Cracking WPA-PSK
d...@anywhere.com
WPA-PSK may be vulnerable to a brute force attack but, with the choice
of the right password, it becomes unfeasible.
Assuming a decent utility is used, a 31 character long password of
random upper- and lowercase letters and numbers results in 62^31, or
3.7x10^55 possible combinations.
If we assume 60 attempts per second, it will take more that 1.3x10^36
times the age of the universe (15 billion years) to attempt every
possible combination. The average time would be half that, or
6.5x10^35 times the age of the universe.
Even if someone were to come up with a scheme that reduced the
bruteforce time to 1 trillionth of what would be required otherwise,
it would still take 6.5x10^23 times the age of the universe. And so
on...
Unless someone find another way to get the password (e.g., can
determine from traffic (like with WEP), beats it out of me, hacks my
laptop, etc.), my WAP will remain secure until long after I'm dead.
GuitarMan
<d...@anywhere.com> wrote in message
news:0va412lqugpa2agad...@4ax.com...
Here's a cool link that helps...
http://www.kurtm.net/wpa-pskgen/#keygen_a
paul
>
talking about. If you understand it that would help. It can be cracked
quite easily with the right software, all that is required is around 50MB of
data to be monitored. So keep changing the password !
David Taylor
Depends on how long you live and whether in your lifetime quantum
computers become the norm. If they do then all present known encryption
just becomes a whole bigger problem than your AP!
David.
David Taylor
> quite easily with the right software, all that is required is around 50MB of
> data to be monitored. So keep changing the password !
For WPA-PSK? Please post the link that documents that...
Jeff Liebermann
>Depends on how long you live and whether in your lifetime quantum
>computers become the norm. If they do then all present known encryption
>just becomes a whole bigger problem than your AP!
Quantum computers? The tiny keyboards on todays notebook and palmtop
computers are so small, I can barely type on them. Now, you want one
even smaller? Surely you jest. Unless power consumption also scales
accordingly, the power density of the accompanying power source could
easily approach a small bomb. As the devices get smaller, the
tendency for them to be susceptible to computation errors and soft
errors (from alpha paticles, cosmic raise, etc) becomes a problem:
http://www.edn.com/article/CA454636.html
In the future people will probably still continue scribbling their
passwords in obvious places. Perhaps by then, shared key security
will follow the dinosaurs.
What I really want is a personal black hole, so I can dispose of all
the electronic and computer junk easily. Also, infinite bandwidth and
distance by communicating through a black hole or modulating
neutrinos.
--
Jeff Liebermann je...@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Neill Massello
> Unless someone find another way to get the password (e.g., can
> determine from traffic (like with WEP), beats it out of me, hacks my
> laptop, etc.), my WAP will remain secure until long after I'm dead.
That's the problem: guessing a password isn't the only way to crack
encryption. If it were, advances in computing power could be countered
by putting a time delay in how often the access point would accept
connection requests from supplicants. (That might leave the AP more
vulnerable to denial of service floods, but would effectively immunize
it from cracking.) Unfortunately, it's also possible to derive passwords
by analyzing encrypted data. For that, the factors in play are the rate
of data transmission over the network and the method and computing
horsepower being used to do the decryption.
Jeff Liebermann
>Jeff, I can see your points, but I wonder how many of us
>hyperventilate over an issue that is only a figment of our
>imaginations. I sometimes wonder if anyone would be interested in
>what is on my computer, even if I left it on and with no password
>protection, in an unlocked room for years. Probably no one would
>bother to even look at the damned thing.
I'm not sure how we got to the subject of passwords, but methinks the
topic is worthy of my pontification. Incidentally, I am NOT a
security expert as I don't attend security conferences and publish
papers.
I can supply the names of 2 individuals who were extremely sloppy with
their passwords (i.e. using the same password for everything) and
managed to get ripped off when someone used Paypal to empty their
account. Nobody really wants what's on your computer. What they want
is sufficient information to precipitate an identity theft. SSI
number, date-o-birth, addresses, email password, credit card numbers,
and such. If you leave thse floating around your computer, you're
asking for problems.
Also, few hackers get these by breaking into your computer. They get
them by sniffing the traffic. Keyword searches of your unencrypted
email often yields amazing amounts of information.
>I build my passwords using the first letters of a paragraph or
>them I can find them in the book. But, I would think someone
>determined to hack my computer would have a very hard time
>breaking these passwords.
I think you missed my point, although I wasn't terribly clear. The
concept of a password is by its very nature insecure. I once used the
security cameras to video tape the admin logging into the server, and
extracted the login and password. The password was quite obscure and
secure. The admin wasn't. My former neighbors 14 year old brat could
play finger hacker and read back any phone number I dialed, and most
passwords I typed.
At the same time, the wireless community seems to prefer pre-shared
keys for security. This is equally dumb as once the key leaks out,
the entire system is compromised. At the very least, a compromised
password should only compromise one machine, not the entire wireless
network. RADIUS server based authorization and authentication
delivers a one time WPA encryption key for the session, which is the
right way to do this.
Passwords also only provide the autorization part of the security
puzzle. What's lacking is the authentication part. How does the
system know that you are whom you say you are? There are a variety of
schemes for authentication ranging from X.509 certificates to 3rd
party authentication authorities (Verisign etc).
Anyway, what I was hoping was that in the future computer utopia of
quantum computing, perhaps the concept of passwords and pre-shared
keys, in any form, would do me the favor of following the dinosaur
into extinction.
