WPA cracking, are you scared yet? Page 2

Author	All Replies
Nerdtalker Working Hard, Or Hardly Working? Premium,MVM join:2003-02-18 Tucson, AZ clubs:	reply to CraftyPirate Re: WPA cracking, are you scared yet? I'm still nowhere near concerned. Sure, WPA and WPA2 aren't invincible, but the level of protection they offer compared to the other options (WEP or nothing) is huge. Anyone who really cares about what they're doing and sensitive data just uses a VPN. If you really care that much, you'd be doing so. I use a 20 character PSK with upper and lower case letters, as well as numbers and symbols. Am I concerned in the least? Uh, no. -- "Some people never see the light till it shines thru bullet holes." -Bruce Cockburn I'm testing Gmail's spam filters: Broadbandreports1@gmail.com Spam: 12900+ messages currently using 406 MB.
	to forum · permalink · · 2009-07-07 01:46:54 ·
Anav Sarcastic Llama? Naw, Just Acerbic Premium join:2001-07-16 Dartmouth, NS 1 edit	reply to CraftyPirate What scares me is that, although these irresponsible and fearmongering types of post will have no effect on most of us, they may send more sensitive types into a tizzy quite needlessly. Case in point, see pg1.
	to forum · permalink · · 2009-07-07 12:12:50 ·
no_one @qwest.net	reply to CraftyPirate How does knowing my SSID make a password easier to guess, hack? My password is random gibberish also with the special symbols used. Sure if you use a password that goes along with the SSID theme but a random password?
	to forum · permalink · 2009-07-16 03:58:48 ·
Thane_Bitter join:2005-01-20 London, ON ·Bell Sympatico	"The SSID and the SSID length is seeded into the passphrase hash. This means that the passphrase of 'password' will be hashed differently on a network with the SSID of 'linksys' than it will on a network with the SSID of 'default'." »hak5.org/forums/index.php?showto···ry128919 If you use a standard SSID like "default", "linksys", or any of the other ones they included in the table it allows a hacker to more efficiently crack a WAP that is using a weak password. Assuming you do use a SSID on the list but have a 63 digit random string (numbers, uppercase & lower case letters, punctuation and the rest of the keys usable on a keyboard) the would still have to crack your WAP via brute force because the rainbow lists would not have the processed shortcuts for your wireless key. By using a unique SSID the rainbow list would have to be recomputed for that SSID, even then it would only allow the hacker to crack your password if the key was in the dictionary that was used to make the list. In short, the rainbow lists works as an efficient universal tool to crack poorly secured wireless networks with greater speed.
	to forum · permalink · · 2009-07-16 20:10:25 ·
DataRiker Premium join:2002-05-19 Metairie, LA clubs: 1 edit	Very well put. Technically they are not "rainbow" tables, but rather precomputed hash tables. These precomputed tables are somewhat of a useless sensation, since many users like to use passwords that include their last name or their last name plus a number. For example, the biggest freely available PCT for SSID linksys will fail if i just used my last name for a password (like many people do - or even worse my last name plus a number) PCT's will fail 99.99%. Why don't they include numbers you ask? or even simple permutations - do you have 1 trillion GB's to spare?
	to forum · permalink · · 2009-07-23 20:29:49 ·
DataRiker Premium join:2002-05-19 Metairie, LA clubs:	reply to Thane_Bitter said by Thane_Bitter : In short, the rainbow lists works as an efficient universal tool to crack poorly secured wireless networks with greater speed. I would take it even further. Consider the following password: ddg7 We would both agree this is a weak password. But using precomputed hash table will surely fail because they can not possible contain significant amount of permutations as the space required to store the table would be astronomically large. For a dictionary attack yes, but most passwords I have encountered in the wild ( all actually ) would not be found in a dictionary - such as most last names - a first initial and a last name - a name with a number - random spacing and caps.
	to forum · permalink · · 2009-07-23 20:43:41 ·
no_one @qwest.net	reply to Thane_Bitter said by Thane_Bitter : "The SSID and the SSID length is seeded into the passphrase hash. This means that the passphrase of 'password' will be hashed differently on a network with the SSID of 'linksys' than it will on a network with the SSID of 'default'." »hak5.org/forums/index.php?showto···ry128919 If you use a standard SSID like "default", "linksys", or any of the other ones they included in the table it allows a hacker to more efficiently crack a WAP that is using a weak password. Assuming you do use a SSID on the list but have a 63 digit random string (numbers, uppercase & lower case letters, punctuation and the rest of the keys usable on a keyboard) the would still have to crack your WAP via brute force because the rainbow lists would not have the processed shortcuts for your wireless key. By using a unique SSID the rainbow list would have to be recomputed for that SSID, even then it would only allow the hacker to crack your password if the key was in the dictionary that was used to make the list. In short, the rainbow lists works as an efficient universal tool to crack poorly secured wireless networks with greater speed. thanks learned something.
	to forum · permalink · 2009-07-30 17:30:10 ·


Thursday, 03-Dec 13:04:22	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF