dslreports logo
site
spacer

spacer
 
   
spc
story category
Using GPUs To Speed Up WPA Hacks
Time for another new Wi-Fi security standard?
by Karl Bode 09:14AM Friday Oct 10 2008
According to a vague article at SC Magazine, use of the latest NVidia graphics cards can accelerate WPA Wi-Fi "password recovery" times "by up to an astonishing 10,000 per cent." The article fails to provide a baseline hack time, or whether they're only talking about cracking PSK or pre-shared keys. "Brute force decryption of the WPA and WPA2 systems using parallel processing has been on the theoretical possibilities horizon for some time - and presumably employed by relevant government agencies in extreme situations - but the use of the latest NVidia cards to speedup decryption on a standard PC is extremely worrying," says GSS researcher David Hobson.

view:
topics flat nest 

jjoshua
Premium
join:2001-06-01
Scotch Plains, NJ
kudos:3

Don't bother

Don't secure your wireless network. Encrypt all traffic using a VPN. Deny all other wireless traffic.

If you need security, use a wired network.

karlmarx

join:2006-09-18
Chicago, IL

Re: Don't bother

That's not a realistic solution. Of course, if wireless encryption, WEP is easily cracked by any desktop in a matter of minutes. WAP has always been crackable, given enough processing power and a big enough data set. Of course, if that 1000 hour crack could be done in 6 minutes with an NVIDIA graphics card, that would be a game changer. But what are the options available? Assuming a regular PC would take about 5 months to brute force a 13 character key, using an Nvidia card would take that to about 45 minutes. Heck, I've got 45 minutes to waste outside an office building, do you?
--
The happiest countries are the most secular. The struggle AGAINST corporations is the struggle FOR humanity!

maartena
Elmo
Premium
join:2002-05-10
Orange, CA
kudos:3

Re: Don't bother

said by karlmarx:

That's not a realistic solution.
Not for homes. But for offices it is. As a matter of fact my employer does not allow ANY wireless connection out of security reasons. We work with sensitive data and have to conform to bank-industry security standards. (We aren't a bank though).

The only wireless option we have considered, and isn't too hard to implement.... is using VPN. It wouldn't be too hard to install the VPN client we already use on our laptops, (which most have installed anyways as they take it home) and have them logon to a VPN before they can access *anything* on the network.

For offices VPN implementation isn't too difficult. And you can actually leave your wireless access points completely open, they only thing people will be able to reach on your network..... is a VPN server.

BIGMIKE
Premium
join:2002-06-07
Westminster, CA
Insecure.org Top 100 Network Security Tools
In 2000, Fyodor, creator of the NMap Scanner, conducted a survey of the readers of the nmap-hackers mailing list and compiled the Top 50 Security Tools.
»netsecurity.about.com/od/hackert···htm?rd=1

»sectools.org/index.html

Matt3
All noise, no signal.
Premium
join:2003-07-20
Jamestown, NC
kudos:12

I believe it

Just look at how much faster your GPU is at Folding@Home or encoding a video. A DVD to WMV conversion on my E6750 takes close to 48 hours due to the upconversion to 720p. It takes 1 hour and 45 using my 9600GT.

GPUs are great at tasks that can utilize massively parallel architectures.
--
Linux Haters Unite!
k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL

1 recommendation

Not again...

You know this stuff is really starting to *bug* me. Left and right I always see "WEP insecure don't use it", blah blah blah.
Anyone with fingers and more than 2 braincells to rub together will realize you can't just crack wireless APs with off the shelf wireless cards (at least the vast majority). That means that your neighbor is probably not going to be a "WEP cracker", so its safe to use WEP in a residential area. I'll bet anyone's neighbor here probably only knows the basics of Word. I would use something more industrial in a apartment area though; as since your signal can encompass more people...but in a urban/rural residential area where there is considerate amount of space between houses WEP is enough to keep the average doodle head from connecting to your wifi and thinking its his.
But again why are we even talking about this when the vast majority of people don't even use any protection at all! (Just walk down your street with your laptop, I'll bet you will find at least one open AP with a internet connection.)

