 | | WPA Crack So this basically means that someone can't sniff my data but they can get on my network....Correct? | |
|
 |  Romney2012Defeat Obama 2012-Chg we can believe inPremium
join:2002-03-03
USA
kudos:4
1 edit | Re: WPA Crack said by Sacurtis:So this basically means that someone can't sniff my data but they can get on my network....Correct? Not exactly. They can see the data that is going TO the PC from the wireless router. They just can't see the data flowing FROM the PC back thru the router to the web host.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? | |
|
|  danzaPremium
join:2002-08-23 | Seems like it.
They didn't mention AES at all in the article though. | |
|
| | |
| KearnstdElf WizardPremium
join:2002-01-22
Mullica Hill, NJ | so they cracked it but it is still more secure then WEP. id still compair WPA-TKIP to a deadbolt on your door and no windows in reach of ground level. someone can get in but they have to work at it.
WPA2-AES is more like a motion sensing machinegun on the roof.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports | |
|
| | | | Re: WPA Crack What is no wireless then (only a hardwired lan)? :-P | |
|
| | | Reviews:
 ·Comcast
| Re: WPA Crack said by swhitney2003:What is no wireless then (only a hardwired lan)? :-P Smart ?
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" | |
|
| | |  fireflierCoffee. . .Need CoffeePremium
join:2001-05-25
Limbo
1 edit | said by swhitney2003:What is no wireless then (only a hardwired lan)? :-P Pissed off midget with a flamethrower. | |
|
| | | | | | Re: WPA Crack said by fireflier:said by swhitney2003:What is no wireless then (only a hardwired lan)? :-P Pissed off midget with a flamethrower. LOL!  | |
|
| | |  maartenaElmoPremium
join:2002-05-10
Orange, CA
kudos:1
 ·AT&T U-Verse
 ·DIRECTV
| said by swhitney2003:What is no wireless then (only a hardwired lan)? :-P Ford Knox, surrounded by a mile-wide moat, filled with mines and other unpleasantries. | |
|
| | | | | | Re: WPA Crack then i have mines.. and they're GREAT!! | |
|
| | TheMGPremium
join:2007-09-04
Canada
kudos:1 Reviews:
 ·TekSavvy DSL
1 edit | said by Kearnstd:id still compair WPA-TKIP to a deadbolt on your door and no windows in reach of ground level. Well, I'm not sure if I'd compare it to a deadbolt. I can pick the lock on a standard deadbolt in just a couple minutes using makeshift tools. I'm no locksmith either.
And this WPA cracking isn't quite available to the masses either, unlike WEP cracking.
Unless of course the key is a weak one, in which case it can be brute forced within a reasonable time frame. Good luck brute forcing a WPA key of 63 random characters (I think that's what the max is). | |
|
|  BIGMIKEPremium
join:2002-06-07
Westminster, CA | Hacking Wireless Network is old news
Apr 05, 2005
Feds Hack Wireless Network in 3 Minutes
»hardware.slashdot.org/article.pl···from=rss
Turbo-charged wireless hacks threaten networks
Graphics cards encryption skulduggery
By John Leyden • Get more from this author
Posted in Enterprise Security, 10th October 2008 12:25 GMT
»www.theregister.co.uk/2008/10/10···hacking/
The latest graphics cards have been used to break Wi-Fi encryption far quicker than was previously possible. Some security consultants are already suggesting the development blows Wi-Fi security out of the water and that corporations ought to apply tighter VPN controls, or abandon wireless networks altogether, in response | |
|
| | | | Re: WPA Crack Your first example is about cracking WEP which is old news. This article is talking about cracking WPA, so they are not related.
You second example is not really cracking the WPA key, it's just a faster brute force attack. | |
|
| | | | Let's say I had a computer with two graphics cards, why can't someone come up with a way to use one of the graphics cards ( or some card that could be installed in a slot ) when it is idle or lightly used, to encrypt data ? | |
|
| | | |
| | | | Reviews:
·Armstrong Zoom ..
| Re: WPA Crack This is the same concept as a Cisco card that is used, an AIM module, which offloads the encryption onto that processor to take away from the main CPU.
