|
WPA CrackSo this basically means that someone can't sniff my data but they can get on my network....Correct? | |
|
| FFH5 Premium Member join:2002-03-03 Tavistock NJ 1 edit |
FFH5
Premium Member
2008-Nov-6 5:37 pm
Re: WPA Cracksaid by Sacurtis:So this basically means that someone can't sniff my data but they can get on my network....Correct? Not exactly. They can see the data that is going TO the PC from the wireless router. They just can't see the data flowing FROM the PC back thru the router to the web host. | |
|
| danza Premium Member join:2002-08-23 |
to Sacurtis
Seems like it.
They didn't mention AES at all in the article though. | |
|
| | |
| KearnstdSpace Elf Premium Member join:2002-01-22 Mullica Hill, NJ |
to Sacurtis
so they cracked it but it is still more secure then WEP. id still compair WPA-TKIP to a deadbolt on your door and no windows in reach of ground level. someone can get in but they have to work at it.
WPA2-AES is more like a motion sensing machinegun on the roof. | |
|
| | |
Re: WPA CrackWhat is no wireless then (only a hardwired lan)? :-P | |
|
| | | |
Re: WPA Cracksaid by QuakeFrag:What is no wireless then (only a hardwired lan)? :-P Smart ? | |
|
| | | fireflierCoffee. . .Need Coffee Premium Member join:2001-05-25 Limbo 1 edit
3 recommendations |
to QuakeFrag
said by QuakeFrag:What is no wireless then (only a hardwired lan)? :-P Pissed off midget with a flamethrower. | |
|
| | | | |
Midget
Anon
2008-Nov-6 8:35 pm
Re: WPA Cracksaid by fireflier:said by QuakeFrag:What is no wireless then (only a hardwired lan)? :-P Pissed off midget with a flamethrower. LOL! | |
|
| | | maartenaElmo Premium Member join:2002-05-10 Orange, CA |
to QuakeFrag
said by QuakeFrag:What is no wireless then (only a hardwired lan)? :-P Ford Knox, surrounded by a mile-wide moat, filled with mines and other unpleasantries. | |
|
| | | | |
GOtomtomGO
Anon
2008-Nov-8 7:46 am
Re: WPA Crackthen i have mines.. and they're GREAT!! | |
|
| | TheMG Premium Member join:2007-09-04 Canada MikroTik RB450G Cisco DPC3008 Cisco SPA112
1 edit |
to Kearnstd
said by Kearnstd:id still compair WPA-TKIP to a deadbolt on your door and no windows in reach of ground level. Well, I'm not sure if I'd compare it to a deadbolt. I can pick the lock on a standard deadbolt in just a couple minutes using makeshift tools. I'm no locksmith either. And this WPA cracking isn't quite available to the masses either, unlike WEP cracking. Unless of course the key is a weak one, in which case it can be brute forced within a reasonable time frame. Good luck brute forcing a WPA key of 63 random characters (I think that's what the max is). | |
|
| BIGMIKEQ Premium Member join:2002-06-07 Gainesville, FL |
to Sacurtis
Hacking Wireless Network is old news Apr 05, 2005 Feds Hack Wireless Network in 3 Minutes » hardware.slashdot.org/ar ··· from=rssTurbo-charged wireless hacks threaten networks Graphics cards encryption skulduggery By John Leyden Get more from this author Posted in Enterprise Security, 10th October 2008 12:25 GMT » www.theregister.co.uk/20 ··· hacking/The latest graphics cards have been used to break Wi-Fi encryption far quicker than was previously possible. Some security consultants are already suggesting the development blows Wi-Fi security out of the water and that corporations ought to apply tighter VPN controls, or abandon wireless networks altogether, in response | |
|
| | |
Re: WPA CrackYour first example is about cracking WEP which is old news. This article is talking about cracking WPA, so they are not related.
You second example is not really cracking the WPA key, it's just a faster brute force attack. | |
|
| | |
to BIGMIKE
Let's say I had a computer with two graphics cards, why can't someone come up with a way to use one of the graphics cards ( or some card that could be installed in a slot ) when it is idle or lightly used, to encrypt data ? | |
|
| | | StefaniaJezu Chryste, Kubi Premium Member join:2003-03-17 Chicago, IL |
Stefania
Premium Member
2008-Nov-6 7:14 pm
Re: WPA CrackApple is doing something very similar to what you describe, or at least they're making it possible. » en.wikipedia.org/wiki/OpenCL | |
|
| | | | |
Re: WPA CrackThis is the same concept as a Cisco card that is used, an AIM module, which offloads the encryption onto that processor to take away from the main CPU.
Long ago, this is old technology, and can certainly be applied to wireless networks.
If you are that paranoid then simply create a VPN, dial into the VPN over the encrypted wireless access point, and then they would have to break the wireless and the extremely complex encryption with 3DES and other complex technologies long developed.
Geez... | |
|
| | | | |
| | | ·Consolidated Com.. ·Republic Wireless ·Hollis Hosting
|
to cooperaaaron
said by cooperaaaron:some card that could be installed in a slot ) when it is idle or lightly used, to encrypt data ? The problem is not encryption it is key management. AES is very secure. Key management is is the weak point of most privacy schemes. The Enigma machines used by Germany during WWII were quite good. It was the way Germans created the daily key that allowed Alan Turing to crack the codes. If Germans used better keys and prefixed messages with random data (like the Allies did) most likely even the brilliant Turning would have been stymied. /tom | |
|
| | |
Rabbit7766 to BIGMIKE
Anon
2008-Nov-7 12:16 pm
to BIGMIKE
err...thats WEP hacking in 2005. this is WPA cracking, slighty more complex, but still easy to do. | |
|
|
WPA2Soon enough WPA will be the new WEP. Thank goodness for another change of style, AES. Is there any word on a WPA3 (or whatever the next gen might be). | |
|
|
tmh
Anon
2008-Nov-6 5:39 pm
Not newsTKIP has its foundations in WEP. The main improvement being that a new key was generated every X minutes. It looks like someone's figured out a faster way to break WEP? True? Looks like AES is still secure. | |
|
| FFH5 Premium Member join:2002-03-03 Tavistock NJ
2 recommendations |
FFH5
Premium Member
2008-Nov-6 5:47 pm
Re: Not newssaid by tmh :TKIP has its foundations in WEP. The main improvement being that a new key was generated every X minutes. It looks like someone's figured out a faster way to break WEP? True? Looks like AES is still secure. Even if you are using WPA/TKIP, you can still better your odds by changing the "Key Renewal interval" in the wireless router from the usually default 3600 secs(60 mins) down to say 600 secs(10 mins). That should bring it under the time needed to crack the key. By the time they crack the key, it would already be changed. | |
|
| |
1 recommendation |
tmh
Anon
2008-Nov-6 6:04 pm
Re: Not newssaid by FFH5: Even if you are using WPA/TKIP, you can still better your odds by changing the "Key Renewal interval" in the wireless router from the usually default 3600 secs(60 mins) down to say 600 secs(10 mins). That should bring it under the time needed to crack the key. By the time they crack the key, it would already be changed. Tis funny you mentioned that. 5 years ago when I was running TKIP routers, I switched the key interval to 300 seconds. It wasn't adversely performance, so I figured "why not?". tmh | |
|
| | ·Consolidated Com.. ·Republic Wireless ·Hollis Hosting
|
to FFH5
said by FFH5: By the time they crack the key, it would already be changed. That does not address the problem. Since previous transmissions can be recorded it does not matter (within reason) how long it takes the attacker to crack encryption. Once cracked plain text is readable. Whatever was communicated is now known to the attacker. /tom | |