I am NOT saying it isn't hackable, but for the amount of time it takes...I think some "researchers" are stretching the truth. Somehow I doubt someone can crack a 128bit wep key in a matter of minutes on the average laptop. And for the people that say that WEP is really insecure...again in an urban/rural area is there actually people going around *wasting* their time sitting in a car just to see if they can crack your WEP key? If they are I haven't seen any. If anything they would be driving around trying to find an open wifi AP.

AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

Re: Not again...

said by k1ll3rdr4g0n:

You know this stuff is really starting to *bug* me. Left and right I always see "WEP insecure don't use it", blah blah blah.
Anyone with fingers and more than 2 braincells to rub together will realize you can't just crack wireless APs with off the shelf wireless cards (at least the vast majority).
You mean the vast majority of G cards cant go into promiscuous mode, but I'm sure you can get lots of hardware out there on the internet that can. WEP is dead. obsolete.

jmn1207
Premium
join:2000-07-19
Ashburn, VA
kudos:1

1 edit

Re: Not again...

said by AVD:

You mean the vast majority of G cards cant go into promiscuous mode, but I'm sure you can get lots of hardware out there on the internet that can. WEP is dead. obsolete.
Probably so, but it's perfect for making sure the old retired couple next door doesn't accidentally connect to my wireless network, and it still allows the fastest transfer speeds considering the tiny overhead it creates.

We are talking about your neighbors with a few Dell computers that have very little understanding of networking protocols. WEP is an obsolete security measure, but it can be used to prevent a neighbor from inadvertently hijacking your connection, while still making it simple for your guests to be able to connect without having to delve into the router's advanced feature settings.

kamm

join:2001-02-14
Brooklyn, NY

Re: Not again...

said by jmn1207:

said by AVD:

You mean the vast majority of G cards cant go into promiscuous mode, but I'm sure you can get lots of hardware out there on the internet that can. WEP is dead. obsolete.
Probably so, but it's perfect for making sure the old retired couple next door doesn't accidentally connect to my wireless network, and it still allows the fastest transfer speeds considering the tiny overhead it creates.

We are talking about your neighbors with a few Dell computers that have very little understanding of networking protocols. WEP is an obsolete security measure, but it can be used to prevent a neighbor from inadvertently hijacking your connection, while still making it simple for your guests to be able to connect without having to delve into the router's advanced feature settings.
This is the type of soft nonsense that gives people some ver false sense of security - it's BS, sorry, people should drop WEP altogether, period.
--
[BQUOTE=[user=bicker]]Waaaa waaaa waaaa. You just want what you want and don't care to factor in what is right or true. Your perspectives are un-American, and deserve far more ridicule than I'm prepared to pile on them.
[/BQUOTE]

jmn1207
Premium
join:2000-07-19
Ashburn, VA
kudos:1

Re: Not again...

I would drop the wireless security altogether, but it keeps out innocent neighbors. I live in a suburb of DC and only see 1 other wireless network out there. We have big lawns with lots of space around us, it probably is not anything like Brooklyn. The street I live on has no passing traffic and the house is adjacent to a hiking trail and creek. WEP is perfect for me.
patcat88

join:2002-04-05
Jamaica, NY
kudos:1
said by kamm:

This is the type of soft nonsense that gives people some ver false sense of security - it's BS, sorry, people should drop WEP altogether, period.
WEP isn't security, its avoidance. If someone has the time they will get in easily, but it will keep the vast majority of problems away.

AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
said by jmn1207:

We are talking about your neighbors with a few Dell computers that have very little understanding of networking protocols. WEP is an obsolete security measure, but it can be used to prevent a neighbor from inadvertently hijacking your connection, while still making it simple for your guests to be able to connect without having to delve into the router's advanced feature settings.
AES is faster since encryption is done in hardware.

