Welcome to the future: cloud-based WPA cracking is here
Welcome to the future: cloud-based WPA cracking is here
http://blogs.techrepublic.com.com/secur ... ag=nl.e036
[quote]....The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more “premium
[quote]....The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more “premium
Something does not add up here.
Dictionary attacks work on the assumption (if I'm not mistaken) that the passphrase is a word or combination of words with maybe a few variations like putting a "1" on the end. Such words are used so the passphrases are easy to remember.
But when setting up WPA wireless, you don't have to remember the password - the computer does that for you. So why would you use dictionary words for your WPA passphrase? Why not a long, random collection of gibberish characters that can't be found in any dictionary?
Dictionary attacks work on the assumption (if I'm not mistaken) that the passphrase is a word or combination of words with maybe a few variations like putting a "1" on the end. Such words are used so the passphrases are easy to remember.
But when setting up WPA wireless, you don't have to remember the password - the computer does that for you. So why would you use dictionary words for your WPA passphrase? Why not a long, random collection of gibberish characters that can't be found in any dictionary?
- Wheres One
- Posts: 215
- Joined: Fri 21 Nov 2008, 23:30
Ideally, yes; you would choose something that's essentially gibberish, so it isn't easily guessed. But lots of people are lazy, or just plain apathetic, and create a fantastically easy to guess (remember, they would say) password and so you have dictionary based attacks.
For example, you wouldn't believe how many Windows machines I've seen whose administrative passwords were "Administrator" or "123456."
For example, you wouldn't believe how many Windows machines I've seen whose administrative passwords were "Administrator" or "123456."
1. See:
LCD TV Sony Bravia KDL-32EX503: wireless connection.
When setting up my new D-Link DIR-615 wireless router, so that the new Sony TV could connect to the network, and get on the web...
The Sony rep. advised me to use a WEP64 key [5 characters only] rather than the WPA2-PSK setup I'd chosen.
I'm pretty clueless about such things, but believe that WEP64 isn't as good as WPA2-PSK.
Am I right?
LCD TV Sony Bravia KDL-32EX503: wireless connection.
When setting up my new D-Link DIR-615 wireless router, so that the new Sony TV could connect to the network, and get on the web...
The Sony rep. advised me to use a WEP64 key [5 characters only] rather than the WPA2-PSK setup I'd chosen.
I'm pretty clueless about such things, but believe that WEP64 isn't as good as WPA2-PSK.
Am I right?
Probably, part of the problem is that Windows idiotically does not let you see the WPA password you set. I don't know how many times I helped folks get on my wireless network by booting Puppy to find the password I had set for it, while looking on the Windows machines on the same network was pointless.
So if Windows does not let you see the password you set, people compensate by using simple, word-based passwords that they can remember and that are vulnerable to dictionary attacks.
I just knew Windows was at fault!
So if Windows does not let you see the password you set, people compensate by using simple, word-based passwords that they can remember and that are vulnerable to dictionary attacks.
I just knew Windows was at fault!
- Wheres One
- Posts: 215
- Joined: Fri 21 Nov 2008, 23:30
@ PaulBx1
That's one thing I've always thought to be funny about Windows. Why do they feel the need to hide everything 20 layers deep in an unreadable directory hierarchy and take away as much of the end-user's ability to configure things as they can? I suppose Microsoft knows what the end-user wants, not the end-user.
That's one thing I've always thought to be funny about Windows. Why do they feel the need to hide everything 20 layers deep in an unreadable directory hierarchy and take away as much of the end-user's ability to configure things as they can? I suppose Microsoft knows what the end-user wants, not the end-user.
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
You reset the router. They usually have one of those little buttons in the back that you need a pen to reach.Flash wrote:What do you do if the administrator chooses an unguessable password and then gets run over by a bus? Or, perhaps even worse, gets fired?
But if it's a situation where it is a very large complicated network and resetting would be a major problem, you would probably have two trustworthy administrators with the password to provide redundancy. That or it would be written down and stored in a secure location that another trustworthy (but perhaps not technically inclined) person would have the key to, so that they could give the password to the admin's successor.
But the above is more relevant to things like the router password, since anybody connecting to the network needs to know the network password/key (though with WPA I believe you can set it up so that different people have different keys, so that you can revoke a person's access without having to make everybody else redo their connection info).
As for Windows hiding wireless keys, you can probably find them in the registry if you know where to look (fire up regedit and try using the "find" feature, searching for the SSID). I've done this before on Windows2000, and I assume XP is the same. No idea about post-XP Windows versions.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Getting fired worse than getting ran over by a bus?Flash wrote:What do you do if the administrator chooses an
unguessable password and then gets run over by a bus? Or, perhaps
even worse, gets fired?
I never thought of it that way.
I knew a guy who got ran over by a bus and died. Unfortunately, I
was not afforded an opportunity to ask him how it worked out.
If you're fired, I think the first thing to do us deposit or even better,
cash your last checks.
Then, forget about it, put it all in the past.
If you do successfully forget about it, you won't be able to remember
trivia such as passwords, the reason being; you forgot about it.
~