jjoshua Premium Member join:2001-06-01 Scotch Plains, NJ |
jjoshua
Premium Member
2008-Oct-10 9:23 am
Don't botherDon't secure your wireless network. Encrypt all traffic using a VPN. Deny all other wireless traffic.
If you need security, use a wired network. |
|
|
That's not a realistic solution. Of course, if wireless encryption, WEP is easily cracked by any desktop in a matter of minutes. WAP has always been crackable, given enough processing power and a big enough data set. Of course, if that 1000 hour crack could be done in 6 minutes with an NVIDIA graphics card, that would be a game changer. But what are the options available? Assuming a regular PC would take about 5 months to brute force a 13 character key, using an Nvidia card would take that to about 45 minutes. Heck, I've got 45 minutes to waste outside an office building, do you? |
|
Matt3All noise, no signal. Premium Member join:2003-07-20 Jamestown, NC |
Matt3
Premium Member
2008-Oct-10 9:42 am
I believe itJust look at how much faster your GPU is at Folding@Home or encoding a video. A DVD to WMV conversion on my E6750 takes close to 48 hours due to the upconversion to 720p. It takes 1 hour and 45 using my 9600GT.
GPUs are great at tasks that can utilize massively parallel architectures. |
|
maartenaElmo Premium Member join:2002-05-10 Orange, CA |
to karlmarx
Re: Don't bothersaid by karlmarx:That's not a realistic solution. Not for homes. But for offices it is. As a matter of fact my employer does not allow ANY wireless connection out of security reasons. We work with sensitive data and have to conform to bank-industry security standards. (We aren't a bank though). The only wireless option we have considered, and isn't too hard to implement.... is using VPN. It wouldn't be too hard to install the VPN client we already use on our laptops, (which most have installed anyways as they take it home) and have them logon to a VPN before they can access *anything* on the network. For offices VPN implementation isn't too difficult. And you can actually leave your wireless access points completely open, they only thing people will be able to reach on your network..... is a VPN server. |
|
|
1 recommendation |
Not again...You know this stuff is really starting to *bug* me. Left and right I always see "WEP insecure don't use it", blah blah blah. Anyone with fingers and more than 2 braincells to rub together will realize you can't just crack wireless APs with off the shelf wireless cards (at least the vast majority). That means that your neighbor is probably not going to be a "WEP cracker", so its safe to use WEP in a residential area. I'll bet anyone's neighbor here probably only knows the basics of Word. I would use something more industrial in a apartment area though; as since your signal can encompass more people...but in a urban/rural residential area where there is considerate amount of space between houses WEP is enough to keep the average doodle head from connecting to your wifi and thinking its his. But again why are we even talking about this when the vast majority of people don't even use any protection at all! (Just walk down your street with your laptop, I'll bet you will find at least one open AP with a internet connection.)
I am NOT saying it isn't hackable, but for the amount of time it takes...I think some "researchers" are stretching the truth. Somehow I doubt someone can crack a 128bit wep key in a matter of minutes on the average laptop. And for the people that say that WEP is really insecure...again in an urban/rural area is there actually people going around *wasting* their time sitting in a car just to see if they can crack your WEP key? If they are I haven't seen any. If anything they would be driving around trying to find an open wifi AP. |
|
AVDRespice, Adspice, Prospice Premium Member join:2003-02-06 Onion, NJ |
AVD
Premium Member
2008-Oct-10 10:09 am
said by k1ll3rdr4g0n:You know this stuff is really starting to *bug* me. Left and right I always see "WEP insecure don't use it", blah blah blah. Anyone with fingers and more than 2 braincells to rub together will realize you can't just crack wireless APs with off the shelf wireless cards (at least the vast majority). You mean the vast majority of G cards cant go into promiscuous mode, but I'm sure you can get lots of hardware out there on the internet that can. WEP is dead. obsolete. |
|
jmn1207 Premium Member join:2000-07-19 Sterling, VA 1 edit |
jmn1207
Premium Member
2008-Oct-10 10:36 am
