Wireless security
John Hyde
I am in the process of setting up wireless access in our small office.
The wireless access point hardware I have seen is all equipped to do up
to 128 bit WEP encryption and MAC filtering. A couple of questions:
1. I have read that WEP is broken. Is it really? Do I want to use
something else? One of the laptops that will be connecting is a few
years old and it's built in wireless supports WEP 128 but not other
encryption as far as I can tell.
2. MAC filtering seems to me to be a great idea. Adds a layer of
security. If WEP is enabled, is the MAC address of the laptop also
encrypted? Does it matter?
3. Thinking out loud now. If my laptop is busy looking for wireless
access points, and transmitting it's MAC address in the clear. Assume an
attacker learns my MAC address. Then I get to my office and log on to
the Wireless Access Point. It requires that I send the MAC encrypted.
Does the attacker have a crib that will them to pry open WEP 128? If
so, am I better off with just WEP and not MAC filtering?
Thanks for all your thoughts,
John
Volker Birk
> I am in the process of setting up wireless access in our small office.
> The wireless access point hardware I have seen is all equipped to do up
> to 128 bit WEP encryption and MAC filtering. A couple of questions:
> 1. I have read that WEP is broken. Is it really?
Yes. And it's completely unsecure. Better use WPA or an encrypted VPN.
> 2. MAC filtering seems to me to be a great idea.
No. It offers no security at all.
> If WEP is enabled, is the MAC address of the laptop also
> encrypted?
No.
> Does it matter?
Yes.
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister
Imhotep
Your security policies should match the security risk you are willing to
live with. In other words, do you have sensitive date? Critical data?
Analyze what you have on your computer and how "sensitive" it really is.
WEP is a very weak "encryption" protocol and I have read, but not done it
yet, that it can be broken in minutes. MAC filtering is moot and really
gets you little added security....
If your data is that important, ie you have SS#, credit card info, etc, etc
Just use some cat5....or look into some of the new wireless protocols.
Imhotep
John Hyde
> John Hyde <EJ...@netscape.net> wrote:
>
>
>>1. I have read that WEP is broken. Is it really? Do I want to use
>>something else? One of the laptops that will be connecting is a few
>>years old and it's built in wireless supports WEP 128 but not other
>>encryption as far as I can tell.
>
>
> "Aircrack". You should use WPA instead. If the builtin system doesn't
> support it, don't use it - buy another WLAN card.
>
>
>>2. MAC filtering seems to me to be a great idea. Adds a layer of
>>security. If WEP is enabled, is the MAC address of the laptop also
>>encrypted? Does it matter?
>
>
> after that the attacker can see your MAC, adjust his computer, and he's
> in.
>
>
>>3. Thinking out loud now. If my laptop is busy looking for wireless
>>access points, and transmitting it's MAC address in the clear. Assume an
>>attacker learns my MAC address. Then I get to my office and log on to
>>the Wireless Access Point. It requires that I send the MAC encrypted.
>>Does the attacker have a crib that will them to pry open WEP 128? If
>>so, am I better off with just WEP and not MAC filtering?
>
>
>
>
> Juergen Nieveler
Thanks for the reply. I'll be trying to find a firmware upgrade for the
laptop since it is built in. If not, I'll take the advice of finding an
alternate card.
I did find this interesting quote about WEP.
"WEP is better than nothing
If you can't use WPA, perhaps because you can't afford new base stations
and Panther upgrades for all your laptops, at least enable WEP, feeble
though it may. There is an old joke about two guys hiking in the woods
who spot a mean looking grizzly bear heading their way. One of the
hikers takes off his back pack, pulls out running shoes, and starts
putting them on. The other says "You idiot, you can't outrun a hungry
bear in the woods." The first replies "I don't have to outrun the bear,
I only have to outrun you." Even minimal security may be effective
against snoops who have plenty of unprotected targets to choose from.
Use the higher, 128-bit security setting, if possible, and change
passwords frequently."
From: http://world.std.com/~reinhold/airport.html
regards,
JH
John Hyde
Thanks, My home network is just WEPed and I never bothered to ask the
question because I keep nothing important on it. If someone wants
pictures ofmy kids, they're easier to find on my blog. But my office
computers (Currently only hardwired) have my client info, office
finance, home finance, etc. The desktop where most of that info resides
is closed up pretty well I think (No shared anything, etc.) Still, I
don't want anyone "inside" anyway.
