[Tfug] Slightly OT crypto question (WiFi/WPA)

Jon bigj at voipmogul.com
Sun Dec 13 16:08:00 MST 2009


Tyler Kilian wrote:
> Lies!
>
> On Dec 13, 2009, at 10:22 AM, David Rice wrote:
>
>> I think that's a good password for dictionary attacks, but if your 
>> really concerned about other attacks then you need to log 
>> authentication attempts and alert on some sort of threshold of bad 
>> attempts, Long passwords won't cover deauthentication attacks, this 
>> is were you force the client to disconnect and you capture the 
>> authentication attempt, the brute force that using rainbow tables 
>> offline. So I would also hard code the mac addresses that you trust 
>> if your really worried about it.
>>
>> On Sun, Dec 13, 2009 at 9:51 AM, Jim March <1.jim.march at gmail.com 
>> <mailto:1.jim.march at gmail.com>> wrote:
>>
>>     Folks,
>>
>>     We all set up and run WiFi routers once in a while so this only
>>     slightly off-topic.
>>
>>     Dictionary attacks against WPA security are on the rise.  The
>>     latest trend:
>>
>>     http://news.techworld.com/security/3208347/new-cloud-hacking-service-steals-wi-fi-passwords
>>
>>     Throw enough MIPS at it, it'll break.
>>
>>     At this point, it still appears unlikely something like
>>     "5435GDS5YHFHJF37GFBA" will fall any time soon.  While
>>     "thesaurus" is meat for the beast.  My question is, what about:
>>
>>     ithinktucsonreallysucks
>>
>>     ?
>>
>>     In other words, phrases of that sort that contain dictionary
>>     words, but are not themselves in any possible dictionary.
>>
>>     How secure are they as compared to really randomized passwords?
>>
>>     Thanks,
>>
>>     Jim
>>
>>     _______________________________________________
>>     Tucson Free Unix Group - tfug at tfug.org <mailto:tfug at tfug.org>
>>     Subscription Options:
>>     http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>
>>
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org <mailto:tfug at tfug.org>
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>   
David knows nothing about Security, he's a Unix administrator ;)


-- 
Jon
www.VoIPmogul.com





More information about the tfug mailing list