said by AVD:You mean the vast majority of G cards cant go into promiscuous mode, but I'm sure you can get lots of hardware out there on the internet that can. WEP is dead. obsolete. Probably so, but it's perfect for making sure the old retired couple next door doesn't accidentally connect to my wireless network, and it still allows the fastest transfer speeds considering the tiny overhead it creates. We are talking about your neighbors with a few Dell computers that have very little understanding of networking protocols. WEP is an obsolete security measure, but it can be used to prevent a neighbor from inadvertently hijacking your connection, while still making it simple for your guests to be able to connect without having to delve into the router's advanced feature settings. |
|
kamm join:2001-02-14 Brooklyn, NY 1 edit |
to k1ll3rdr4g0n
said by k1ll3rdr4g0n:You know this stuff is really starting to *bug* me. Left and right I always see "WEP insecure don't use it", blah blah blah. Anyone with fingers and more than 2 braincells to rub together will realize you can't just crack wireless APs with off the shelf wireless cards (at least the vast majority). That means that your neighbor is probably not going to be a "WEP cracker", so its safe to use WEP in a residential area. I'll bet anyone's neighbor here probably only knows the basics of Word. I would use something more industrial in a apartment area though; as since your signal can encompass more people...but in a urban/rural residential area where there is considerate amount of space between houses WEP is enough to keep the average doodle head from connecting to your wifi and thinking its his. But again why are we even talking about this when the vast majority of people don't even use any protection at all! (Just walk down your street with your laptop, I'll bet you will find at least one open AP with a internet connection.) I am NOT saying it isn't hackable, but for the amount of time it takes...I think some "researchers" are stretching the truth. Somehow I doubt someone can crack a 128bit wep key in a matter of minutes on the average laptop. And for the people that say that WEP is really insecure...again in an urban/rural area is there actually people going around *wasting* their time sitting in a car just to see if they can crack your WEP key? If they are I haven't seen any. If anything they would be driving around trying to find an open wifi AP. Jesus, sweet ignorance. I bet you live in some remote place - visit NYC and you'll realize nobody has to go to anywhere, I can see 10+ wifi connection in my home and I live in nice brownstone area, on the corner of the best park in NYC, not in a multi-dwelling apt building area where literally hundreds of wifi APs are within connection range... WEP is fuckin dead. Use it in any urban area and you get your @ss owned within days. |
|
kamm |
to jmn1207
said by jmn1207:said by AVD:You mean the vast majority of G cards cant go into promiscuous mode, but I'm sure you can get lots of hardware out there on the internet that can. WEP is dead. obsolete. Probably so, but it's perfect for making sure the old retired couple next door doesn't accidentally connect to my wireless network, and it still allows the fastest transfer speeds considering the tiny overhead it creates. We are talking about your neighbors with a few Dell computers that have very little understanding of networking protocols. WEP is an obsolete security measure, but it can be used to prevent a neighbor from inadvertently hijacking your connection, while still making it simple for your guests to be able to connect without having to delve into the router's advanced feature settings. This is the type of soft nonsense that gives people some ver false sense of security - it's BS, sorry, people should drop WEP altogether, period. |
|
|
jmn1207 Premium Member join:2000-07-19 Sterling, VA |
jmn1207
Premium Member
2008-Oct-10 10:53 am
I would drop the wireless security altogether, but it keeps out innocent neighbors. I live in a suburb of DC and only see 1 other wireless network out there. We have big lawns with lots of space around us, it probably is not anything like Brooklyn. The street I live on has no passing traffic and the house is adjacent to a hiking trail and creek. WEP is perfect for me. |
|
AVDRespice, Adspice, Prospice Premium Member join:2003-02-06 Onion, NJ |
AVD to jmn1207
Premium Member
2008-Oct-10 10:56 am
to jmn1207
said by jmn1207:We are talking about your neighbors with a few Dell computers that have very little understanding of networking protocols. WEP is an obsolete security measure, but it can be used to prevent a neighbor from inadvertently hijacking your connection, while still making it simple for your guests to be able to connect without having to delve into the router's advanced feature settings. AES is faster since encryption is done in hardware. WEP keys are the most confusing system out the, hex keys in rotation. You can use a text passphrase to generate the WEP keys, but there is no guarantee that these text passphrases generate the same key amoung vendors. Setting up WEP or WPA otherwise requires the same configuration effort in terms of configuring the router. |
|
