dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14
share rss forum feed

Jazzemt

join:2009-02-12
USA
reply to kitsune

Re: Stupid is as Stupid does.

It is not cracking the wpa. It is using a tool like Reaver and cracknig the WPS which is in most routers and cannot be turned off. And some of the ones where it can be turned off it is still crackable. At that point spofing the mac and knowing the WPS key you are assigned the WPA key and there is a tool or two to show what the wpa key is when you have it local. The longest I have seen it take was two hours. Usually under 30 minutes.

ke4pym
Premium
join:2004-07-24
Charlotte, NC
Reviews:
·Northland Cable ..
·Time Warner Cable
·ooma
·VOIPO
·Verizon Broadban..
said by Jazzemt:

It is not cracking the wpa. It is using a tool like Reaver and cracknig the WPS which is in most routers and cannot be turned off. And some of the ones where it can be turned off it is still crackable. At that point spofing the mac and knowing the WPS key you are assigned the WPA key and there is a tool or two to show what the wpa key is when you have it local. The longest I have seen it take was two hours. Usually under 30 minutes.

Ditto

rahvin112

join:2002-05-24
Sandy, UT
reply to Jazzemt
It's not just WPS, with the password lists available with John the Ripper (or elsewhere) you can dictionary attack the password in almost no time at all. It's pretty rare actually that anything short of 12+ random numbers, letters and special characters isn't part of the lists. Before I switched to passphrases I grep'd almost every single password I use out of the lists, it was eyeopening.


TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
kudos:1
Reviews:
·Optimum Online
·Clearwire Wireless
said by rahvin112:

It's pretty rare actually that anything short of 12+ random numbers, letters and special characters isn't part of the lists.

Really? I use pass-phrases, They take the form of "W#en T#e $un $h|n#$ |t'$ V#ry 3r|g#t 0ut$|d#" A 40 character+ pass-phrase with special characters replacing letters. Which can be remembered quite easily if you craft it intelligently. I don't think such a random phrase crafted this way will show up on any list, and the number of combinations and permutations is beyond the capability of anything short of a bank of supercomputers to discover in time to make the discovery usable. I use such pass-phrases on my computers as well.

Short of cracking the algorithm itself, which as far as I know has not been done yet, systems protected this way are as secure as they can be.

--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."

"People should not be afraid of their governments. Governments should be afraid of their people"


familypizza

join:2013-01-07
said by TamaraB:

said by rahvin112:

It's pretty rare actually that anything short of 12+ random numbers, letters and special characters isn't part of the lists.

Really? I use pass-phrases, They take the form of "W#en T#e $un $h|n#$ |t'$ V#ry 3r|g#t 0ut$|d#" A 40 character+ pass-phrase with special characters replacing letters. Which can be remembered quite easily if you craft it intelligently. I don't think such a random phrase crafted this way will show up on any list, and the number of combinations and permutations is beyond the capability of anything short of a bank of supercomputers to discover in time to make the discovery usable. I use such pass-phrases on my computers as well.

Short of cracking the algorithm itself, which as far as I know has not been done yet, systems protected this way are as secure as they can be.

For sure, except the people posting in here about their non dictionary 30+ character passwords (with special characters) do not reflect what 95% of people actually use.

No one is trying to say AES is weak... they're trying to say if you use a weak / semi weak password (which most normal users do) then you are susceptible to having their network possibly used by unauthorized users.

davidkassa

join:2013-06-03
Madison, WI
reply to TamaraB
This is a pretty good method, but crackers definitely know this "trick". I encourage everyone to read this article. »arstechnica.com/security/2013/05···sswords/

It talks about how even pass-phrases are easily cracked when simple substitution is used. The ultimate recommendation is use a password manager and make your long passwords truly random.