|
| | | FFH5 Premium Member join:2002-03-03 Tavistock NJ |
FFH5
Premium Member
2008-Nov-6 10:04 pm
Re: Not newssaid by tschmidt:said by FFH5: By the time they crack the key, it would already be changed. That does not address the problem. Since previous transmissions can be recorded it does not matter (within reason) how long it takes the attacker to crack encryption. Once cracked plain text is readable. Whatever was communicated is now known to the attacker. /tom It does matter, because the data that has to be collected in order to successfully decrypt it exceeds a 12 to 15 min collection timeframe. If the key changes BEFORE they can collect 12 to 15 mins worth of data, then the decryption process won't succeed. At least that is how I understand the process from several different writeups. | |
|
| | | | ·Consolidated Com.. ·Republic Wireless ·Hollis Hosting
|
Re: Not newssaid by FFH5: If the key changes BEFORE they can collect 12 to 15 mins worth of data, then the decryption process won't succeed. At least that is how I understand the process from several different writeups. I am not a cryptanalysis nor do I play one on TV. My understanding is they spoof system into sending a big chunk of data, then it only takes 12-15 minutes to extract the key. If key is changed more often recovered key cannot be used to actively communicate but will be able to convert messages to plain text. As an aside WPA was always considered an interim scheme until WPA2 could be officially approved. This is an interesting, but not devastating, attack as I assume most sites are using WPA2 to replace WEP. /tom | |
|
| | | | | ieolusSupport The Clecs join:2001-06-19 Danbury, CT |
ieolus
Member
2008-Nov-7 9:19 am
Re: Not newsYou guys should stay at a Holiday Inn Express tonight and then come back here to finish the discussion tomorrow. | |
|
ftthzIf love can kill hate can also save join:2005-10-17 |
ftthz
Member
2008-Nov-6 7:02 pm
.intersting... means people have to upgrade to wpa2 | |
|
scooby Premium Member join:2001-05-01 Schaumburg, IL |
scooby
Premium Member
2008-Nov-6 7:30 pm
Everything is crackable...Like I have said for years now. If it is human made, a human can crack it. It is just a matter of time.
Obviously the amount of time depends on the level of interest.
R.I.P. CSS - 1999 R.I.P. WEP - 2001 R.I.P. AACS - 2007 R.I.P. BD+ - 2008
AACS and BD+ cracked for sure? Who knows but there are lots of programs out there to let you get around it. That is close enough in my book. | |
|
| |
Re: Everything is crackable...While what you say is true there is a world of difference between trying to protect mass produced media (impossible) and protecting messages between two parties (hard).
/tom | |
|
jca2050 Premium Member join:2002-02-04 Dallas, TX |
jca2050
Premium Member
2008-Nov-6 7:33 pm
WPAWPA is still very secure if you have a complicated and long pass code. If you make your pass code something like ">SADFJL#()@!)OFKasfjksF2390SATf923()!%#%>", that's pretty much a guarantee that no one will crack it unless they have rainbow tables and a lot of time on their hands.
WPA has been crackable for a long time, it just requires you to deauth a client, capture the 4-way handshake when they reconnect and crack it with aircrack. If the pass code is something easy like "password" then you can run a standard dictionary attack on it and crack it in a matter of minutes. Although this method only works on WPA-PSK (pre-shared key) if I recall correctly, but just about every WPA protected AP I've seen uses WPA-PSK. | |
|
| •••••••• |
|
WPA2 is fine.I use WPA2-AES with a randomly generated longass password. I figure it'll be a few more years for someone to crack that.
I suppose though, because cpu/power continutes to increase, the ease of brute force attacks gets easier. I guess they should start working on a WPA3. | |
|
| ••• |
1 edit |
TKIP+AESMy DD-WRT supports "TKIP+AES". Does the essentially double my protection? I don't really know what that means.
