[Tfug] Slightly OT crypto question (WiFi/WPA)

Sun Dec 13 10:54:26 MST 2009

Lies!

On Dec 13, 2009, at 10:22 AM, David Rice wrote:

> I think that's a good password for dictionary attacks, but if your  
> really concerned about other attacks then you need to log  
> authentication attempts and alert on some sort of threshold of bad  
> attempts, Long passwords won't cover deauthentication attacks, this  
> is were you force the client to disconnect and you capture the  
> authentication attempt, the brute force that using rainbow tables  
> offline. So I would also hard code the mac addresses that you trust  
> if your really worried about it.
>
> On Sun, Dec 13, 2009 at 9:51 AM, Jim March <1.jim.march at gmail.com>  
> wrote:
> Folks,
>
> We all set up and run WiFi routers once in a while so this only  
> slightly off-topic.
>
> Dictionary attacks against WPA security are on the rise.  The  
> latest trend:
>
> http://news.techworld.com/security/3208347/new-cloud-hacking- 
> service-steals-wi-fi-passwords
>
> Throw enough MIPS at it, it'll break.
>
> At this point, it still appears unlikely something like  
> "5435GDS5YHFHJF37GFBA" will fall any time soon.  While "thesaurus"  
> is meat for the beast.  My question is, what about:
>
> ithinktucsonreallysucks
>
> ?
>
> In other words, phrases of that sort that contain dictionary words,  
> but are not themselves in any possible dictionary.
>
> How secure are they as compared to really randomized passwords?
>
> Thanks,
>
> Jim
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20091213/5a3e250a/attachment-0002.html>