jmn1207 Premium Member join:2000-07-19 Sterling, VA |
jmn1207
Premium Member
2008-Oct-10 10:59 am
Well, WPA was significantly slower in my experience with the equipment we mostly used. And of these two, if anyone really was interested in hacking into my network, neither would be worth a crap. So I went with the fastest performer of the 2 I had available. |
|
|
jhegfwsa56 to kamm
Anon
2008-Oct-10 11:16 am
to kamm
The correct word is minutes not days WEP can be cracked in way less than an hour with REGULAR hardware available at ANY store just pick the right model and that's it. Every store probably have at least two models ready to crack you POS WEP encryption. |
|
|
to kamm
said by kamm:This is the type of soft nonsense that gives people some ver false sense of security - it's BS, sorry, people should drop WEP altogether, period. WEP isn't security, its avoidance. If someone has the time they will get in easily, but it will keep the vast majority of problems away. |
|
patcat88 |
to kamm
said by kamm:Jesus, sweet ignorance. I bet you live in some fuckin remote place - visit NYC and you'll realize nobody has to go to anywhere, I can see 10+ wifi connection in my home and I live in nice brownstone area, on the corner of the best park in NYC, not in a multi-dwelling apt building area where literally hundreds of wifi APs are within connection range... ...outside of your shack WEP is fuckin dead, try to understand it. Use it in any urban area and you get your @ss owned within days. Union Square (NYC), each corner of the park has 250 APs visible, chance of connecting to any of them, zero b/c of noise levels. |
|
|
Secure
Anon
2008-Oct-10 12:42 pm
A secure wireless connectionAll I hear about is people cracking what is being done to prevent or create a more secure wireless experience? What about Quantum cryptography why can't that be implemented in wireless devices? » www.theinquirer.net/gb/i ··· lly-safeAt least make it a waste of time for users trying to freeload or conduct illegal activity, make it more difficult for them to crack it say 3 hours and then have your key or pass phrase rotated every hour and make you log in each session or something like that. Would it be worth a hackers trouble to hack into a system when they will loose the lease in less than an hour? With a better defense 2 or 3 hours would make it useless for a hacker to try and pick on your network nothing to see here move on approach. I would like to learn how to break the encryption so I can learn how to try and come up with a solution or at least see what steps I could take to make it take longer to crack. Eventually enough people will be aware of the security holes and may decide to go wired as the safe way until the community of Genius figures out a way to make it a little more safe give us more time to track these intrusive bugs tools ect.. |
|
|
If a GPU can be used to decrypt....why hasn't someone come with a method for a GPU to ENcrypt as well?
Sounds like it may be time to have a box acting as an AP that, once (honest) clients have successfully connected, be able to auto-generate and update the new encryption every xx minutes?
Or, maybe its time the average Joe stops being so damned lazy about their access security... |
|
AVDRespice, Adspice, Prospice Premium Member join:2003-02-06 Onion, NJ |
to patcat88
Re: Not again...said by patcat88:said by kamm:Jesus, sweet ignorance. I bet you live in some fuckin remote place - visit NYC and you'll realize nobody has to go to anywhere, I can see 10+ wifi connection in my home and I live in nice brownstone area, on the corner of the best park in NYC, not in a multi-dwelling apt building area where literally hundreds of wifi APs are within connection range... ...outside of your shack WEP is fuckin dead, try to understand it. Use it in any urban area and you get your @ss owned within days. Union Square (NYC), each corner of the park has 250 APs visible, chance of connecting to any of them, zero b/c of noise levels. A directional antenna cuts through all of that. |
|
jjoshua Premium Member join:2001-06-01 Scotch Plains, NJ |
to Secure
Re: A secure wireless connectionsaid by Secure :
What about Quantum cryptography why can't that be implemented in wireless devices? I believe that quantum cryptography uses photons, not electromagnetism. |
|
BIGMIKEQ Premium Member join:2002-06-07 Gainesville, FL |
to jjoshua
Re: Don't botherInsecure.org Top 100 Network Security Tools In 2000, Fyodor, creator of the NMap Scanner, conducted a survey of the readers of the nmap-hackers mailing list and compiled the Top 50 Security Tools. » netsecurity.about.com/od ··· htm?rd=1» sectools.org/index.html |
|
beaups join:2003-08-11 Hilliard, OH |
to jhegfwsa56
Re: Not again...I can crack 64 bit WEP in 1 minute and 128 bit in 5 tops. And the hidden ssid and MAC filtering is a joke and adds all of another 60 seconds to the process.
