Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 22 Sep 2014, 00:32
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Welcome to the future: cloud-based WPA cracking is here
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11069
Location: Arizona USA

PostPosted: Tue 27 Jul 2010, 21:32    Post_subject:  Welcome to the future: cloud-based WPA cracking is here  

http://blogs.techrepublic.com.com/security/?p=4097&tag=nl.e036
Quote:
....The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more “premium” price of $35, you can get the job done in about half the time....It gets even better. If you try the standard 135-million-word dictionary and do not crack the WPA encryption on your target network, there is an extended dictionary that contains an additional 284 million words. In short, serious brute force wireless network encryption cracking has become a retail commodity.....The interface is simple and clean, and the service does not require any more information from its users than an email address to deliver the results, the network’s ESSID, and a network traffic capture that includes the encrypted WPA handshake. Payment information is handled by Amazon.....
Back to top
View user's profile Send_private_message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Sat 31 Jul 2010, 15:31    Post_subject:  

Something does not add up here.

Dictionary attacks work on the assumption (if I'm not mistaken) that the passphrase is a word or combination of words with maybe a few variations like putting a "1" on the end. Such words are used so the passphrases are easy to remember.

But when setting up WPA wireless, you don't have to remember the password - the computer does that for you. So why would you use dictionary words for your WPA passphrase? Why not a long, random collection of gibberish characters that can't be found in any dictionary?
Back to top
View user's profile Send_private_message 
Wheres One


Joined: 21 Nov 2008
Posts: 215

PostPosted: Sat 31 Jul 2010, 17:22    Post_subject:  

Ideally, yes; you would choose something that's essentially gibberish, so it isn't easily guessed. But lots of people are lazy, or just plain apathetic, and create a fantastically easy to guess (remember, they would say) password and so you have dictionary based attacks.

For example, you wouldn't believe how many Windows machines I've seen whose administrative passwords were "Administrator" or "123456."
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11069
Location: Arizona USA

PostPosted: Sat 31 Jul 2010, 20:40    Post_subject:  

What do you do if the administrator chooses an unguessable password and then gets run over by a bus? Or, perhaps even worse, gets fired?
Back to top
View user's profile Send_private_message 
Sylvander

Joined: 15 Dec 2008
Posts: 3444
Location: West Lothian, Scotland, UK

PostPosted: Sun 01 Aug 2010, 18:22    Post_subject:  

1. See:
LCD TV Sony Bravia KDL-32EX503: wireless connection.

When setting up my new D-Link DIR-615 wireless router, so that the new Sony TV could connect to the network, and get on the web...
The Sony rep. advised me to use a WEP64 key [5 characters only] rather than the WPA2-PSK setup I'd chosen.

I'm pretty clueless about such things, but believe that WEP64 isn't as good as WPA2-PSK.

Am I right?
Back to top
View user's profile Send_private_message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Mon 02 Aug 2010, 14:10    Post_subject:  

Probably, part of the problem is that Windows idiotically does not let you see the WPA password you set. I don't know how many times I helped folks get on my wireless network by booting Puppy to find the password I had set for it, while looking on the Windows machines on the same network was pointless.

So if Windows does not let you see the password you set, people compensate by using simple, word-based passwords that they can remember and that are vulnerable to dictionary attacks.

I just knew Windows was at fault! Wink
Back to top
View user's profile Send_private_message 
Wheres One


Joined: 21 Nov 2008
Posts: 215

PostPosted: Mon 02 Aug 2010, 17:28    Post_subject:  

@ PaulBx1

That's one thing I've always thought to be funny about Windows. Why do they feel the need to hide everything 20 layers deep in an unreadable directory hierarchy and take away as much of the end-user's ability to configure things as they can? I suppose Microsoft knows what the end-user wants, not the end-user.
Back to top
View user's profile Send_private_message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Fri 06 Aug 2010, 20:49    Post_subject:  

Flash wrote:
What do you do if the administrator chooses an unguessable password and then gets run over by a bus? Or, perhaps even worse, gets fired?

You reset the router. They usually have one of those little buttons in the back that you need a pen to reach.

But if it's a situation where it is a very large complicated network and resetting would be a major problem, you would probably have two trustworthy administrators with the password to provide redundancy. That or it would be written down and stored in a secure location that another trustworthy (but perhaps not technically inclined) person would have the key to, so that they could give the password to the admin's successor.

But the above is more relevant to things like the router password, since anybody connecting to the network needs to know the network password/key (though with WPA I believe you can set it up so that different people have different keys, so that you can revoke a person's access without having to make everybody else redo their connection info).


As for Windows hiding wireless keys, you can probably find them in the registry if you know where to look (fire up regedit and try using the "find" feature, searching for the SSID). I've done this before on Windows2000, and I assume XP is the same. No idea about post-XP Windows versions.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send_private_message Visit_website 
Bruce B


Joined: 18 May 2005
Posts: 11108
Location: The Peoples Republic of California

PostPosted: Mon 30 Aug 2010, 11:18    Post_subject:  

Flash wrote:
What do you do if the administrator chooses an
unguessable password and then gets run over by a bus? Or, perhaps
even worse, gets fired?


Getting fired worse than getting ran over by a bus?

I never thought of it that way.

I knew a guy who got ran over by a bus and died. Unfortunately, I
was not afforded an opportunity to ask him how it worked out.

If you're fired, I think the first thing to do us deposit or even better,
cash your last checks.

Then, forget about it, put it all in the past.

If you do successfully forget about it, you won't be able to remember
trivia such as passwords, the reason being; you forgot about it.

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
Jasper


Joined: 25 Apr 2010
Posts: 1124
Location: England

PostPosted: Tue 31 Aug 2010, 15:42    Post_subject:  

Hi,

I suspect that most administrators, moderators, and developers are fired with enthusiasm and a small minority ought to be.

My regards

PS That's supposed to be close to a joke, but so far as I know "going under a bus" is a "native" British expression.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0688s ][ Queries: 11 (0.0042s) ][ GZIP on ]