Long ago, this is old technology, and can certainly be applied to wireless networks.
If you are that paranoid then simply create a VPN, dial into the VPN over the encrypted wireless access point, and then they would have to break the wireless and the extremely complex encryption with 3DES and other complex technologies long developed.
Geez... | |
|
| | | | |
| | |  tschmidtPremium,MVM
join:2000-11-12
Milford, NH
kudos:5
·Fairpoint Commun..
 ·Hollis Hosting
| said by cooperaaaron:some card that could be installed in a slot ) when it is idle or lightly used, to encrypt data ? The problem is not encryption it is key management. AES is very secure.
Key management is is the weak point of most privacy schemes. The Enigma machines used by Germany during WWII were quite good. It was the way Germans created the daily key that allowed Alan Turing to crack the codes. If Germans used better keys and prefixed messages with random data (like the Allies did) most likely even the brilliant Turning would have been stymied.
/tom | |
|
| | | | err...thats WEP hacking in 2005. this is WPA cracking, slighty more complex, but still easy to do. | |
|
| | WPA2 Soon enough WPA will be the new WEP. Thank goodness for another change of style, AES. Is there any word on a WPA3 (or whatever the next gen might be). | |
|
| | Not news TKIP has its foundations in WEP. The main improvement being that a new key was generated every X minutes. It looks like someone's figured out a faster way to break WEP?
True? 
Looks like AES is still secure. | |
|
| Romney2012Defeat Obama 2012-Chg we can believe inPremium
join:2002-03-03
USA
kudos:4 | Re: Not news said by tmh :TKIP has its foundations in WEP. The main improvement being that a new key was generated every X minutes. It looks like someone's figured out a faster way to break WEP? True? Looks like AES is still secure. Even if you are using WPA/TKIP, you can still better your odds by changing the "Key Renewal interval" in the wireless router from the usually default 3600 secs(60 mins) down to say 600 secs(10 mins). That should bring it under the time needed to crack the key. By the time they crack the key, it would already be changed.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? | |
|
| |
approval from:
Romney2012 
| Re: Not news said by Romney2012: Even if you are using WPA/TKIP, you can still better your odds by changing the "Key Renewal interval" in the wireless router from the usually default 3600 secs(60 mins) down to say 600 secs(10 mins). That should bring it under the time needed to crack the key. By the time they crack the key, it would already be changed. Tis funny you mentioned that. 5 years ago when I was running TKIP routers, I switched the key interval to 300 seconds. It wasn't adversely performance, so I figured "why not?".
tmh | |
|
| | tschmidtPremium,MVM
join:2000-11-12
Milford, NH
kudos:5 Reviews:
·Fairpoint Commun..
·Hollis Hosting
| said by Romney2012: By the time they crack the key, it would already be changed. That does not address the problem. Since previous transmissions can be recorded it does not matter (within reason) how long it takes the attacker to crack encryption. Once cracked plain text is readable. Whatever was communicated is now known to the attacker.
/tom | |
|
| | | Romney2012Defeat Obama 2012-Chg we can believe inPremium
join:2002-03-03
USA
kudos:4 | Re: Not news said by tschmidt:said by Romney2012: By the time they crack the key, it would already be changed. That does not address the problem. Since previous transmissions can be recorded it does not matter (within reason) how long it takes the attacker to crack encryption. Once cracked plain text is readable. Whatever was communicated is now known to the attacker. /tom It does matter, because the data that has to be collected in order to successfully decrypt it exceeds a 12 to 15 min collection timeframe. If the key changes BEFORE they can collect 12 to 15 mins worth of data, then the decryption process won't succeed. At least that is how I understand the process from several different writeups.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? | |
|
| | | | tschmidtPremium,MVM
join:2000-11-12
Milford, NH
kudos:5 Reviews:
·Fairpoint Commun..