One real problem with wireless security is that "many" people feel it's only a tool to keep people from stealing their internet. Once your security is defeated, they can capture all of your online activity...this can be a big identity theft issue, or worse.
WPA (2) is the way to go with a long, very random password that contains no actual words. And it should be changed every couple days IMO |
|
beaups |
to blueeyesm
Re: If a GPU can be used to decrypt..most routers don't have a GPU |
|
|
Re: Not again...said by AVD:said by k1ll3rdr4g0n:You know this stuff is really starting to *bug* me. Left and right I always see "WEP insecure don't use it", blah blah blah. Anyone with fingers and more than 2 braincells to rub together will realize you can't just crack wireless APs with off the shelf wireless cards (at least the vast majority). You mean the vast majority of G cards cant go into promiscuous mode, but I'm sure you can get lots of hardware out there on the internet that can. WEP is dead. obsolete. I'm sure too, but what is the average person going to do? Little Johny's dad isn't going to special order a card over the internet, hes going to walk in to bestbuy and grab a card off the shelf (if not already integrated). Remember I'm not talking about Big Johny with daddy's credit card, I'm talking about the average person. If WEP is dead then why did Nintendo "embrace" it with the Nintendo DS? said by kamm:said by k1ll3rdr4g0n:You know this stuff is really starting to *bug* me. Left and right I always see "WEP insecure don't use it", blah blah blah. Anyone with fingers and more than 2 braincells to rub together will realize you can't just crack wireless APs with off the shelf wireless cards (at least the vast majority). That means that your neighbor is probably not going to be a "WEP cracker", so its safe to use WEP in a residential area. I'll bet anyone's neighbor here probably only knows the basics of Word. I would use something more industrial in a apartment area though; as since your signal can encompass more people...but in a urban/rural residential area where there is considerate amount of space between houses WEP is enough to keep the average doodle head from connecting to your wifi and thinking its his. But again why are we even talking about this when the vast majority of people don't even use any protection at all! (Just walk down your street with your laptop, I'll bet you will find at least one open AP with a internet connection.) I am NOT saying it isn't hackable, but for the amount of time it takes...I think some "researchers" are stretching the truth. Somehow I doubt someone can crack a 128bit wep key in a matter of minutes on the average laptop. And for the people that say that WEP is really insecure...again in an urban/rural area is there actually people going around *wasting* their time sitting in a car just to see if they can crack your WEP key? If they are I haven't seen any. If anything they would be driving around trying to find an open wifi AP. Jesus, sweet ignorance. I bet you live in some remote place - visit NYC and you'll realize nobody has to go to anywhere, I can see 10+ wifi connection in my home and I live in nice brownstone area, on the corner of the best park in NYC, not in a multi-dwelling apt building area where literally hundreds of wifi APs are within connection range... WEP is fuckin dead. Use it in any urban area and you get your @ss owned within days. Yes! Another person who doesn't read posts! If you read my post I said that you should something else in an apartment area. And I like the use of "curse" words...hmmm. Oh and btw, I have been using WEP for years and no one ever got into my APs, what do you say to that? (I live in an urban/rural area like I talked about in my post...). said by kamm:said by jmn1207:said by AVD:You mean the vast majority of G cards cant go into promiscuous mode, but I'm sure you can get lots of hardware out there on the internet that can. WEP is dead. obsolete. Probably so, but it's perfect for making sure the old retired couple next door doesn't accidentally connect to my wireless network, and it still allows the fastest transfer speeds considering the tiny overhead it creates. We are talking about your neighbors with a few Dell computers that have very little understanding of networking protocols. WEP is an obsolete security measure, but it can be used to prevent a neighbor from inadvertently hijacking your connection, while still making it simple for your guests to be able to connect without having to delve into the router's advanced feature settings. This is the type of soft nonsense that gives people some ver false sense of security - it's BS, sorry, people should drop WEP altogether, period. Why? Because you say so? Because the neighborhood tech guy says so? Because geek squad says so? If it works in residental areas, why should they use anything different? Oh I know because everyone has bought a wireless card from the internet that can go into "promiscuous