- Sep 15, 2008
- 5,052
- 195
- 116
How I cracked my neighbor's WiFi password without breaking a sweat
- Thread starter Chiefcrowe
- Start date
VirtualLarry
No Lifer
- Aug 25, 2001
- 56,570
- 10,202
- 126
VirtualLarry
No Lifer
- Aug 25, 2001
- 56,570
- 10,202
- 126
Verizon still deploys FIOS installs with a wifi router pre-configured for WEP, with the passcode printed on the bottom of the router.
- Sep 15, 2008
- 5,052
- 195
- 116
The last 2 people I saw with FIOS who just got it recently, had it preconfigured for WPA2, so I think they are finally getting the idea..
ussfletcher
Platinum Member
- Apr 16, 2005
- 2,569
- 2
- 81
lxskllr
No Lifer
- Nov 30, 2004
- 58,990
- 9,339
- 126
VirtualLarry
No Lifer
- Aug 25, 2001
- 56,570
- 10,202
- 126
I did, until the neighbors started torr3nting, and I couldn't even use my own DSL connection.
lxskllr
No Lifer
- Nov 30, 2004
- 58,990
- 9,339
- 126
DSL's a meager resource to share. I wouldn't be as inclined to leave it open on DSL. Setting aggressive QOS on the router could help, but DSL's barely acceptable for one person, much less multiple people.
That's a pretty bold statement to make. I get between 10 and 20 Mbps on VDSL (att Uverse)...I don't see how that's "barely acceptable".
lxskllr
No Lifer
- Nov 30, 2004
- 58,990
- 9,339
- 126
I haven't been following the tech that closely, and didn't know DSL went that fast. Might be due to my local experience. I think it tops out around 3mbps around here.
20 is petty robust. I use cable and only just recently bumped from 8Mbps up to 15Mbps, though for some reason they doubled my upstream which was nice for my FTP and Minecraft servers. My old D-Link only supports WPA. I've been looking at current models recently. I'm taking CISSP soon and it's opened my eyes and interesting this type of stuff. I had a really terrible setup before. I would only deter he people that stop trying when they see the lock icon, lol
Jeffg010
Diamond Member
- Feb 22, 2008
- 3,435
- 1
- 0
So the moral of the story is not to use Wireless? I run all wire in my house.
and below was a comment that states it does not even matter what your passkey is.
"This is all well and good, but one thing to keep in mind: if you have WiFi Protected Setup (WPS) enabled on your router (and you likely do if you bought a router in the past 4-5 years), it makes no difference how long or complex your WPA/WPA2 passkey is. If it is enabled, WPS can be easily cracked within 24 (or less in many cases) hours by breaking down the 8-character PIN into 2 halves, and cracking those halves. The 8th digit is actually a checksum of the first 7, so really you only have to guess the first 7. This amounts to 11,000 (!) possible combinations. Once cracked, your program of choice can request the full, unencrypted, plaintext WPA/WPA2 passkey, without ever having to touch it.
Oh, and this can all be done with free, open-source, readily available software, and requires very little hardware power.
Edit: Also, looking at the screen cap of the list of APs - many of them show WPS(ON). This makes an even stronger case for WPS cracking, as it takes less time, and you don't have to buy expensive software or spend lots of money on renting out EC2 servers to crack the WPA passkey."
and below was a comment that states it does not even matter what your passkey is.
"This is all well and good, but one thing to keep in mind: if you have WiFi Protected Setup (WPS) enabled on your router (and you likely do if you bought a router in the past 4-5 years), it makes no difference how long or complex your WPA/WPA2 passkey is. If it is enabled, WPS can be easily cracked within 24 (or less in many cases) hours by breaking down the 8-character PIN into 2 halves, and cracking those halves. The 8th digit is actually a checksum of the first 7, so really you only have to guess the first 7. This amounts to 11,000 (!) possible combinations. Once cracked, your program of choice can request the full, unencrypted, plaintext WPA/WPA2 passkey, without ever having to touch it.
Oh, and this can all be done with free, open-source, readily available software, and requires very little hardware power.
Edit: Also, looking at the screen cap of the list of APs - many of them show WPS(ON). This makes an even stronger case for WPS cracking, as it takes less time, and you don't have to buy expensive software or spend lots of money on renting out EC2 servers to crack the WPA passkey."
It's up to 24Mbit in the UK on ADSL2, but it depends on line quality and you need to be a few hundred meters from the exchange or less to get max speed, it drops off really fast, even inner city folks get pretty lame speeds of 10-15Mbit.
Fibre is the way to go, or what I have which is hybrid fibre coax cable from Virgin Media, 50mbit soon to be 120Mbit.
Fibre is the way to go, or what I have which is hybrid fibre coax cable from Virgin Media, 50mbit soon to be 120Mbit.
I don't think there are problems with WPA2, its only WPS that needs to be turned off.
MrColin
Platinum Member
- May 21, 2003
- 2,403
- 3
- 81
It is crackable with freely available software. Using paid software and services it takes less time.
Yes there are free crackers easily available but WPA2 PSK is not broken as WEP so brute forcing with cloud services is still impractical if the password is long enough.
http://www.tomshardware.com/reviews/wireless-security-hack,2981-8.html
http://www.tomshardware.com/reviews/wireless-security-hack,2981-10.html
The passwords he captured were all lower case, plain jane type passwords. I'd like to see what he does with something we can think up.
something like: .@ssw0rd:1s:N0t:Th3
FYI, that's not one of my passwords
Password complexity is irrelevant with the WPS weakness, you don't attack the password you attack the unique WPS ID of the router which is essentially a 7 length numeric only key, it's something like 11,000 different combinations, once you've got it the auth info is sent directly back to you.
ch33zw1z
Lifer
- Nov 4, 2004
- 39,015
- 19,695
- 146
I read it as though he wasn't attacking WPS, but the authentication itself.
I only mentioned WPS because the previous poster in my OP mentioned that wireless was risky which it isn't, well relatively speaking.
The article in the OP did not reveal any major problems in the WPA/WPA2 protocol, it was talking about cloud cracking WPA/WPA2 12 and 14 char (all lowercase) passwords in seconds. The passwords were weak because they used common words in the dictionary. WPA2 is quite secure since it uses salting and key stretching, its not that great now (with gpgpu and cloud cracking) but should be reasonably secure with long passwords which it supports - up to 63 or 64 char. I'd be worried if routers truncate long passwords in the encryption but that is a different matter.
The article in the OP did not reveal any major problems in the WPA/WPA2 protocol, it was talking about cloud cracking WPA/WPA2 12 and 14 char (all lowercase) passwords in seconds. The passwords were weak because they used common words in the dictionary. WPA2 is quite secure since it uses salting and key stretching, its not that great now (with gpgpu and cloud cracking) but should be reasonably secure with long passwords which it supports - up to 63 or 64 char. I'd be worried if routers truncate long passwords in the encryption but that is a different matter.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 19K
-
-
-
Facebook
Twitter