dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
16
share rss forum feed


ITALIAN926

join:2003-08-16
kudos:2
reply to ke4pym

Re: Stupid is as Stupid does.

Theres no way in hell youre cracking my WPA2 WITH MAC filtering, aint happening, and if you do , you should be putting your skills to good use, not stealing last Season of Dexter of my internet connection.


familypizza

join:2013-01-07

1 recommendation

Just so we're clear... your setup can be cracked. All a person would have to do is capture the 4-way handshake when it takes place, then crack the password (via dictionary or brute force)

As for as MAC filtering goes... this literally adds zero additional security. Any sniffer worth it's salt would tell me the MAC addresses that are currently connected to your network, then all you would have to do is spoof that MAC address to satisfy the "high security MAC filtering"

For someone who knows what they're doing... it's trivial. Even more so if the password they are using is a dictionary word, or a 10 digit number (like a phone number)


Ammler
Premium
join:2005-04-19
Pittsburgh, PA

And what about a series of random letters and numbers? I still say license plates make the best passwords.


ke4pym
Premium
join:2004-07-24
Charlotte, NC
Reviews:
·VOIPO
·ooma
·Verizon Broadban..
·Northland Cable ..
·Time Warner Cable

said by Ammler:

And what about a series of random letters and numbers? I still say license plates make the best passwords.

It'll take a little longer. But not much. If you're my neighbor then it'll be game up.

ke4pym
Premium
join:2004-07-24
Charlotte, NC
Reviews:
·VOIPO
·ooma
·Verizon Broadban..
·Northland Cable ..
·Time Warner Cable
reply to ITALIAN926

said by ITALIAN926:

Theres no way in hell youre cracking my WPA2 WITH MAC filtering, aint happening, and if you do , you should be putting your skills to good use, not stealing last Season of Dexter of my internet connection.

I would strongly suggest you read up on how weak WiFi systems are.

And it doesn't take skills. Unless you count downloading an iso, sending it to a bootable USB key and booting from said USB key and clicking "Go" when the system boots - skills.

kitsune

join:2001-11-26
Sacramento, CA

said by ke4pym:

said by ITALIAN926:

Theres no way in hell youre cracking my WPA2 WITH MAC filtering, aint happening, and if you do , you should be putting your skills to good use, not stealing last Season of Dexter of my internet connection.

I would strongly suggest you read up on how weak WiFi systems are.

And it doesn't take skills. Unless you count downloading an iso, sending it to a bootable USB key and booting from said USB key and clicking "Go" when the system boots - skills.

I think you need to do a little more reading yourself. WPA2-AES is still difficult to crack. Certainly not going to break it in a few minutes. Especially if you are using a password of decent length.

Now if you are using the router from your service provider with WEP security, you are hosed. But that is not the current standard.

Jazzemt

join:2009-02-12
USA

It is not cracking the wpa. It is using a tool like Reaver and cracknig the WPS which is in most routers and cannot be turned off. And some of the ones where it can be turned off it is still crackable. At that point spofing the mac and knowing the WPS key you are assigned the WPA key and there is a tool or two to show what the wpa key is when you have it local. The longest I have seen it take was two hours. Usually under 30 minutes.


ke4pym
Premium
join:2004-07-24
Charlotte, NC
Reviews:
·VOIPO
·ooma
·Verizon Broadban..
·Northland Cable ..
·Time Warner Cable

said by Jazzemt:

It is not cracking the wpa. It is using a tool like Reaver and cracknig the WPS which is in most routers and cannot be turned off. And some of the ones where it can be turned off it is still crackable. At that point spofing the mac and knowing the WPS key you are assigned the WPA key and there is a tool or two to show what the wpa key is when you have it local. The longest I have seen it take was two hours. Usually under 30 minutes.

Ditto

rahvin112

join:2002-05-24
Sandy, UT
reply to Jazzemt

It's not just WPS, with the password lists available with John the Ripper (or elsewhere) you can dictionary attack the password in almost no time at all. It's pretty rare actually that anything short of 12+ random numbers, letters and special characters isn't part of the lists. Before I switched to passphrases I grep'd almost every single password I use out of the lists, it was eyeopening.



TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless

said by rahvin112:

It's pretty rare actually that anything short of 12+ random numbers, letters and special characters isn't part of the lists.

Really? I use pass-phrases, They take the form of "W#en T#e $un $h|n#$ |t'$ V#ry 3r|g#t 0ut$|d#" A 40 character+ pass-phrase with special characters replacing letters. Which can be remembered quite easily if you craft it intelligently. I don't think such a random phrase crafted this way will show up on any list, and the number of combinations and permutations is beyond the capability of anything short of a bank of supercomputers to discover in time to make the discovery usable. I use such pass-phrases on my computers as well.

Short of cracking the algorithm itself, which as far as I know has not been done yet, systems protected this way are as secure as they can be.

--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."

"People should not be afraid of their governments. Governments should be afraid of their people"


familypizza

join:2013-01-07

said by TamaraB:

said by rahvin112:

It's pretty rare actually that anything short of 12+ random numbers, letters and special characters isn't part of the lists.

Really? I use pass-phrases, They take the form of "W#en T#e $un $h|n#$ |t'$ V#ry 3r|g#t 0ut$|d#" A 40 character+ pass-phrase with special characters replacing letters. Which can be remembered quite easily if you craft it intelligently. I don't think such a random phrase crafted this way will show up on any list, and the number of combinations and permutations is beyond the capability of anything short of a bank of supercomputers to discover in time to make the discovery usable. I use such pass-phrases on my computers as well.

Short of cracking the algorithm itself, which as far as I know has not been done yet, systems protected this way are as secure as they can be.

For sure, except the people posting in here about their non dictionary 30+ character passwords (with special characters) do not reflect what 95% of people actually use.

No one is trying to say AES is weak... they're trying to say if you use a weak / semi weak password (which most normal users do) then you are susceptible to having their network possibly used by unauthorized users.

davidkassa

join:2013-06-03
Madison, WI
reply to TamaraB

This is a pretty good method, but crackers definitely know this "trick". I encourage everyone to read this article. »arstechnica.com/security/2013/05···sswords/

It talks about how even pass-phrases are easily cracked when simple substitution is used. The ultimate recommendation is use a password manager and make your long passwords truly random.