Broadcom introduces shortcut for creating strong Wi-Fi Protected Access (WPA) keys without the fuss of memorizing long base-16 numbers: Broadcom's new method of guiding home users to create a WPA encryption key without having any technical knowledge has the unwieldy name of SecureEZSetup. But the name is more complicated than the technology: a simple two-step wizard in which users choose two out of four personal questions to answer from which a full-length 16-byte WPA key is generated. The user can then answer the questions the same way on another computer or enter the hexadecimal key for non-EZ systems for compatibility.
New or additional setup | Choosing and answering questions | Resulting key |
The first time you set up a router with SecureEZSetup, the key is stored in the router's configuration and in the local wireless adapter. The setup wizard allows you to save and print the information you entered, including the long hexadecimal key, for reference in configuring addition machines. The setup also assigns a unique SSID (network name) to the Wi-Fi gateway based on that gateway's MAC address.
SecureEZSetup has some similarities with Buffalo Technology's AOSS (AirStation OneTouch Secure System) which requires all Buffalo hardware to negotiate a lowest-common denominator encryption setting for the network. A Buffalo spokesperson said via email that Buffalo would support both systems, and allow their customers to choose whether to select AOSS or SecureEZSetup.
Jeff Abramowitz, senior director of marketing for wireless LAN technology, said that their customers, which integrate Broadcom chips into consumer and enterprise products, would start rolling out EZ into products as soon as in the next month, but more likely in upgrades destined for before the back-to-school period. He declined to say which companies initially plan support. Abramowitz said that the algorithm that drives the setup would be made available to incorporate into a standard, and that the front-end would be backward compatible for all of their shipping equipment.
Because the algorithm hasn't been open to public scrutiny, the possibility remains that a cracker could discover a method to precompute in finite time all or most possible keys based on all reasonable length answers to the four questions in each combination. Because WPA-PSK (pre-shared key) can be forced to reveal known data encrypted with the key that a cracker can then take and work on elsewhere, it is open to a dictionary attack. If the number of precomputed keys is sufficiently small to store (on the order of megabytes, not tens of gigabytes), there's the potential of a cracker using this algorithm to his or her advantage. I'm sure the encryption community will have more to say about this when their hashing algorithm hits the light of day.
Broadcom chose to deal with the application level of this problem because of the current obscurity in enabling encryption. "In most cases, I think the people that we've talked to they look at these screens and disable security," Abramowitz said. The company ships 71 percent of all 802.11g products at the retail level, he said, making it possible for them to roll out this new initiative and see significant uptake.
Abramowitz also noted that the EZ system could piggyback in the future on an initiative that Microsoft is working on to allow secure exchange of keys and other material through a USB flash drive. In that system, the user could generate the key on one machine, write it to the drive, and then use that to load the key on other systems. Microsoft employed a floppy drive version of that idea to distribute keys on their home wireless routers first generation. Broadcom is concerned that any distribution method for the keys is secure. "If it's not secure, then we've just blown half of the value," he said.
SecureEZSetup defeats two common problems with Wi-Fi security: first, convincing users to enable it by avoiding a WEP-like screen. Even Apple's relatively simple interface for entering a security key on their gateway requires the user to choose from one of four options, including the non-standards-named WPA Personal and WPA Enterprise (WPA-PSK and WPA over RADIUS, respectively).
Second, because Broadcom generates a long WPA key, they avoid the WPA key weakness which would allow a key that is comprised entirely of dictionary words and is 20 characters or fewer in length potentially to be broken through an offline attack. (No documented software exists that performs this crack, but it's not an issue of when but if since the weakness is well documented.)
Broadcom is also introducing a new chipset that combines and reconfigures some elements of their radio and processing circuitry to reduce the cost of manufacture while extending range. The tradeoff for range is speed, but Abramowitz said that users are willing to exchange more distance for lower speed because the speed is typically far above the home broadband connection speed.
Abramowitz promised future developments of a similar nature to improve Wi-Fi's usability by home users. This is "the first of what we expect will be several deliveries by us to advance state-of-the-art Wi-Fi connectivity."