Wednesday, August 25, 2010

12 bits of default entropy for Speedport WPA routers

The H has reported that the default WPA key settings for the Speedport W 700V ADSL Wi-Fi routers are weak since at most 4096 guesses are required to recover the key. The key is mostly populated with a collection of fixed fields (for example keys always begin with the prefix "SP-") and other public information such as the MAC address of the router. The devices are apparently supported by all major German Telecoms, and presumably popular amongst the 26 million or so German households that have wireless. Of course the owners of the routers can change the default WPA key, but its a safe bet to assume that most people probably need to be reminded of this precaution. Germany's top criminal court recently made it illegal to offer wireless services that are not protected by a password, which is not a good sign that strong passwords are the norm.