Separate names with a comma.
Discussion in 'Security' started by Chiefcrowe, Aug 28, 2012.
Interesting read, perhaps I should change my WiFi passwords!
Interesting. I was expecting it to be yet another article about how WEP is a joke.
Verizon still deploys FIOS installs with a wifi router pre-configured for WEP, with the passcode printed on the bottom of the router.
The last 2 people I saw with FIOS who just got it recently, had it preconfigured for WPA2, so I think they are finally getting the idea..
Interesting read. Would have been better if he was able to do it using free pcap software as opposed to a $2,500 piece of software
Ha, that must be why I see so many WEP networks in my neighborhood.
Only made easier by WPS.
I just slip my neighbor a $10 every month.
Or leave it open as a community service ;^)
I did, until the neighbors started torr3nting, and I couldn't even use my own DSL connection.
DSL's a meager resource to share. I wouldn't be as inclined to leave it open on DSL. Setting aggressive QOS on the router could help, but DSL's barely acceptable for one person, much less multiple people.
That's a pretty bold statement to make. I get between 10 and 20 Mbps on VDSL (att Uverse)...I don't see how that's "barely acceptable".
I haven't been following the tech that closely, and didn't know DSL went that fast. Might be due to my local experience. I think it tops out around 3mbps around here.
20 is petty robust. I use cable and only just recently bumped from 8Mbps up to 15Mbps, though for some reason they doubled my upstream which was nice for my FTP and Minecraft servers. My old D-Link only supports WPA. I've been looking at current models recently. I'm taking CISSP soon and it's opened my eyes and interesting this type of stuff. I had a really terrible setup before. I would only deter he people that stop trying when they see the lock icon, lol
So the moral of the story is not to use Wireless? I run all wire in my house.
and below was a comment that states it does not even matter what your passkey is.
"This is all well and good, but one thing to keep in mind: if you have WiFi Protected Setup (WPS) enabled on your router (and you likely do if you bought a router in the past 4-5 years), it makes no difference how long or complex your WPA/WPA2 passkey is. If it is enabled, WPS can be easily cracked within 24 (or less in many cases) hours by breaking down the 8-character PIN into 2 halves, and cracking those halves. The 8th digit is actually a checksum of the first 7, so really you only have to guess the first 7. This amounts to 11,000 (!) possible combinations. Once cracked, your program of choice can request the full, unencrypted, plaintext WPA/WPA2 passkey, without ever having to touch it.
Oh, and this can all be done with free, open-source, readily available software, and requires very little hardware power.
Edit: Also, looking at the screen cap of the list of APs - many of them show WPS(ON). This makes an even stronger case for WPS cracking, as it takes less time, and you don't have to buy expensive software or spend lots of money on renting out EC2 servers to crack the WPA passkey."
It's up to 24Mbit in the UK on ADSL2, but it depends on line quality and you need to be a few hundred meters from the exchange or less to get max speed, it drops off really fast, even inner city folks get pretty lame speeds of 10-15Mbit.
Fibre is the way to go, or what I have which is hybrid fibre coax cable from Virgin Media, 50mbit soon to be 120Mbit.
I don't think there are problems with WPA2, its only WPS that needs to be turned off.
It is crackable with freely available software. Using paid software and services it takes less time.
Yes there are free crackers easily available but WPA2 PSK is not broken as WEP so brute forcing with cloud services is still impractical if the password is long enough.
The passwords he captured were all lower case, plain jane type passwords. I'd like to see what he does with something we can think up.
something like: .@ssw0rd:1s:N0t:Th3@ssw0rd:.
FYI, that's not one of my passwords
Password complexity is irrelevant with the WPS weakness, you don't attack the password you attack the unique WPS ID of the router which is essentially a 7 length numeric only key, it's something like 11,000 different combinations, once you've got it the auth info is sent directly back to you.
I read it as though he wasn't attacking WPS, but the authentication itself.
I only mentioned WPS because the previous poster in my OP mentioned that wireless was risky which it isn't, well relatively speaking.
The article in the OP did not reveal any major problems in the WPA/WPA2 protocol, it was talking about cloud cracking WPA/WPA2 12 and 14 char (all lowercase) passwords in seconds. The passwords were weak because they used common words in the dictionary. WPA2 is quite secure since it uses salting and key stretching, its not that great now (with gpgpu and cloud cracking) but should be reasonably secure with long passwords which it supports - up to 63 or 64 char. I'd be worried if routers truncate long passwords in the encryption but that is a different matter.