA-PSK) and leave the default cipher on auto you will end up with TKIP (RC4).

image

Also there is a document from 2015 to be found on wi-fi.org which discourage the use of TKIP and advises to remove TKIP from all Wi-Fi devices.

(https://www.wi-fi.org/download.php?file=/sites/default/files/private/Wi-Fi_Alliance_Technical_Note_TKIP_v1.0.pdf)

3. Equipment vendors should proactively transition away from TKIP support by discouraging its use to their customer base, and removing the functionality in products as internal research indicates when their market no longer needs it.

For equipment vendors, Wi-Fi Alliance recommends that they discourage the use of TKIP in the short term, and ultimately remove TKIP from all Wi-Fi devices when their market no longer needs it.

1 Like

Charging this 7 year old thread one users claims he found a device (first released 1998 and with a 56k modem build in :muscle: ) that didn't support WPA2. On the other hand a very quick internet search reveals that some voices claimed this was fixed with an software update.

In any case I'm not sure how many people want to run like 24 years old hardware which is EOL since decades and combining it with wireless technology which is also EOL since decades - maybe that is more a "use case" for a museum?

I totally missed the discussion "dumping" 4/32 devices actually. Some ideas were raised like having a "tiny" flavor or something to still have at least basic/limited support (for example as a WDS repeater) but somewhat it just ended that there are no(?) security updates anymore (End-of-life "was" projected to March 2022.) for a new device I bought 5 years ago and which supported WPA2 out of the :package:.

Not sure why it needs a discussion to get rid of a vulnerable cipher suite that is 35 years old and shouldn't be used by any one.

https://c.tenor.com/GXgi36aVH3gAAAAd/confused-meme-confused.gif

However valid your point is, its always better to get other peoples opinions about it. A lot of times it enlightens.

1 Like

If you feel so strongly about this agenda, can i suggest you write a patch to remove the functionality, fling it at the mailing list, and i'm sure that will garner further discussion.

1 Like

You can suggest that obviously. But as it looks like there is more discussion needed (and I don't have the skills anyways) so I don't think it's a good time to do this already.

Maybe just put this thread on re-submission for 2025 and see if we get some enlightenment till then :+1:

1 Like

Or you could use the time to acquire the skills, apparently that is a topic close to your heart. :wink:

2 Likes

This is what I thought but I resisted to write that till the day the the collective have mercy to dumb this (since 10 years obsolete) cipher I might be even able to deliver the code for removal :joy:

While TKIP was intended to be at least relatively more secured than WEP, the standard has since been deprecated in the 2012 revision of Wi-Fi 802.11 after it was found to have glaring security loopholes that can be exploited by hackers without too much of a problem. That’s because TKIP uses the same underlying mechanism as WEP, and is hence, equally vulnerable to attacks.
https://beebom.com/tkip-vs-aes/

Another fun fact: The openwrt wiki actually mentions that WPA (defaults?) are not secure :point_down:

image
https://openwrt.ifw.cn/docs/guide-user/network/wifi/encryption

On the other hand most people probably will not bother to look into the wiki and trust the openwrt web ui which still states it is secure::

image

...but hopefully not much longer

Sorry for the rude message...

It was asked to AT LEAST write an email to the mailing list.
And still we are here flaming about this....

I will make a PR on Luci to change that to not secure. Again here it's user fault for using unsecure stuff... It's really like saying don't write your admin pass in the router what should we do? Enforce private key login?

1 Like

Don't spotted anything rude :wink:

Well, I have no idea how this mailing list stuff works nor how to register for it or something. It might be easier if this is addressed by someone who is already active (maybe even a dev?) and knows how that stuff works, can be something like:

"A forum user posted this threa [link] and pointed out if the vulnerable TKIP stuff can be removed. It is deprecated since 2012. What do other people on the mailing list think?"

For now I only saw one user flaming around (but not yet in this thread actually) :thinking:

:+1:

With that "idea" why does openwrt now ships with https by default? Why did openwrt got rid of wep? Why does openwrt has a strength check for the router password?

Because it is always desired to have it secure as possible (while at the same time easy as possible) by default (imho that includes to do don't even ship broken ciphers and also have a strength check for the wifi key).

That probably raises complexity for the average user (doesn't keep the principle "easy as possible"). But activating https by default and check the router password for strength at least raised the minimum standard :bulb:

Also I wonder what "discussions" took place that the collective could agree letting wep rest once and for all. Maybe some one got a link? Did found much discussion in the forum about that...

Pls leave comments there if you want to improve this.

4 Likes

Actually I found it now, it's archives are available here by the looks of it: https://lists.openwrt.ifw.cn/pipermail

Out of curiosity I searched it for the term WEP to see what discussion was necessary that everybody could agree on to don't ship it anymore by default.

Turns out there wasn't anything one could call a discussion to be found - the closest related thing was this here:

[OpenWrt-Devel] [PATCH 2/2] hostapd: disable support for Wired Equivalent Privacy by default

...
disabled as default, because WEP should not be used for anything anymore.
...
https://lists.openwrt.ifw.cn/pipermail/openwrt-devel/2020-May/028960.html

The same "should not be used for anything anymore" is true for TKIP.