I'll be solving this problem pretty quick (and BEFORE connecting the
access point!)
JH
Todd H.
> Greetings,
>
> I am in the process of setting up wireless access in our small
> office. The wireless access point hardware I have seen is all equipped
> to do up to 128 bit WEP encryption and MAC filtering. A couple of
> questions:
>
> 1. I have read that WEP is broken. Is it really? Do I want to use
> something else? One of the laptops that will be connecting is a few
> years old and it's built in wireless supports WEP 128 but not other
> encryption as far as I can tell.
WPA with radius authentication is cryptographically quite superior.
WEP is crackable very quickly provided enough initialization vectors
and traffic have been gathered. Injection techniques can be leveraged
to generate the required traffic in a compressed timeframe. Freely
available tools like kismet are available with these tools built in.
If your access point uses weak/predicatable initialization vectors,
it's cracable that more quickly.
> 2. MAC filtering seems to me to be a great idea. Adds a layer of
> security. If WEP is enabled, is the MAC address of the laptop also
> encrypted? Does it matter?
The mac is in the clear, IIRC. Passive sniffers like kismet can
detect them, and those mac's can be used in spoofing.
> 3. Thinking out loud now. If my laptop is busy looking for wireless
> access points, and transmitting it's MAC address in the clear. Assume
> an attacker learns my MAC address. Then I get to my office and log on
> to the Wireless Access Point. It requires that I send the MAC
> encrypted. Does the attacker have a crib that will them to pry open
> WEP 128? If so, am I better off with just WEP and not MAC
> filtering?
WEP 128 is better than mac filtering alone. wep 128 + mac filtering
will prevent the casual hack, but is trivially crackable for someone
in sniffing range. For home use, probably it's acceptable risk
depending on how dense your surroundings. For a business environment,
a VPN connection with strong encryption is preferable.
WPA + radius authentication is the best of breed right now. Firmware
upgrades may get you there for free. WPA + pre-shared key
authentication has a weakness in it that makes a brute force attack
nearly feasible, though I haven't been following that issue closely.
All production wireless right now should be considered something that
can be DOS'd so relying on it for a connection that must be there
continuously is dicey. Wired is preferable if possible.
--
Todd H.
http://www.toddh.net/
Unruh
>Greetings,
>I am in the process of setting up wireless access in our small office.
>The wireless access point hardware I have seen is all equipped to do up
>to 128 bit WEP encryption and MAC filtering. A couple of questions:
>1. I have read that WEP is broken. Is it really? Do I want to use
>something else? One of the laptops that will be connecting is a few
>years old and it's built in wireless supports WEP 128 but not other
>encryption as far as I can tell.
WEP can be cracked relatively easily. If someone sits outside your offices
and gets something line 1000000 bytes of encrypted traffice, they can
apparently figure out what the key is, and then have complete and free
access to your network. Is this an acceptable risk for your business?
WPA is stronger, if your router and your systems support it.
Your one laptop might be OK, as long as the WEP key is changed regularly
and that laptop is not used very much.
>2. MAC filtering seems to me to be a great idea. Adds a layer of
>security. If WEP is enabled, is the MAC address of the laptop also
>encrypted? Does it matter?
>3. Thinking out loud now. If my laptop is busy looking for wireless
>access points, and transmitting it's MAC address in the clear. Assume an
>attacker learns my MAC address. Then I get to my office and log on to
>the Wireless Access Point. It requires that I send the MAC encrypted.
>Does the attacker have a crib that will them to pry open WEP 128? If
>so, am I better off with just WEP and not MAC filtering?
>John
Unruh
>> WEP128 is broken, it's not even worth thinking about anymore.
>>
>>
>> Juergen Nieveler
>Thanks for the reply. I'll be trying to find a firmware upgrade for the
>laptop since it is built in. If not, I'll take the advice of finding an
>alternate card.
>I did find this interesting quote about WEP.
>"WEP is better than nothing
>If you can't use WPA, perhaps because you can't afford new base stations
>and Panther upgrades for all your laptops, at least enable WEP, feeble
>though it may. There is an old joke about two guys hiking in the woods
>who spot a mean looking grizzly bear heading their way. One of the
>hikers takes off his back pack, pulls out running shoes, and starts
>putting them on. The other says "You idiot, you can't outrun a hungry
>bear in the woods." The first replies "I don't have to outrun the bear,
>I only have to outrun you." Even minimal security may be effective
>against snoops who have plenty of unprotected targets to choose from.
>Use the higher, 128-bit security setting, if possible, and change
>passwords frequently."
>From: http://world.std.com/~reinhold/airport.html
That depends on whether or not someone wants to target you. do you have
competitors who you would rather not have on your network? They do not care
that the lumber yard down the street is easier to break into, they want
you.
Ie, if the bear wants you, for your red hat, being able to run faster than
your friend is irrelevant.
Hairy One Kenobi
news:Xns96EC5D7CFED7...@nieveler.org...
> John Hyde <EJ...@netscape.net> wrote:
>
> > I did find this interesting quote about WEP.
> >
> > "WEP is better than nothing
> >
> > If you can't use WPA, perhaps because you can't afford new base
> > stations and Panther upgrades for all your laptops, at least enable
> > WEP, feeble though it may.
>
> "Oh, I got at least SOME security", so you'll never know when your
> security isn't there anymore.
>
> Either go for real security, or no security - if you have no encryption
> enabled, you'll at least always remember that there's a good reason to
> be carefull.
Interesting argument.
A car ignition lock can be forced.. so do you park your car with the doors
open and the key in the ignition? ;o)
--
Hairy One Kenobi
Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!
Volker Birk
> A car ignition lock can be forced.. so do you park your car with the doors
> open and the key in the ignition? ;o)
The usual car analogy. All car analogies don't work at all.
Just try: which is the secure way to lock your car, for which no working
attack at all is known? For WLAN, it's WPA with a good key.
And how can you automate cracking cars, so that you can crack more than
a hundred cars in a minute? For networks with a known attack vector, this is
an easy game to play for a single person.
If there would be a big probability for not owning any more your car, stolen
on every public parking place, together with all the other hundreds of cars,
and the only cars which will not be stolen would be the ones, which have a
secure lock, for which no crack at all is known, and the secure lock would
be very cheap, would you use one for your car?
John Hyde
Absolutely, and if you saw my other post, my home network is very likely
to be successful just as a "sprinter", my office network needs to be
able to shoot bears. ;-)
JH
John Hyde
> John Hyde <EJ...@netscape.net> wrote:
>
>
>>I did find this interesting quote about WEP.
>>
>>"WEP is better than nothing
>>
>>If you can't use WPA, perhaps because you can't afford new base
>>stations and Panther upgrades for all your laptops, at least enable
>>WEP, feeble though it may.
>
>
> "Oh, I got at least SOME security", so you'll never know when your
> security isn't there anymore.
>
> Either go for real security, or no security - if you have no encryption
> enabled, you'll at least always remember that there's a good reason to
> be carefull.
>
Ok, well, I never put high value stuff on the home network anyway; even
when it was a hardwire only network. Still have a router, precautions
on each box, etc. But I have family members who will click on anything
that moves. Yes I try to educate them, provide alternate browser, but
if something doesn't work, the immediate response is to fire up Exploder
(er Explorer). It is bad enough to have to fix the boxes without having
to worry about compromised data. (I've been fortunate - apparently some
of my pissing and moaning when I have had to flatten a system has sunk in.)
This is one of the things I learned from this list, don't put high value
data on a computer or network that you cannot adequately secure. So
thanks I guess.
JH
dav...@alpha2.mdx.ac.uk
>on 10/10/2005 3:56 PM Imhotep said the following:
>> John Hyde wrote:
>>
>>
>> Your security policies should match the security risk you are willing to
>> live with. In other words, do you have sensitive date? Critical data?
>> Analyze what you have on your computer and how "sensitive" it really is.
>> WEP is a very weak "encryption" protocol and I have read, but not done it
>> yet, that it can be broken in minutes. MAC filtering is moot and really
>> gets you little added security....
>>
>> If your data is that important, ie you have SS#, credit card info, etc, etc
>> Just use some cat5....or look into some of the new wireless protocols.
>>
>> Imhotep
>
>Thanks, My home network is just WEPed and I never bothered to ask the
>question because I keep nothing important on it. If someone wants
>pictures ofmy kids, they're easier to find on my blog.
If someone is going to misuse your home network then they will probably be more
interested in using your broadband internet connection rather than what's on
your systems - though they might be interested in any credit card information
left on your systems if you have ever purchased anything over the web.
David Webb
Security team leader
CCSS
Middlesex University
Alun Jones
news:Xns96EC5D7CFED7...@nieveler.org...