mode" right? Better watch out your neighbor might also be a computer hacker too! said by jhegfwsa56 :The correct word is minutes not days WEP can be cracked in way less than an hour with REGULAR hardware available at ANY store just pick the right model and that's it. Every store probably have at least two models ready to crack you POS WEP encryption. Really? So I can go pickup a Linksys G card and I'm set? said by patcat88:said by kamm:This is the type of soft nonsense that gives people some ver false sense of security - it's BS, sorry, people should drop WEP altogether, period. WEP isn't security, its avoidance. If someone has the time they will get in easily, but it will keep the vast majority of problems away. I think you just proved what I was saying. Is someone really going to sit outside your house with their laptop just to get into your network? I think we should all rethink what we are talking about. jmn1207 has the right idea: said by jmn1207:Well, WPA was significantly slower in my experience with the equipment we mostly used. And of these two, if anyone really was interested in hacking into my network, neither would be worth a crap. So I went with the fastest performer of the 2 I had available. If someone REALLY WANTS to get into a network, they will find a way. I don't care about time, if someone is dead set into getting into your network (wireless or not) they will get into it. Majority of technology out there will keep the script kiddies at bay, but a hard veteran that knows what he is doing will get into your WEP/WPA/WPA2 network. But the same arugment I made eariler can be applied again: What does the average person have and know? The average person doesn't know jack about computers. Is the average person actually going to go out of their way just to learn how to crack your wireless? Possiblly, if you piss them off or something...but generally not. Everyone here is treating the average person as some script kiddie who has access to their parents credit card, which this is NOT the case. If it was, then how come entities like geek squad are able to make so much money off of people (and charge ungodly rates to do it)? |
|
swhx7 Premium Member join:2006-07-23 Elbonia |
to blueeyesm
Re: If a GPU can be used to decrypt..There may be some reason against your suggestion that I don't know about, but it really seems like a good idea. The whole point of modern cryptography is that encrypting is many orders of magnitude faster than decrypting without a key, and the obstacle to wider use has been computation time, so if the GPU is well suited to breaking crypto, it should make strengthening crypto trivial.
Even better would be a dedicated crypto chip as standard equipment on PCs. This was one goal of the "trusted computing" scheme, but unfortunately those chips deny the owner access to the root key, which makes it a DRM chip instead of security for the owner. But a variation of the concept, with owner control, could make wireless encryption as close to unbreakable as anything in use today. I think VIA has made one that fits the description. |
|
AVDRespice, Adspice, Prospice Premium Member join:2003-02-06 Onion, NJ |
to k1ll3rdr4g0n
Re: Not again...Why encrypt? If you want to keep the old lady off your network just turn of your SSID and mac filter. |
|
dentman42 Premium Member join:2001-10-02 Columbus, OH |
to beaups
Re: If a GPU can be used to decrypt..said by beaups:most routers don't have a GPU Sure they do. A wireless-G Processing Unit. |
|
|
pooperscooper
Anon
2008-Oct-10 5:57 pm
jjoshuaWhat do you think photons are made out of exactly? |
|
|
Scare Tactics Note that "an astonishing 10,000 percent" is a somewhat less astonishing 100 times, and represents a search space reduction of less than 7 bits. This is compared to 128 key bits for WPA and 256 key bits for WPA2. For users with long random keys, any straightforward computational improvement (such as huge banks of massively parallel machines) is insignificant. The problem is to get people to take advantage of the available key bits by using long random keys which nobody can remember. One solution may be to introduce users to a key manager (like Password Safe) on a flash drive. WEP is "broken" in the sense that it may be faster to use modern attack tools to expose a WEP key than to copy it over manually. |
|
Pv8man join:2008-07-24 Hammond, IN |
Pv8man
Member
2008-Oct-10 7:31 pm
256 bitI can crack 256 bit WEP in under an hour WITHOUT a NVidia card, by using the chop-chop attack built into aircrack-ng suite that comes with backtrack3.
You can keep sending forged authentication packets to the AP in an attempt to keep your MAC active.
But for those of you who say just use a MAC filter. Your MAC address could easily be seen in the air and spoofed, right after you de-auth the original client of whom you are cloning . |
|
TheMG Premium Member join:2007-09-04 Canada
1 recommendation |
TheMG
Premium Member
2008-Oct-10 8:03 pm
Meh...Wired FTW. I just can't go without my gigabit ethernet! |
|