Topic 'Re: WPA cracking, are you scared yet?' in forum 'Wireless Security'

Topic 'Re: WPA cracking, are you scared yet?' in forum 'Wireless Security' - dslreports.com http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22526526 en Fri, 10 Feb 2012 15:03:27 EDT Fri, 10 Feb 2012 15:03:27 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22790844 said by Thane_Bitter:

"The SSID and the SSID length is seeded into the passphrase hash. This means that the passphrase of 'password' will be hashed differently on a network with the SSID of 'linksys' than it will on a network with the SSID of 'default'."

»hak5.org/forums/index.php?showto···ry128919

If you use a standard SSID like "default", "linksys", or any of the other ones they included in the table it allows a hacker to more efficiently crack a WAP that is using a weak password. Assuming you do use a SSID on the list but have a 63 digit random string (numbers, uppercase & lower case letters, punctuation and the rest of the keys usable on a keyboard) the would still have to crack your WAP via brute force because the rainbow lists would not have the processed shortcuts for your wireless key.

By using a unique SSID the rainbow list would have to be recomputed for that SSID, even then it would only allow the hacker to crack your password if the key was in the dictionary that was used to make the list.

In short, the rainbow lists works as an efficient universal tool to crack poorly secured wireless networks with greater speed.
thanks learned something.]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22790844 Thu, 30 Jul 2009 17:30:10 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22756865 said by Thane_Bitter:

In short, the rainbow lists works as an efficient universal tool to crack poorly secured wireless networks with greater speed.
I would take it even further. Consider the following password:

ddg7

We would both agree this is a weak password. But using precomputed hash table will surely fail because they can not possible contain significant amount of permutations as the space required to store the table would be astronomically large.

For a dictionary attack yes, but most passwords I have encountered in the wild ( all actually ) would not be found in a dictionary - such as most last names - a first initial and a last name - a name with a number - random spacing and caps.]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22756865 Thu, 23 Jul 2009 20:43:41 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22756770
These precomputed tables are somewhat of a useless sensation, since many users like to use passwords that include their last name or their last name plus a number.

For example, the biggest freely available PCT for SSID linksys will fail if i just used my last name for a password (like many people do - or even worse my last name plus a number)

PCT's will fail 99.99%.

Why don't they include numbers you ask? or even simple permutations - do you have 1 trillion GB's to spare?]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22756770 Thu, 23 Jul 2009 20:29:49 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22720224 "The SSID and the SSID length is seeded into the passphrase hash. This means that the passphrase of 'password' will be hashed differently on a network with the SSID of 'linksys' than it will on a network with the SSID of 'default'."
»hak5.org/forums/index.php?showto···ry128919

If you use a standard SSID like "default", "linksys", or any of the other ones they included in the table it allows a hacker to more efficiently crack a WAP that is using a weak password. Assuming you do use a SSID on the list but have a 63 digit random string (numbers, uppercase & lower case letters, punctuation and the rest of the keys usable on a keyboard) the would still have to crack your WAP via brute force because the rainbow lists would not have the processed shortcuts for your wireless key.

By using a unique SSID the rainbow list would have to be recomputed for that SSID, even then it would only allow the hacker to crack your password if the key was in the dictionary that was used to make the list.

In short, the rainbow lists works as an efficient universal tool to crack poorly secured wireless networks with greater speed.]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22720224 Thu, 16 Jul 2009 20:10:25 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22716159
Sure if you use a password that goes along with the SSID theme but a random password?]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22716159 Thu, 16 Jul 2009 03:58:48 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22667078 http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22667078 Tue, 07 Jul 2009 12:12:50 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22665266
Anyone who really cares about what they're doing and sensitive data just uses a VPN. If you really care that much, you'd be doing so.

I use a 20 character PSK with upper and lower case letters, as well as numbers and symbols. Am I concerned in the least? Uh, no.
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn

I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 12900+ messages currently using 406 MB.]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22665266 Tue, 07 Jul 2009 01:46:54 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22564799 said by fonzbear2000:

And if they do anything illegal using your connection and take off, you would be held responsible.
I take it you're not a lawyer.

If you're that worried about it, I suggest you unhook your wifi AP, dig a hole in your back yard, and bury it there.
--
My place : »www.schettino.us]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22564799 Wed, 17 Jun 2009 09:23:00 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22562598 --
»Check this out!]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22562598 Tue, 16 Jun 2009 20:10:18 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22562522
If I am running an open network then I might be responsible. If someone splices into my cable or hacks my wifi, I don't think I am.

Do you think you are? Really?
--
My place : »www.schettino.us]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22562522 Tue, 16 Jun 2009 19:55:18 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22562159 --
»Check this out!]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22562159 Tue, 16 Jun 2009 18:48:05 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22556352 said by Tonice2007:

My question to you is what technology isn't hackable? Depends on how many decades you have to crack it. ;)

If you can crack a 63 ASCII PW in a reasonable amount of time (days, not millinea), people will pay you a lot. Again, feel free to try.
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22556352 Mon, 15 Jun 2009 19:53:08 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22556246 quote:

My question to you is what technology isn't hackable? The answer is nothing

wpa2(aes) with a radius server. Cant see that being busted atm.]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22556246 Mon, 15 Jun 2009 19:37:22 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22551993
Why does Microsoft products have more holes then other manufactures? It's because, it's a bigger target to hackers since the number of users of the software is more then other versions/manufactures, for an instance is a MAC computer more secure then a Windows? Not really, but Windows have more "holes" because more people hack it since Windows holds a bigger market share.

