| |
WPA CrackSo this basically means that someone can't sniff my data but they can get on my network....Correct? |
|
 FFH5
Premium Member
join:2002-03-03
Tavistock NJ
1 edit |
FFH5
Premium Member
2008-Nov-6 5:37 pm
said by Sacurtis:So this basically means that someone can't sniff my data but they can get on my network....Correct? Not exactly. They can see the data that is going TO the PC from the wireless router. They just can't see the data flowing FROM the PC back thru the router to the web host. |
|
 danza
Premium Member
join:2002-08-23 |
to Sacurtis
Seems like it.
They didn't mention AES at all in the article though. |
|
| |
WPA2Soon enough WPA will be the new WEP. Thank goodness for another change of style, AES. Is there any word on a WPA3 (or whatever the next gen might be). |
|
FFH5
Premium Member
join:2002-03-03
Tavistock NJ
1 edit
1 recommendation |
FFH5 to danza
Premium Member
2008-Nov-6 5:39 pm
to danza
Re: WPA Cracksaid by danza:Seems like it. They didn't mention AES at all in the article though. Read comments to the news item from PCWorld: » www.pcworld.com/article/153396/A thread in the Security forum discusses this: » New method found to crack WPA - but not WPA2 |
|
| |
tmh
Anon
2008-Nov-6 5:39 pm
Not newsTKIP has its foundations in WEP. The main improvement being that a new key was generated every X minutes. It looks like someone's figured out a faster way to break WEP? True?  Looks like AES is still secure. |
|
KearnstdSpace Elf
Premium Member
join:2002-01-22
Mullica Hill, NJ |
to Sacurtis
Re: WPA Crackso they cracked it but it is still more secure then WEP. id still compair WPA-TKIP to a deadbolt on your door and no windows in reach of ground level. someone can get in but they have to work at it.
WPA2-AES is more like a motion sensing machinegun on the roof. |
|
|
| |
What is no wireless then (only a hardwired lan)? :-P |
|
FFH5
Premium Member
join:2002-03-03
Tavistock NJ
2 recommendations |
FFH5 to tmh
Premium Member
2008-Nov-6 5:47 pm
to tmh
Re: Not newssaid by tmh :TKIP has its foundations in WEP. The main improvement being that a new key was generated every X minutes. It looks like someone's figured out a faster way to break WEP? True? Looks like AES is still secure. Even if you are using WPA/TKIP, you can still better your odds by changing the "Key Renewal interval" in the wireless router from the usually default 3600 secs(60 mins) down to say 600 secs(10 mins). That should bring it under the time needed to crack the key. By the time they crack the key, it would already be changed. |
|
 BIGMIKEQ
Premium Member
join:2002-06-07
Gainesville, FL |
to Sacurtis
Re: WPA CrackHacking Wireless Network is old news Apr 05, 2005 Feds Hack Wireless Network in 3 Minutes » hardware.slashdot.org/ar ··· from=rssTurbo-charged wireless hacks threaten networks Graphics cards encryption skulduggery By John Leyden • Get more from this author Posted in Enterprise Security, 10th October 2008 12:25 GMT » www.theregister.co.uk/20 ··· hacking/The latest graphics cards have been used to break Wi-Fi encryption far quicker than was previously possible. Some security consultants are already suggesting the development blows Wi-Fi security out of the water and that corporations ought to apply tighter VPN controls, or abandon wireless networks altogether, in response |
|
1 recommendation |
tmh to FFH5
Anon
2008-Nov-6 6:04 pm
to FFH5
Re: Not newssaid by FFH5: Even if you are using WPA/TKIP, you can still better your odds by changing the "Key Renewal interval" in the wireless router from the usually default 3600 secs(60 mins) down to say 600 secs(10 mins). That should bring it under the time needed to crack the key. By the time they crack the key, it would already be changed. Tis funny you mentioned that. 5 years ago when I was running TKIP routers, I switched the key interval to 300 seconds. It wasn't adversely performance, so I figured "why not?". tmh |
|
| |
to BIGMIKE
Re: WPA CrackYour first example is about cracking WEP which is old news. This article is talking about cracking WPA, so they are not related.
You second example is not really cracking the WPA key, it's just a faster brute force attack. |
|
| |
to BIGMIKE
Let's say I had a computer with two graphics cards, why can't someone come up with a way to use one of the graphics cards ( or some card that could be installed in a slot ) when it is idle or lightly used, to encrypt data ? |
|
|
 ftthzIf love can kill hate can also save
join:2005-10-17 |
ftthz
Member
2008-Nov-6 7:02 pm
.intersting... means people have to upgrade to wpa2 |
|
 StefaniaJezu Chryste, Kubi
Premium Member
join:2003-03-17
Chicago, IL |
to cooperaaaron
Re: WPA CrackApple is doing something very similar to what you describe, or at least they're making it possible. » en.wikipedia.org/wiki/OpenCL |
|
 scooby
Premium Member
join:2001-05-01
Schaumburg, IL |
scooby
Premium Member
2008-Nov-6 7:30 pm
Everything is crackable...Like I have said for years now. If it is human made, a human can crack it. It is just a matter of time.
Obviously the amount of time depends on the level of interest.
R.I.P. CSS - 1999
R.I.P. WEP - 2001
R.I.P. AACS - 2007
R.I.P. BD+ - 2008
AACS and BD+ cracked for sure? Who knows but there are lots of programs out there to let you get around it. That is close enough in my book. |
|
jca2050
Premium Member
join:2002-02-04
Dallas, TX |
jca2050
Premium Member
2008-Nov-6 7:33 pm
WPAWPA is still very secure if you have a complicated and long pass code. If you make your pass code something like ">SADFJL#()@!)OFKasfjksF2390SATf923()!%#%>", that's pretty much a guarantee that no one will crack it unless they have rainbow tables and a lot of time on their hands.
WPA has been crackable for a long time, it just requires you to deauth a client, capture the 4-way handshake when they reconnect and crack it with aircrack. If the pass code is something easy like "password" then you can run a standard dictionary attack on it and crack it in a matter of minutes. Although this method only works on WPA-PSK (pre-shared key) if I recall correctly, but just about every WPA protected AP I've seen uses WPA-PSK. |
|
TheMG
Premium Member
join:2007-09-04
Canada MikroTik RB450G
Cisco DPC3008
Cisco SPA112
1 edit |
to Kearnstd
Re: WPA Cracksaid by Kearnstd:id still compair WPA-TKIP to a deadbolt on your door and no windows in reach of ground level. Well, I'm not sure if I'd compare it to a deadbolt. I can pick the lock on a standard deadbolt in just a couple minutes using makeshift tools. I'm no locksmith either. And this WPA cracking isn't quite available to the masses either, unlike WEP cracking. Unless of course the key is a weak one, in which case it can be brute forced within a reasonable time frame. Good luck brute forcing a WPA key of 63 random characters (I think that's what the max is). |
|
| |
to QuakeFrag
said by QuakeFrag:What is no wireless then (only a hardwired lan)? :-P Smart ? |
|
 fireflierCoffee. . .Need Coffee
Premium Member
join:2001-05-25
Limbo
1 edit
3 recommendations |
to QuakeFrag
said by QuakeFrag:What is no wireless then (only a hardwired lan)? :-P Pissed off midget with a flamethrower. |
|
| |
to Stefania
This is the same concept as a Cisco card that is used, an AIM module, which offloads the encryption onto that processor to take away from the main CPU.
Long ago, this is old technology, and can certainly be applied to wireless networks.
If you are that paranoid then simply create a VPN, dial into the VPN over the encrypted wireless access point, and then they would have to break the wireless and the extremely complex encryption with 3DES and other complex technologies long developed.
Geez... |
|
| |
to fireflier
said by fireflier:said by QuakeFrag:What is no wireless then (only a hardwired lan)? :-P Pissed off midget with a flamethrower. LOL!  |
|
 funchordsHello
MVM
join:2001-03-11
Yarmouth Port, MA |
to jca2050
Re: WPAsaid by jca2050:WPA is still very secure if you have a complicated and long pass code. If you make your pass code something like ">SADFJL#()@!)OFKasfjksF2390SATf923()!%#%>", that's pretty much a guarantee that no one will crack it unless they have rainbow tables and a lot of time on their hands. Thinking up a long complex pass key makes it harder to brute force, but it doesn't make it any harder to crack. The combination of the two is apparently meaningful, according to one researcher's claims that I couldn't quite understand -- the gist was don't use passphrases under 20 characters. The one you chose above will probably confuse hardware that uses a different ASCII translation table than other hardware (I've seen this personally). But as an example of what I'm talking about -- that they're both just as complex -- see the tool wpa_passphrase to see the conversion between passphrases and PSKs for a network whose SSID is "test" robb@topol015:~$ wpa_passphrase test ">SADFJL#()@\!)OFKasfjksF2390SATf923()\!%#%>"network={
ssid="test"
#psk=">SADFJL#()@\!)OFKasfjksF2390SATf923()\!%#%>"
psk=53f55d9c1b6aaa0e117013aa8dbac52c0acb3a92dc6d8535eafb2592d8754bb7
}
robb@topol015:~$ wpa_passphrase test "00000000"
network={
ssid="test"
#psk="00000000"
psk=e662b752907be97ebb5659bdc09d179a8f0df76ed3e4ba7cb6d2db1659381056
}
This function is the PBKDF2 (Password-Based Key Derivation Function) for Google's sake. ;) |
|
| |
WPA2 is fine.I use WPA2-AES with a randomly generated longass password. I figure it'll be a few more years for someone to crack that.