David Taylor
> computers are so small, I can barely type on them. Now, you want one
> even smaller? Surely you jest. Unless power consumption also scales
> accordingly, the power density of the accompanying power source could
You're missing the point entirely, it's nothing to do with size but the
nature in which they process.
http://www.qubit.org/library/intros/comp/comp.html
http://www.sciencedaily.com/releases/2005/06/050604202933.htm
(and a variety of others links with a google ;) )
David.
Rico
>David Taylor <djta...@bigfoot.com> hath wroth:
>>Depends on how long you live and whether in your lifetime quantum
>>computers become the norm. If they do then all present known encryption
>>just becomes a whole bigger problem than your AP!
>
>Quantum computers? The tiny keyboards on todays notebook and palmtop
>computers are so small, I can barely type on them. Now, you want one
>even smaller? Surely you jest. Unless power consumption also scales
>accordingly, the power density of the accompanying power source could
>easily approach a small bomb. As the devices get smaller, the
>tendency for them to be susceptible to computation errors and soft
>errors (from alpha paticles, cosmic raise, etc) becomes a problem:
> http://www.edn.com/article/CA454636.html
>In the future people will probably still continue scribbling their
>passwords in obvious places. Perhaps by then, shared key security
>will follow the dinosaurs.
>
>What I really want is a personal black hole,
Get a cat. All houses/homes that have a cat have at least one blackhole
that swallows cat toys (this can be verfied by reading between the lines in
Hawkings' books on blackholes). So, once you are ready to discard an item
you just persuade the cat to play with it and over time the cat toy
blackhole in your home will swallow the device.
> so I can dispose of all
>the electronic and computer junk easily. Also, infinite bandwidth and
>distance by communicating through a black hole or modulating
>neutrinos.
>
fundamentalism, fundamentally wrong.
Jeff Liebermann
>> Quantum computers? The tiny keyboards on todays notebook and palmtop
>> computers are so small, I can barely type on them. Now, you want one
>> even smaller? Surely you jest. Unless power consumption also scales
>> accordingly, the power density of the accompanying power source could
>You're missing the point entirely, it's nothing to do with size but the
>nature in which they process.
So much for my feeble attempt at humor.
>http://www.qubit.org/library/intros/comp/comp.html
>http://www.sciencedaily.com/releases/2005/06/050604202933.htm
Got it. So according to Heisenberg, I can determine what the computer
is doing or where it is located, but not at the same time. That may
present a problem. I can have my computational answers, but can't
find where the computer sent them. Or, I can play with my computer,
but can't trust the answers. Are you sure this quantum computing
stuff is for real?
David Taylor
'fraid so ;)
> Got it. So according to Heisenberg, I can determine what the computer
> is doing or where it is located, but not at the same time. That may
> present a problem. I can have my computational answers, but can't
> find where the computer sent them. Or, I can play with my computer,
> but can't trust the answers. Are you sure this quantum computing
> stuff is for real?
Very real or at least the research is real.
Neill Massello
> What I really want is a personal black hole, so I can dispose of all
> the electronic and computer junk easily. Also, infinite bandwidth and
> distance by communicating through a black hole or modulating
> neutrinos.
Those neutrino antennas are expensive. And big.
Neill Massello
> So according to Heisenberg, I can determine what the computer
> is doing or where it is located, but not at the same time.
I think they call that an uncertain state machine.
Eric S
> David Taylor <djta...@bigfoot.com> hath wroth:
>
>>> Quantum computers? The tiny keyboards on todays notebook and palmtop
>>> computers are so small, I can barely type on them. Now, you want one
>>> even smaller? Surely you jest. Unless power consumption also scales
>>> accordingly, the power density of the accompanying power source could
>
>>You're missing the point entirely, it's nothing to do with size but the
>>nature in which they process.
>
> So much for my feeble attempt at humor.
>
>>http://www.qubit.org/library/intros/comp/comp.html
>>http://www.sciencedaily.com/releases/2005/06/050604202933.htm
>
> Got it. So according to Heisenberg, I can determine what the computer
> is doing or where it is located, but not at the same time. That may
> present a problem. I can have my computational answers, but can't
> find where the computer sent them. Or, I can play with my computer,
> but can't trust the answers. Are you sure this quantum computing
> stuff is for real?
>
http://ars.userfriendly.org/cartoons/?id=20060314
--
Eric S
Jeff Liebermann
>> Got it. So according to Heisenberg, I can determine what the computer
>> is doing or where it is located, but not at the same time. That may
>> present a problem. I can have my computational answers, but can't
>> find where the computer sent them. Or, I can play with my computer,
>> but can't trust the answers. Are you sure this quantum computing
>> stuff is for real?
>Very real or at least the research is real.
Well, that presents a problem for me. I'm officially a "computah
repair person". With quantum computers, I might become a "quantum
mechanic"[1]. You can either have your computer fixed correctly, or
delivered on time, but not both. Bring on the quanta.
I suspect it will take more than a secure algorithm to insure adequate
wireless security. It's not just about encryption. It will probably
require a similarly complex layer of authentication, which insures
that you are whom you claim to be and not a clone, identity thief,
laptop thief, or hacker.
We're doomed:
http://qso.lanl.gov/qc/graphics/dilbert.gif
[1] A friends business card no longer identifies her as an author. It
now says "content provider".