·Hollis Hosting
| Re: Not news said by Romney2012: If the key changes BEFORE they can collect 12 to 15 mins worth of data, then the decryption process won't succeed. At least that is how I understand the process from several different writeups. I am not a cryptanalysis nor do I play one on TV. My understanding is they spoof system into sending a big chunk of data, then it only takes 12-15 minutes to extract the key. If key is changed more often recovered key cannot be used to actively communicate but will be able to convert messages to plain text.
As an aside WPA was always considered an interim scheme until WPA2 could be officially approved. This is an interesting, but not devastating, attack as I assume most sites are using WPA2 to replace WEP.
/tom | |
|
| | | | |  ieolusSupport The Clecs
join:2001-06-19
Duluth, GA | Re: Not news You guys should stay at a Holiday Inn Express tonight and then come back here to finish the discussion tomorrow.
--
"Speak for yourself "Chadmaster" - lesopp | |
|
 ftthzIf love can kill hate can also save
join:2005-10-17 | . intersting... means people have to upgrade to wpa2 | |
|
 scoobyPremium
join:2001-05-01
Schaumburg, IL
kudos:1 | Everything is crackable... Like I have said for years now. If it is human made, a human can crack it. It is just a matter of time.
Obviously the amount of time depends on the level of interest.
R.I.P. CSS - 1999
R.I.P. WEP - 2001
R.I.P. AACS - 2007
R.I.P. BD+ - 2008
AACS and BD+ cracked for sure? Who knows but there are lots of programs out there to let you get around it. That is close enough in my book. | |
|
| tschmidtPremium,MVM
join:2000-11-12
Milford, NH
kudos:5 | Re: Everything is crackable... While what you say is true there is a world of difference between trying to protect mass produced media (impossible) and protecting messages between two parties (hard).
/tom | |
|
jca2050Premium
join:2002-02-04
Hacienda Heights, CA Reviews:
·Verizon FiOS
| WPA WPA is still very secure if you have a complicated and long pass code. If you make your pass code something like ">SADFJL#()@!)OFKasfjksF2390SATf923()!%#%>", that's pretty much a guarantee that no one will crack it unless they have rainbow tables and a lot of time on their hands.
WPA has been crackable for a long time, it just requires you to deauth a client, capture the 4-way handshake when they reconnect and crack it with aircrack. If the pass code is something easy like "password" then you can run a standard dictionary attack on it and crack it in a matter of minutes. Although this method only works on WPA-PSK (pre-shared key) if I recall correctly, but just about every WPA protected AP I've seen uses WPA-PSK. | |
|
|
See 8 replies to this post |
|
Reviews:
·Shaw
·TELUS
| WPA2 is fine. I use WPA2-AES with a randomly generated longass password. I figure it'll be a few more years for someone to crack that.
I suppose though, because cpu/power continutes to increase, the ease of brute force attacks gets easier. I guess they should start working on a WPA3. | |
|
| | | Re: WPA2 is fine. said by zod5000:I use WPA2-AES with a randomly generated longass password. I figure it'll be a few more years for someone to crack that. I suppose though, because cpu/power continutes to increase, the ease of brute force attacks gets easier. I guess they should start working on a WPA3. Nah, a raw brute force on, say, 128 bit AES would take longer than the age of the universe (assuming a reasonably strong key). Then you have the Von Neumann-Landauer Limit to contend with. This principle says that it would take an inordinate amount of energy to do -- more than is available to anyone. Energy is a big problem with brute forcing large keys. There is simply no way around the 2nd law of thermodynamics (unless you want to take into account theoretical reversible computing).
This attack on TKIP appears to have been a result of a mathematical breakthrough (i.e. the researchers found an inherent weakness in the encryption cipher). Without these mathematical "breakthroughs" brute forcing is not feasible, not even with multiple supercomputers. | |
|
| | | | Re: WPA2 is fine. Quite right. I dont have the article to support this, but I read that if you take the worlds largest super computer, shrink it down to the size of a grain of sand, and then cover the earth it would still take millions of years to crack a full 128 bit AES... at least i think thats what it was. Either way, it is some miscomprehendable number.
Interesting thought about Von Neumann-Landauer limit and the second law of thermo... although does that take into account super conducting computers?