WEP keys are the most confusing system out the, hex keys in rotation. You can use a text passphrase to generate the WEP keys, but there is no guarantee that these text passphrases generate the same key amoung vendors.

Setting up WEP or WPA otherwise requires the same configuration effort in terms of configuring the router.

jmn1207
Premium
join:2000-07-19
Ashburn, VA
kudos:1

Re: Not again...

Well, WPA was significantly slower in my experience with the equipment we mostly used. And of these two, if anyone really was interested in hacking into my network, neither would be worth a crap. So I went with the fastest performer of the 2 I had available.

kamm

join:2001-02-14
Brooklyn, NY

1 edit
said by k1ll3rdr4g0n:

You know this stuff is really starting to *bug* me. Left and right I always see "WEP insecure don't use it", blah blah blah.
Anyone with fingers and more than 2 braincells to rub together will realize you can't just crack wireless APs with off the shelf wireless cards (at least the vast majority). That means that your neighbor is probably not going to be a "WEP cracker", so its safe to use WEP in a residential area. I'll bet anyone's neighbor here probably only knows the basics of Word. I would use something more industrial in a apartment area though; as since your signal can encompass more people...but in a urban/rural residential area where there is considerate amount of space between houses WEP is enough to keep the average doodle head from connecting to your wifi and thinking its his.
But again why are we even talking about this when the vast majority of people don't even use any protection at all! (Just walk down your street with your laptop, I'll bet you will find at least one open AP with a internet connection.)

I am NOT saying it isn't hackable, but for the amount of time it takes...I think some "researchers" are stretching the truth. Somehow I doubt someone can crack a 128bit wep key in a matter of minutes on the average laptop. And for the people that say that WEP is really insecure...again in an urban/rural area is there actually people going around *wasting* their time sitting in a car just to see if they can crack your WEP key? If they are I haven't seen any. If anything they would be driving around trying to find an open wifi AP.
Jesus, sweet ignorance.
I bet you live in some remote place - visit NYC and you'll realize nobody has to go to anywhere, I can see 10+ wifi connection in my home and I live in nice brownstone area, on the corner of the best park in NYC, not in a multi-dwelling apt building area where literally hundreds of wifi APs are within connection range...

WEP is fuckin dead. Use it in any urban area and you get your @ss owned within days.
--
said by bicker:

Waaaa waaaa waaaa. You just want what you want and don't care to factor in what is right or true. Your perspectives are un-American, and deserve far more ridicule than I'm prepared to pile on them.

jhegfwsa56

@161.216.158.x

Re: Not again...

The correct word is minutes not days WEP can be cracked in way less than an hour with REGULAR hardware available at ANY store just pick the right model and that's it. Every store probably have at least two models ready to crack you POS WEP encryption.
beaups

join:2003-08-11
Hilliard, OH

Re: Not again...

I can crack 64 bit WEP in 1 minute and 128 bit in 5 tops. And the hidden ssid and MAC filtering is a joke and adds all of another 60 seconds to the process.

One real problem with wireless security is that "many" people feel it's only a tool to keep people from stealing their internet. Once your security is defeated, they can capture all of your online activity...this can be a big identity theft issue, or worse.

WPA (2) is the way to go with a long, very random password that contains no actual words. And it should be changed every couple days IMO
patcat88

join:2002-04-05
Jamaica, NY
kudos:1
said by kamm:

Jesus, sweet ignorance.
I bet you live in some fuckin remote place - visit NYC and you'll realize nobody has to go to anywhere, I can see 10+ wifi connection in my home and I live in nice brownstone area, on the corner of the best park in NYC, not in a multi-dwelling apt building area where literally hundreds of wifi APs are within connection range...

...outside of your shack WEP is fuckin dead, try to understand it. Use it in any urban area and you get your @ss owned within days.
Union Square (NYC), each corner of the park has 250 APs visible, chance of connecting to any of them, zero b/c of noise levels.

AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

Re: Not again...

said by patcat88:

said by kamm:

Jesus, sweet ignorance.
I bet you live in some fuckin remote place - visit NYC and you'll realize nobody has to go to anywhere, I can see 10+ wifi connection in my home and I live in nice brownstone area, on the corner of the best park in NYC, not in a multi-dwelling apt building area where literally hundreds of wifi APs are within connection range...

...outside of your shack WEP is fuckin dead, try to understand it. Use it in any urban area and you get your @ss owned within days.
Union Square (NYC), each corner of the park has 250 APs visible, chance of connecting to any of them, zero b/c of noise levels.
A directional antenna cuts through all of that.
k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL
said by AVD:

said by k1ll3rdr4g0n:

You know this stuff is really starting to *bug* me. Left and right I always see "WEP insecure don't use it", blah blah blah.
Anyone with fingers and more than 2 braincells to rub together will realize you can't just crack wireless APs with off the shelf wireless cards (at least the vast majority).
You mean the vast majority of G cards cant go into promiscuous mode, but I'm sure you can get lots of hardware out there on the internet that can. WEP is dead. obsolete.
I'm sure too, but what is the average person going to do?
Little Johny's dad isn't going to special order a card over the internet, hes going to walk in to bestbuy and grab a card off the shelf (if not already integrated). Remember I'm not talking about Big Johny with daddy's credit card, I'm talking about the average person.

If WEP is dead then why did Nintendo "embrace" it with the Nintendo DS?

said by kamm:

said by k1ll3rdr4g0n:

You know this stuff is really starting to *bug* me. Left and right I always see "WEP insecure don't use it", blah blah blah.
Anyone with fingers and more than 2 braincells to rub together will realize you can't just crack wireless APs with off the shelf wireless cards (at least the vast majority). That means that your neighbor is probably not going to be a "WEP cracker", so its safe to use WEP in a residential area. I'll bet anyone's neighbor here probably only knows the basics of Word. I would use something more industrial in a apartment area though; as since your signal can encompass more people...but in a urban/rural residential area where there is considerate amount of space between houses WEP is enough to keep the average doodle head from connecting to your wifi and thinking its his.
But again why are we even talking about this when the vast majority of people don't even use any protection at all! (Just walk down your street with your laptop, I'll bet you will find at least one open AP with a internet connection.)

I am NOT saying it isn't hackable, but for the amount of time it takes...I think some "researchers" are stretching the truth. Somehow I doubt someone can crack a 128bit wep key in a matter of minutes on the average laptop. And for the people that say that WEP is really insecure...again in an urban/rural area is there actually people going around *wasting* their time sitting in a car just to see if they can crack your WEP key? If they are I haven't seen any. If anything they would be driving around trying to find an open wifi AP.
Jesus, sweet ignorance.
I bet you live in some remote place - visit NYC and you'll realize nobody has to go to anywhere, I can see 10+ wifi connection in my home and I live in nice brownstone area, on the corner of the best park in NYC, not in a multi-dwelling apt building area where literally hundreds of wifi APs are within connection range...

WEP is fuckin dead. Use it in any urban area and you get your @ss owned within days.
Yes! Another person who doesn't read posts!
If you read my post I said that you should something else in an apartment area. And I like the use of "curse" words...hmmm. Oh and btw, I have been using WEP for years and no one ever got into my APs, what do you say to that? (I live in an urban/rural area like I talked about in my post...).

said by kamm:

said by jmn1207:

said by AVD:

You mean the vast majority of G cards cant go into promiscuous mode, but I'm sure you can get lots of hardware out there on the internet that can. WEP is dead. obsolete.
Probably so, but it's perfect for making sure the old retired couple next door doesn't accidentally connect to my wireless network, and it still allows the fastest transfer speeds considering the tiny overhead it creates.

We are talking about your neighbors with a few Dell computers that have very little understanding of networking protocols. WEP is an obsolete security measure, but it can be used to prevent a neighbor from inadvertently hijacking your connection, while still making it simple for your guests to be able to connect without having to delve into the router's advanced feature settings.
This is the type of soft nonsense that gives people some ver false sense of security - it's BS, sorry, people should drop WEP altogether, period.
Why? Because you say so? Because the neighborhood tech guy says so? Because geek squad says so?
If it works in residental areas, why should they use anything different? Oh I know because everyone has bought a wireless card from the internet that can go into "promiscuous mode" right? Better watch out your neighbor might also be a computer hacker too!

said by jhegfwsa56 :

The correct word is minutes not days WEP can be cracked in way less than an hour with REGULAR hardware available at ANY store just pick the right model and that's it. Every store probably have at least two models ready to crack you POS WEP encryption.
Really? So I can go pickup a Linksys G card and I'm set?

said by patcat88:

said by kamm:

This is the type of soft nonsense that gives people some ver false sense of security - it's BS, sorry, people should drop WEP altogether, period.
WEP isn't security, its avoidance. If someone has the time they will get in easily, but it will keep the vast majority of problems away.
I think you just proved what I was saying. Is someone really going to sit outside your house with their laptop just to get into your network?

I think we should all rethink what we are talking about. jmn1207 has the right idea:
said by jmn1207:

Well, WPA was significantly slower in my experience with the equipment we mostly used. And of these two, if anyone really was interested in hacking into my network, neither would be worth a crap. So I went with the fastest performer of the 2 I had available.
If someone REALLY WANTS to get into a network, they will find a way. I don't care about time, if someone is dead set into getting into your network (wireless or not) they will get into it. Majority of technology out there will keep the script kiddies at bay, but a hard veteran that knows what he is doing will get into your WEP/WPA/WPA2 network. But the same arugment I made eariler can be applied again: What does the average person have and know? The average person doesn't know jack about computers. Is the average person actually going to go out of their way just to learn how to crack your wireless? Possiblly, if you piss them off or something...but generally not.

Everyone here is treating the average person as some script kiddie who has access to their parents credit card, which this is NOT the case. If it was, then how come entities like geek squad are able to make so much money off of people (and charge ungodly rates to do it)?

AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

Re: Not again...

Why encrypt? If you want to keep the old lady off your network just turn of your SSID and mac filter.

jmn1207
Premium
join:2000-07-19
Ashburn, VA
kudos:1

Re: Not again...

said by AVD:

Why encrypt? If you want to keep the old lady off your network just turn of your SSID and mac filter.
A guest with a wireless device can easily connect without having to mess with the MAC list. I don't allow the router settings to be changed from a wireless device, and I might not want to fire up my computer just so my friend can use his blackberry over my network. I keep my current WEP key written down on sticky note in that kitchen drawer with the rubber bands and the other weird junk. Simple and effective, but still not a "security" measure, like I thought was explained before.
beaups

join:2003-08-11
Hilliard, OH
about any Atheros based card will work here..frankly I think nearly any card works with the linux tools, although many crack slower than others due to lack of injection support. also, how do you know nobody has been on your access point? they could have spoofed your mac or cleared your logs for you. lastly, THE DANGER IS NOT THEM BORROWING YOUR CONNECTION it's sniffing all of your traffic. If you don't think this happens, then you don't think.

AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

Re: Not again...

said by beaups:

THE DANGER IS NOT THEM BORROWING YOUR CONNECTION it's sniffing all of your traffic. If you don't think this happens, then you don't think.
only if you transmit sensitive information in the clear...
k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL
said by beaups:

about any Atheros based card will work here..frankly I think nearly any card works with the linux tools, although many crack slower than others due to lack of injection support. also, how do you know nobody has been on your access point? they could have spoofed your mac or cleared your logs for you. lastly, THE DANGER IS NOT THEM BORROWING YOUR CONNECTION it's sniffing all of your traffic. If you don't think this happens, then you don't think.
Oh your telling me my neighbor is a computer hacker that is trying to hack into my AP? Please I had to go over there numerous times because he installed malware onto the computer (oh and at the time he only had like a 800mhz computer where that was the only computer that was connect to broadband)...the other neighbor had a comcast truck out numerous times a long time ago.
Well considering that the AP has a username/password combo that is not using default username/password, it would be really hard for them to get in, login to the router admin page, clear the logs. Plus the firmware I'm using tells me every connected client regardless if they are using a static IP address. Why don't I add yet another level of security nuttiness to the mess? So lets say I have syslog server running on machine X. This "hacker" would have to crack my WEP, crack the username/password for my AP, figure out the syslog server address, crack the syslog server's SSH username/password and clear the logs. I could take a step further but I think I have already provide how obsurbed this whole game we call security can get.

Should I believe everyone of my neighbors is a computer hacker out to get me? No, because then I will just be like all the other security nuts out there. I don't know how often the "WEP is bad" people go outside their houses to socialize but the majority of people today can barely use a computer let alone run any hacking/cracking tools. Just look at the number of script kiddies today that go on forums and just ask "how do I crack WEP?" without doing any research on their own.

People only believe what they are told and hear, it seems nowadays only few people actually think for themselves and take in all the facts to draw their own conclusions. Just because you read some report or paper saying WEP is bad, or cracked doesn't mean that it is a plague you should avoid at all costs. I'm sure that this is a reason why some people didn't buy a Nintendo DS, because they were so caught up in their own disinformation and believed that if they used WEP that their neighbor would crack it and jump on it (or bought it and is just never going to use the wifi feature, which is completely stupid imho). I once read a mention of a paper that MD5 is cracked, did I immediately stop using MD5 hash in any programs I use? No, because for one I never *saw* the paper, it was only mentioned by some site that said some people had cracked it. And for 2 I found it to be tested and proven, especially when you use "salt", it makes it pretty hard for someone to brute force a hash when you have "salted" it.

Read the facts, but apply the facts to different situations and you will go far. Facts are not just cut and dry apply-to-every-case. Example: A friend tells you fries taste bad at mcdonalds, are you immediately going to assume that fries taste bad at every mcdonalds? For the sake of your intelligence, I hope not. At the very least you should at least go out and try for yourself. Just because someone says WEP is bad or insecure, should you immediately assume that WEP is bad in every instance? Rhetorical question for the few who do read everything in a post.

Oh well, I doubt only a handful of people will read my post and actually learn a morale lesson, the rest will just jump out and say "but WEP is INSECURE" (in caps of course).
beaups

join:2003-08-11
Hilliard, OH

Re: Not again...

you are still missing the point. Hacking into your ap is one thing, cracking your wep and then sniffing all of your traffic is the real risk. And it doesn't need to be your neighbor, with a good directional antenna it could be someone nearly a mile away.

Please tell me what "facts" I need to read.

The FACT is wep is insecure, and by using it you are merely making it mildly more inconvenient to sniff your traffic. This is not an opinion (like your mcdonalds analogy), it is a FACT...
k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL

Re: Not again...

said by beaups:

you are still missing the point. Hacking into your ap is one thing, cracking your wep and then sniffing all of your traffic is the real risk. And it doesn't need to be your neighbor, with a good directional antenna it could be someone nearly a mile away.

Please tell me what "facts" I need to read.

The FACT is wep is insecure, and by using it you are merely making it mildly more inconvenient to sniff your traffic. This is not an opinion (like your mcdonalds analogy), it is a FACT...
Then can we also agree WPA is insecure as that can also be cracked.
And YOU are missing the point. Is the average person really going to go out and buy an antenna just to crack a random AP to just sniff traffic?
And I never said it was "secure", I'm just saying its not something that you need to ranting about how your "neighbors can easily crack it".

Oh hey look at that WPA seems to be just as "secure" as WEP.
»www.mirrors.wiretapped.net/secur···wpa.html

So, from that should we assume that WPA is "insecure" too? No, it still takes time and money to do that. I can almost say that if you just goto BestBuy and grab a linksys card and pop it into your laptop...it probably wont work.

