Comments on: WPA Wi-Fi Encryption Scheme Partially Cracked http://www.darknet.org.uk/2008/11/wpa-wi-fi-encryption-scheme-partially-cracked/ Ethical Hacking, Penetration Testing & Computer Security Tue, 14 Feb 2012 00:17:07 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Morgan Storey http://www.darknet.org.uk/2008/11/wpa-wi-fi-encryption-scheme-partially-cracked/#comment-125091 Morgan Storey Wed, 12 Nov 2008 22:24:39 +0000 http://www.darknet.org.uk/?p=1222#comment-125091 Oh of course it is do-able, but being someone who used to run a wifi honeypot out of my house living on a very busy road, in 12months I saw exactly two people try and get in, hundreds scanned it saw it was protected with WEP64 security alone and left it alone, two actually tried to get through, neither succeeded. If someone wants to get in they will, if it is a big enough target they will try and they will get in. Bruteforcing through more powerful chips will make it quicker, but it will still come back to how much they want to get in. It is about what the best you can do, if your router only supports WPA-Tkip then use it and make the key long, change the key occasionally, and check the connected clients on your AP occasionally. When it comes time to upgrade make sure you go for WPA2, and do the same thing, that will stop 99.99999% of all attackers. It really comes back to risk versus cost. In this sea of open access points even some security can be enough, unless your SSID is BigBank or some such... Oh of course it is do-able, but being someone who used to run a wifi honeypot out of my house living on a very busy road, in 12months I saw exactly two people try and get in, hundreds scanned it saw it was protected with WEP64 security alone and left it alone, two actually tried to get through, neither succeeded.
If someone wants to get in they will, if it is a big enough target they will try and they will get in. Bruteforcing through more powerful chips will make it quicker, but it will still come back to how much they want to get in.
It is about what the best you can do, if your router only supports WPA-Tkip then use it and make the key long, change the key occasionally, and check the connected clients on your AP occasionally. When it comes time to upgrade make sure you go for WPA2, and do the same thing, that will stop 99.99999% of all attackers. It really comes back to risk versus cost. In this sea of open access points even some security can be enough, unless your SSID is BigBank or some such…

]]> By: navin http://www.darknet.org.uk/2008/11/wpa-wi-fi-encryption-scheme-partially-cracked/#comment-125090 navin Wed, 12 Nov 2008 14:05:44 +0000 http://www.darknet.org.uk/?p=1222#comment-125090 "Then you could use the brute force ability of a RISC chip like a decent GPU or PS3, but then it is getting silly." I'd disagree!! Tht's been proved as a PoC to be ultra-effective...will post a link later if I find it.......some people are already planning methods which'll harness the speed of quantum computers to bruteforce.....of course, quantum computers are still a few years away, but once they're here, bruteforcing will definitely get a boost!! “Then you could use the brute force ability of a RISC chip like a decent GPU or PS3, but then it is getting silly.”

I’d disagree!! Tht’s been proved as a PoC to be ultra-effective…will post a link later if I find it…….some people are already planning methods which’ll harness the speed of quantum computers to bruteforce…..of course, quantum computers are still a few years away, but once they’re here, bruteforcing will definitely get a boost!!

]]> By: Morgan Storey http://www.darknet.org.uk/2008/11/wpa-wi-fi-encryption-scheme-partially-cracked/#comment-125083 Morgan Storey Tue, 11 Nov 2008 10:15:06 +0000 http://www.darknet.org.uk/?p=1222#comment-125083 This is no big suprise, it is also only tkip afaik, well tkip is bad, as everyone has known since well WEP... so they moved to AES in WPA and WPA2, and they aren't vulnerable to this, of course you can still use the wonderful AES rainbow tables but they are like 120+gb for just the most common AP SSID and common WPA keys. Keep your key long and your SSID non-standard and this won't work either. Then you could use the brute force ability of a RISC chip like a decent GPU or PS3, but then it is getting silly. This is no big suprise, it is also only tkip afaik, well tkip is bad, as everyone has known since well WEP… so they moved to AES in WPA and WPA2, and they aren’t vulnerable to this, of course you can still use the wonderful AES rainbow tables but they are like 120+gb for just the most common AP SSID and common WPA keys.
Keep your key long and your SSID non-standard and this won’t work either. Then you could use the brute force ability of a RISC chip like a decent GPU or PS3, but then it is getting silly.

]]>