If this ultimately leads to a break in TKIP, that would be slightly unnerving. A break of AES would be down right disastrous. I hate to see what would happen if AES could be broken...
--
The early bird catches the worm, but the second mouse gets the cheese. | |
|
| | tschmidtPremium,MVM
join:2000-11-12
Milford, NH
kudos:5 Reviews:
·Fairpoint Commun..
·Hollis Hosting
| said by KodiacZiller: This attack on TKIP appears to have been a result of a mathematical breakthrough (i.e. the researchers found an inherent weakness in the encryption cipher). From my reading of the article this is an attack on key management not the AES cipher. Key management is much harder to do then developing a robust cipher. AES is probably good until Quantum computing is practical.
/tom | |
|
1 edit | TKIP+AES My DD-WRT supports "TKIP+AES". Does the essentially double my protection? I don't really know what that means.
Edit: Just found out. "TKIP+AES" is there for mixed environments. It will try AES first and if your node doesn't support it, it will try TKIP. | |
|
| | IF you use MAC Address Filtering what is the effect? If you enable Enable MAC Address Filtering on a Westell verizon wireless router D90-327W15-06. Will this add enough protection in addition to a medium strenght WPA key to keep from being hacked into?
Thanks,
Joey | |
|
| | | Re: IF you use MAC Address Filtering what is the effect? MAC address filtering adds almost nothing in the way of security if someone is actually interested in getting into your network. Spoofing a MAC address is trivial.
--
Therapy is expensive. Bubble wrap is free. | |
|
Reviews:
·RoadRunner Cable
4 edits | Almost a crack Users using long random passwords have no reason to switch to AES yet.
These type of articles are nothing but FUD. The actual cipher is not broken, but rather a faster way of testing likely keys was found, and given a complex key this is inconsequential.
I think many people here to not realize that even the WEP encryption scheme which was BADLY flawed could offer good protection with the correct key.
with the maximum length key at random using all possible characters it took an ENORMOUS amount of weak IV's. Not the 1 million or so most web example showed with weak passwords but more like 20+ million weak IV's with a long random password, which was very unlikely on all but a few routers (new firmware made this very hard to reach by "packet injection")
In case anyone was wondering the statistical attack time went down as the weak iv count went up.
It would take an intruder months to collect that many weak IV's (depending on your browsing habits) | |
|
 kyler13Is your fiber grounded?
join:2006-12-12
Arnold, MD | Ultimate WPA security The Actiontec router I have is an absolute bear when it comes to trying to initiate a connection with WPA (current firmware issue). It doesn't want to auto-connect and pretty much never will acknowledge the handshake on the first try, despite the key being correct. I have to sit here and refresh my connections window sometimes a couple dozen times before the handshake works and the connection is made. LOL, that little "feature" probably makes my WPA connection nearly bullet-proof. | |
|
1 edit | Not really any danger to users with some knowledge This applies only to WPA to begin with. Who still uses that in 2008? Even my router with WPA2 AES is older than I can remember(at least a couple of years).
WPA with good long random keys should take quit a while before they even become worth the effort. Anyone standing outside my house in a car for a week is likely to be considered suspicious. | |
|
| | | Re: Not really any danger to users with some knowledge Not every user has knowledge, which is inevitable. Currently I live in an apartment complex, and I can see half a dozen routers open. The typical user doesn't configure a router, let alone know the difference between WEP, WPA, WPA2, TKIP, AES. So I'm sure there are plenty of people out there using WPA. | |
|
|  Titus PulloI came, I saw, I slept
join:2004-06-26
kudos:1
·Embarq Now Centu..
| said by I pos rep:This applies only to WPA to begin with. Who still uses that in 2008? My Linksys wireless print server.
-- | |
|
| | well... hence why you disable SSID, and use mac adress authenication on top of everything else.. and it helps, and maybe disable dhcp and use a oddball numbering structure. | |
|
| beaups
join:2003-08-11
Hilliard, OH | Re: well... ssid and mac filtering is a joke. disabling dhcp is just a mild additional hassle. | |
|
|
| | Mac spoofing If you're not on the network yet, how would you know which mac to spoof? | |
|
|
|
|
·