Btw, your argument really breaks down as "sensitive" stuff like banking and online purchases is almost never sent in clear text. Ok, fine you have my forum account at forum-world.com but is that really something someone is going to go out of their way to get? God, I hope not, for their sake I hope they have better things to do in their free time. Want a copy of my porn collection too?
beaups

join:2003-08-11
Hilliard, OH

2 edits

Re: Not again...

WPA/WPA2 (if implemented PROPERLY) is quite secure. While of course no security is truly bullet proof, WEP takes literally just a couple minutes to crack.

Dealing with identity theft, while a bank password may or may not be sent in clear text, if you look at many users' habits with passwords it doesn't take long to figure things out. also, simply knowing enough about a person could lead to identity theft, whether they have your passwords or not. For example, a sniffer could know who you bank with, who your car loan is with, your employer, all your credit card institutions, etc. on top of that when you enter your password onto dslreports.com maybe that's the password for some of these other sites. likely your email PW gets sent in plain text so maybe the thief goes to your banking site and clicks the "forgot password" link and checks your email for you and resets it....

The point is, WPA2 is just as easy to setup as WEP...so why not use it? (Unless of course you have a wii).

jmn1207
Premium
join:2000-07-19
Ashburn, VA
kudos:1

Re: Not again...

said by beaups:

The point is, WPA2 is just as easy to setup as WEP...so why not use it? (Unless of course you have a wii).
I'm fairly certain that I mentioned that WPA was slower than WEP with the devices/equipment that I use, and if anyone has an interest and knows how to crack WEP, I betcha they read up a little on WPA too. This is not my catch-all security implementation, it's simply used to keep ignorant people from connecting to my network after stopping at Best Buy to go wireless.
beaups

join:2003-08-11
Hilliard, OH

Re: Not again...

wpa2 has no loss in performance. yes you did mention it, you are just incorrect.
k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL

1 edit

Re: Not again...

said by beaups:

wpa2 has no loss in performance. yes you did mention it, you are just incorrect.
»www.keenansystems.com/WLAN_perfo···bled.htm
So where is your proof saying WPA has no loss in performance?
So how do you say, "you are just incorrect".

Though kinda revelant:
»ubuntuforums.org/showthread.php?t=102721
Expand your moderator at work
beaups

join:2003-08-11
Hilliard, OH

Re: Not again...

1mbps loss??? anyhow, I'll say now for the 3rd or 4th time...WPA2 not WPA. most reviews will show you there is no performance loss in WPA2. note also they are comparing WPA to no encryption at all...not WPA vs. WEP.

I read this somewhere once:

"Arguing on the internet is like competing in the special olympics even if you win, you're still a retard"

This applies to both of us
beaups

join:2003-08-11
Hilliard, OH
you should watch the video again. that WPA was broke because the person who setup the AP is an idiot and used a dictionary password and a standard ssid.

set up your ssid as asdjflksafjdk and a password of asdjflkasdj771KK///jjk889 and watch it take a month to crack.
Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1
WPA is secure enough to day to day use but i also know that no amount of security will keep out someone who really really wants my data.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports

Secure

@rr.com

A secure wireless connection

All I hear about is people cracking what is being done to prevent or create a more secure wireless experience?

What about Quantum cryptography why can't that be implemented in wireless devices?

»www.theinquirer.net/gb/inquirer/···lly-safe

At least make it a waste of time for users trying to freeload or conduct illegal activity, make it more difficult for them to crack it say 3 hours and then have your key or pass phrase rotated every hour and make you log in each session or something like that.

Would it be worth a hackers trouble to hack into a system when they will loose the lease in less than an hour?

With a better defense 2 or 3 hours would make it useless for a hacker to try and pick on your network nothing to see here move on approach.

