[Tfug] Why would *anyone* leave a door open?

Jordan Aberle jordan.aberle at gmail.com
Thu Aug 27 18:43:35 MST 2009


WPA2 Pre-shared key can be anywhere from 8 - 63 characters long.  If it's a
simple word in lower case and you are able to capture the four way handshake
then sure it can be cracked but anything halfway complex over the 8
character limit is going to be close to impossible.  Dictionary attack is
required.
http://lastbit.com/pswcalc.asp

<http://lastbit.com/pswcalc.asp>Have fun ;)

On Thu, Aug 27, 2009 at 6:29 PM, Jordan Aberle <jordan.aberle at gmail.com>wrote:

> WPA-TKIP is cracked by capturing the authentication handshake between the
> client and the router, when you have captured the "handshake" the key can be
> cracked by brute force.  If the password the router is using does not match
> the password in your dictionary file it will not beable to crack the key.
>
> If you use WPA2 or WPA mixed with AES(CCMP) you will not be hacked unless
> the wireless key matches a word in a dictionary file.  These are still
> secure methods if you set them up properly, the only downfall is that not
> all wireless cards support CCMP.
>
> Stating that all modes of wpa/wpa2 are insecure is just not accurate.
>
> On Thu, Aug 27, 2009 at 5:43 PM, Bexley Hall <bexley401 at yahoo.com> wrote:
>
>> Hi Zack,
>>
>> > > There are advantages to wired connections...  :-(
>> >
>> > Exactly.  If you can wire, do it.
>>
>> A note from my bank encouraging me to sign up for "on-line
>> banking"  (saves *them* the cost of printing and mailing me
>> a paper statement -- but what does it *get* me??!).
>>
>> In essence, they want to scare me into thinking some guy is
>> going to drive down my street on *the* day when that bank
>> statement is placed in my mailbox *after* the postal carrier
>> has delivered it and *before* I have retrieved it from the box.
>> I.e., "you are at risk for identity theft!!!!!"
>>
>> Of course, they fail to point out how having my account
>> information on-line makes that window of opportunity much
>> wider (i.e., any time day or night you have access to those
>> statements) *and* allows anyone ANYWHERE to go poking around
>> (instead of forcing that thief to have deliberately targeted
>> *my* street/mailbox).
>>
>> > The worst part of this is the stupid "oh yeah, we support WiFi"
>> > printers, game consoles (I'm looking at you Nintendo DS), etc. that
>> > support either unencrypted or WEP only...   Way to encourage bad
>> > behavior.
>>
>> Exactly.  I keep my WAP turned off unless I absolutely need
>> it.  Most of the time, I connect my laptop with a cable at a
>> nearby jack (I have something like 27 drops around the house).
>> If push comes to shove, I'll drag a 50 foot cable out so I can
>> avoid going wireless.
>>
>> *Or*, use a PLC modem (vulnerable but not nearly as much so as a
>> wifi card!).
>>
>> People get used to using a certain type of technology and
>> eventually forget the cautions *against* using it.  So, "good
>> practices" quickly become risky ones.  :-/
>>
>>
>>
>>
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20090827/fe689d3c/attachment-0002.html>


More information about the tfug mailing list