Edit: Just found out. "TKIP+AES" is there for mixed environments. It will try AES first and if your node doesn't support it, it will try TKIP. | |
|
jimmytjams Premium Member join:2006-12-23 Buffalo, NY |
IF you use MAC Address Filtering what is the effect?If you enable Enable MAC Address Filtering on a Westell verizon wireless router D90-327W15-06. Will this add enough protection in addition to a medium strenght WPA key to keep from being hacked into?
Thanks,
Joey | |
|
|
1 recommendation |
Re: IF you use MAC Address Filtering what is the effect?MAC address filtering adds almost nothing in the way of security if someone is actually interested in getting into your network. Spoofing a MAC address is trivial. | |
|
4 edits |
Almost a crackUsers using long random passwords have no reason to switch to AES yet.
These type of articles are nothing but FUD. The actual cipher is not broken, but rather a faster way of testing likely keys was found, and given a complex key this is inconsequential.
I think many people here to not realize that even the WEP encryption scheme which was BADLY flawed could offer good protection with the correct key.
with the maximum length key at random using all possible characters it took an ENORMOUS amount of weak IV's. Not the 1 million or so most web example showed with weak passwords but more like 20+ million weak IV's with a long random password, which was very unlikely on all but a few routers (new firmware made this very hard to reach by "packet injection")
In case anyone was wondering the statistical attack time went down as the weak iv count went up.
It would take an intruder months to collect that many weak IV's (depending on your browsing habits) | |
|
kyler13Is your fiber grounded? join:2006-12-12 Annapolis, MD |
Ultimate WPA securityThe Actiontec router I have is an absolute bear when it comes to trying to initiate a connection with WPA (current firmware issue). It doesn't want to auto-connect and pretty much never will acknowledge the handshake on the first try, despite the key being correct. I have to sit here and refresh my connections window sometimes a couple dozen times before the handshake works and the connection is made. LOL, that little "feature" probably makes my WPA connection nearly bullet-proof. | |
|
1 edit |
Not really any danger to users with some knowledgeThis applies only to WPA to begin with. Who still uses that in 2008? Even my router with WPA2 AES is older than I can remember(at least a couple of years).
WPA with good long random keys should take quit a while before they even become worth the effort. Anyone standing outside my house in a car for a week is likely to be considered suspicious. | |
|
| |
Re: Not really any danger to users with some knowledgeNot every user has knowledge, which is inevitable. Currently I live in an apartment complex, and I can see half a dozen routers open. The typical user doesn't configure a router, let alone know the difference between WEP, WPA, WPA2, TKIP, AES. So I'm sure there are plenty of people out there using WPA. | |
|
| TitusMr Gradenko join:2004-06-26 |
to I pos rep
said by I pos rep:This applies only to WPA to begin with. Who still uses that in 2008? My Linksys wireless print server. -- | |
|
|
well...hence why you disable SSID, and use mac adress authenication on top of everything else.. and it helps, and maybe disable dhcp and use a oddball numbering structure. | |
|
| beaups join:2003-08-11 Hilliard, OH |
beaups
Member
2008-Nov-7 12:39 pm
Re: well...ssid and mac filtering is a joke. disabling dhcp is just a mild additional hassle. | |
|
|
|
testing123
Anon
2008-Nov-7 12:40 pm
Mac spoofingIf you're not on the network yet, how would you know which mac to spoof? | |
|
ctceo Premium Member join:2001-04-26 South Bend, IN |
ctceo
Premium Member
2008-Nov-7 3:01 pm
No SupriseYou find a Lock, I'll get a pick. TKIP is no exception.
With near-on-the-fly decryption, government back-doors, decryption using more than one CPU, Other devices & constant eavsdropping/espionage/spying. Encryption has all but become a joke in most cases.
With the right hardware in place and know how, you can speed up that decryption time from 12 to 15 minutes to seconds. But in most cases where it is relevant, NotF Decryption has you beat anyway. | |
|
|
|