I would like to learn how to break the encryption so I can learn how to try and come up with a solution or at least see what steps I could take to make it take longer to crack. Eventually enough people will be aware of the security holes and may decide to go wired as the safe way until the community of Genius figures out a way to make it a little more safe give us more time to track these intrusive bugs tools ect..

jjoshua
Premium
join:2001-06-01
Scotch Plains, NJ
kudos:3

Re: A secure wireless connection

said by Secure :

What about Quantum cryptography why can't that be implemented in wireless devices?
I believe that quantum cryptography uses photons, not electromagnetism.

blueeyesm

join:2003-09-05
Waterloo, ON

If a GPU can be used to decrypt..

..why hasn't someone come with a method for a GPU to ENcrypt as well?

Sounds like it may be time to have a box acting as an AP that, once (honest) clients have successfully connected, be able to auto-generate and update the new encryption every xx minutes?

Or, maybe its time the average Joe stops being so damned lazy about their access security...

•••

pooperscooper

@algx.net

jjoshua

What do you think photons are made out of exactly?
RandSec

join:2008-10-10

Scare Tactics

Note that "an astonishing 10,000 percent" is a somewhat less astonishing 100 times, and represents a search space reduction of less than 7 bits. This is compared to 128 key bits for WPA and 256 key bits for WPA2.
For users with long random keys, any straightforward computational improvement (such as huge banks of massively parallel machines) is insignificant. The problem is to get people to take advantage of the available key bits by using long random keys which nobody can remember. One solution may be to introduce users to a key manager (like Password Safe) on a flash drive.
WEP is "broken" in the sense that it may be faster to use modern attack tools to expose a WEP key than to copy it over manually.
Pv8man

join:2008-07-24
Hammond, IN

256 bit

I can crack 256 bit WEP in under an hour WITHOUT a NVidia card, by using the chop-chop attack built into aircrack-ng suite that comes with backtrack3.

You can keep sending forged authentication packets to the AP in an attempt to keep your MAC active.

But for those of you who say just use a MAC filter.
Your MAC address could easily be seen in the air and spoofed, right after you de-auth the original client of whom you are cloning .
beaups

join:2003-08-11
Hilliard, OH

Re: 256 bit

256bit wep? lol
TheMG
Premium
join:2007-09-04
Canada
kudos:3

1 recommendation

Meh...

Wired FTW. I just can't go without my gigabit ethernet!

DeeplyShrouded

@comcast.net

Does it matter? Of course it does....

Sure if you have someone that is determined enough to sit
outside your house to steal your data, then it all makes
sense. How many cases have you heard about where the cops
nail some schmuck sitting in a car with a laptop?
There have been a few, do they take the time to go around
cracking WEP etc etc? No. They just move on to an easier
target. There are plenty of places that offer free wifi,
some hotels and restaurants, libraries....the list goes on.
The only reason someone would have to try to crack your
encryption is because you have something very valuable that
they want. What's that you ask? Your identity.
Here on the news, someone broke into a company and stole the
company gas card. They still haven't been caught yet there is surveillance video of the break in, surveillance video
of the card being used at various stations, a description
of the person, the SUV they're driving and they STILL
haven't been caught. A suspicious car sitting in a
neighborhood, of course the cops are going to be called.
Someone sitting in an apartment behind closed doors
accessing their neighbor's network? Yeah, the cops are
really going to show up for that. Unless there is massive
downloading where the connection is maxed out 24/7, I
doubt the neighbor would even know that someone is using
the connection. A true hacker does no harm to a system.
Personally, I'd like to see all this NVIDIA processing
power be put to good use. Cancer research perhaps?

--Deeply Shrouded & Quiet
--Central Control! D-Dial #49

beppez

@l.telecomitalia.it

mmm

aes and rsa is not secure.
bruteforce (or factoring bruteforce) is always possible use a large key!!!

»www.rsa.com/rsalabs/node.asp?id=2964

quantum criptography is fantsy,

blowfish 448 bit is great!( bruteforcing is hard)

use ecc algoritm for securing for now