So, in the end what can you do about this security breach with WPA? Use all the characters available to you and don't only use letters, use everything you can and change your "password" every 3 months or so, so that if someone comprises your connection you can respond quickly if needed.]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22551993 Sun, 14 Jun 2009 23:48:17 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22549948 http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22549948 Sun, 14 Jun 2009 15:58:12 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22539064 http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22539064 Fri, 12 Jun 2009 08:55:34 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22538490 http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22538490 Fri, 12 Jun 2009 02:56:44 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22538462 said by Its a Secret:

*yawn*

Please feel free to try to hack my AP. I'll even bring you coffee. Lots of it...
Where so we can get free coffee? :)]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22538462 Fri, 12 Jun 2009 02:37:13 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22538225
Please feel free to try to hack my AP. I'll even bring you coffee. Lots of it...]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22538225 Fri, 12 Jun 2009 00:51:50 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22536537 quote:

so therefore without forehand knowledge of the ssid,

You mean like not receiving the signal from the AP? If you are able to receive the signal from the AP you are able to see the SSID in cleartext. So how do you have no forehand knowledge of the SSID? Could you explain this, please? I think F430 and other are correct - use a unique SSID and don't bother trying to hide it since you are only fooling yourself.

BTW - brute force attacks are nothing new - they are far older then electronic communication. The weaker your passphrase the more likely the attack will succeed. If you use a good passphrase knowing the SSID is not going to have a measurable effect on the success/failure of the attack.]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22536537 Thu, 11 Jun 2009 18:55:54 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22535144
the SSID doesn't need to be hidden. It just needs to be unique. And even if your SSID is in the tables, if the passphrase is strong enough then the tables won't have an impact regardless.

so bottom line.. strong passphrase is still the key and having a unique SSID helps]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22535144 Thu, 11 Jun 2009 15:14:52 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22535142 Lets see, someone breaks in and sees my CD collection on my NAS drive, oooh aaaah. . . I have more important thinks to worry about than what the script kiddies are doing.
--
»www.wwiivehicles.com

World War II Vehicles and Advanced Squad Leader]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22535142 Thu, 11 Jun 2009 15:14:47 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22534934
Yeah, I'm not scared yet.
--
My place : »www.schettino.us]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22534934 Thu, 11 Jun 2009 14:41:40 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22531542 said by F430 :

quote:
...you would know how pointless it is to reduce the number of times your SSID is transmitted (you cannot "hide" it).

Perhaps I should have reworded it so that it is not being "broadcasted." Limiting the number of times the ssid it is visible in plain-text can reduce the likelihood that it is exposed to being attacked. Both the ssid and passphrase are hashed in the encryption process so therefore without forehand knowledge of the ssid, the attacker is at least somewhat mitigated in his efforts but the mitigation nonetheless does have impact.]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22531542 Wed, 10 Jun 2009 23:14:57 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22530835 quote:

This is for AES WPA-PSK standard, just another reason why you should hide your *non-standard* ssid

I was with you until you wrote this. Obviously you have limited knowledge of how wireless works. Otherwise you would know how pointless it is to reduce the number of times your SSID is transmitted (you cannot "hide" it). This kind of FUD destroys any useful message you may have tried to get across.]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22530835 Wed, 10 Jun 2009 21:02:47 EDT Re: WPA cracking, are you scared yet? http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22528291
Short of using a 'one time pad', all encryption is breakable, it is only a function of processing power and time. Personal I am not disturbed, it is only the logical extension of other hacking/cracking schemes and these guys have taken the time to speed up the process by compiling a convenient list of shortcuts. ;)]]> http://www.dslreports.com/forum/Re-WPA-cracking-are-you-scared-yet-22528291 Wed, 10 Jun 2009 13:55:57 EDT WPA cracking, are you scared yet? http://www.dslreports.com/forum/WPA-cracking-are-you-scared-yet-22526526 latest episode of hak5 and was quite disturbed. (Not at the three discussing random topics while taking shots at a NYC bar, but new developments on cracking tools like cowPATTY.)

Basically, some kids went out of their way and used a 27-node cluster to make a 40 gig rainbow table that effectively cracks the top 1000 ssid's (from wigle.net, covering 52% of all recorded ssids) and 1+ million passwords associated with them.

Scary part is, an attacker need NOT have all 40 gig's worth of tables, he just needs your ssid and BOOM - he dl's a 40MB file and starts cracking it within seconds.

This is for AES WPA-PSK standard, just another reason why you should hide your *non-standard* ssid, use ALL 63 *NON-STANDARD* CHARACTERS FOR THE PASSPHRASE. Or you could just set up a Radius and breathe easily before computing power is able to catch up with bruteforcing even more ssid's. :p

One thing to add though, this is assuming the attacker gets at least the 2nd frame of the 4-way wpa authentication handshake. This needs to be a physical promiscuously capture or else honey-potted with silly Windows remember wifi location "feature."]]> http://www.dslreports.com/forum/WPA-cracking-are-you-scared-yet-22526526 Wed, 10 Jun 2009 08:48:33 EDT