I suppose though, because cpu/power continutes to increase, the ease of brute force attacks gets easier. I guess they should start working on a WPA3. |
|
1 edit |
TKIP+AESMy DD-WRT supports "TKIP+AES". Does the essentially double my protection? I don't really know what that means.
Edit: Just found out. "TKIP+AES" is there for mixed environments. It will try AES first and if your node doesn't support it, it will try TKIP. |
|
| |
to zod5000
Re: WPA2 is fine.said by zod5000:I use WPA2-AES with a randomly generated longass password. I figure it'll be a few more years for someone to crack that. I suppose though, because cpu/power continutes to increase, the ease of brute force attacks gets easier. I guess they should start working on a WPA3. Nah, a raw brute force on, say, 128 bit AES would take longer than the age of the universe (assuming a reasonably strong key). Then you have the Von Neumann-Landauer Limit to contend with. This principle says that it would take an inordinate amount of energy to do -- more than is available to anyone. Energy is a big problem with brute forcing large keys. There is simply no way around the 2nd law of thermodynamics (unless you want to take into account theoretical reversible computing). This attack on TKIP appears to have been a result of a mathematical breakthrough (i.e. the researchers found an inherent weakness in the encryption cipher). Without these mathematical "breakthroughs" brute forcing is not feasible, not even with multiple supercomputers. |
|
 snipper_cr
Premium Member
join:2002-01-22
Wheaton, IL |
Quite right. I dont have the article to support this, but I read that if you take the worlds largest super computer, shrink it down to the size of a grain of sand, and then cover the earth it would still take millions of years to crack a full 128 bit AES... at least i think thats what it was. Either way, it is some miscomprehendable number.
Interesting thought about Von Neumann-Landauer limit and the second law of thermo... although does that take into account super conducting computers?
If this ultimately leads to a break in TKIP, that would be slightly unnerving. A break of AES would be down right disastrous. I hate to see what would happen if AES could be broken... |
|
 ·Consolidated Com..
·Republic Wireless
 ·Hollis Hosting
|
to FFH5
Re: Not newssaid by FFH5: By the time they crack the key, it would already be changed. That does not address the problem. Since previous transmissions can be recorded it does not matter (within reason) how long it takes the attacker to crack encryption. Once cracked plain text is readable. Whatever was communicated is now known to the attacker. /tom |
|
FFH5
Premium Member
join:2002-03-03
Tavistock NJ |
FFH5
Premium Member
2008-Nov-6 10:04 pm
said by tschmidt:said by FFH5: By the time they crack the key, it would already be changed. That does not address the problem. Since previous transmissions can be recorded it does not matter (within reason) how long it takes the attacker to crack encryption. Once cracked plain text is readable. Whatever was communicated is now known to the attacker. /tom It does matter, because the data that has to be collected in order to successfully decrypt it exceeds a 12 to 15 min collection timeframe. If the key changes BEFORE they can collect 12 to 15 mins worth of data, then the decryption process won't succeed. At least that is how I understand the process from several different writeups. |
|
·Consolidated Com..
·Republic Wireless
·Hollis Hosting
|
to cooperaaaron
Re: WPA Cracksaid by cooperaaaron:some card that could be installed in a slot ) when it is idle or lightly used, to encrypt data ? The problem is not encryption it is key management. AES is very secure. Key management is is the weak point of most privacy schemes. The Enigma machines used by Germany during WWII were quite good. It was the way Germans created the daily key that allowed Alan Turing to crack the codes. If Germans used better keys and prefixed messages with random data (like the Allies did) most likely even the brilliant Turning would have been stymied. /tom |
|
·
·