> John Hyde <EJ...@netscape.net> wrote:
>
>>
>> "WEP is better than nothing
>>
>> If you can't use WPA, perhaps because you can't afford new base
>> stations and Panther upgrades for all your laptops, at least enable
>> WEP, feeble though it may.
>
> "Oh, I got at least SOME security", so you'll never know when your
> security isn't there anymore.
>
> Either go for real security, or no security - if you have no encryption
> enabled, you'll at least always remember that there's a good reason to
> be carefull.
Oh? If you can't afford a suit of armour, best to leave your arse flapping
in the wind than put on a pair of trousers?
Perhaps better to install what security you can, but retain the mindset that
you have something approaching no security at all. After all, there are
arguments that say that no security is impossible to crack - would that mean
that you shouldn't ever add security?
Your argument, taken to its logical conclusion, is absurd. Therefore, your
argument, just like that for installing WEP, requires accepting a balance
point somewhere between "nothing" and "perfect".
Alun.
~~~~
Hairy One Kenobi
> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote:
>
> >> encryption enabled, you'll at least always remember that there's a
> >> good reason to be carefull.
> >
> > Interesting argument.
> >
> > A car ignition lock can be forced.. so do you park your car with the
> > doors open and the key in the ignition? ;o)
>
>
> And yes, as the car windows are transparent and non-armoured, I don't
> leave valuables lying openly in the car.
So, in other words, some security (even fairly inadequate) is batter than a
choice of none at all?
I *do* follow your argument, but I would hope that we agree that "some" is
better than "none". Particularly if we all understand the limitations of
"some".
"Holy Dictionary, Batman":
Uncrackable, adj.
Something that hasn't been cracked just yet. Give it a year or two.
:o)
H1K
Alun Jones
> "Alun Jones" <al...@texis.invalid> wrote:
>
>>> Either go for real security, or no security - if you have no
>>> encryption enabled, you'll at least always remember that there's a
>>> good reason to be carefull.
>>
>> Oh? If you can't afford a suit of armour, best to leave your arse
>> flapping in the wind than put on a pair of trousers?
>
> balls off. :-)
Similarly, you don't use WEP for security, you do it so your neighbour
doesn't keep using your bandwidth.
Personally, I'd classify an unwanted orchiectomy as somewhat of a security
issue.
Alun.
~~~~
Unruh
>"Alun Jones" <al...@texis.invalid> wrote:
>>> Either go for real security, or no security - if you have no
>>> encryption enabled, you'll at least always remember that there's a
>>> good reason to be carefull.
>>
>> Oh? If you can't afford a suit of armour, best to leave your arse
>> flapping in the wind than put on a pair of trousers?
>I don't wear trousers for security, I wear them to prevent freezing my
>balls off. Even WITH a suit of armour, I'd still wear trousers
>underneath :-)
I wear trousers to stop the mosquitos from biting me in uncomfortable places.
I do not pretend that they will stop grizzlies, so I keep my eyes open for
them.
Similarly with WEP.
Imhotep
...I think this is more of a "weakest link" argument. I think you are both
right and wrong. True *some* security is better than none, but to
*evaluate* your security you *must* examine your weakest link. If I have
safe with a concrete floor and walls but with a paper roof does the
concrete floors *really* get me more security? In this example it does
not...I think that is the point Juergen is making.
Im
Volker Birk
> Similarly, you don't use WEP for security, you do it so your neighbour
> doesn't keep using your bandwidth.
Especially the neighbour will have no problem cracking WEP.
Volker Birk
> I wear trousers to stop the mosquitos from biting me in uncomfortable
> places.
This special script-kiddy sort of mosquito is downloading 7001z and is just
klicking, then your net is open.
The grizzlies are ignoring you usually.
Lassi Hippeläinen
>... I would hope that we agree that "some" is
> better than "none". Particularly if we all understand the limitations of
> "some".
There is the legal argument. If you have WEP off, you may be treated as a
collaborator in a crime that was launched via your network by an unknown
war driver. If you have WEP on, you may get off the hook.
-- Lassi
Casper H.S. Dik
Or vice-versa: if someone abuses your bandwidth through a WEP protected
AP, then it may be somewhat harder to convince a non-technical audience
that you didn't do it yourself.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
Dave Hazelwood
wrote:
>WEP will deter casual unauthorised users as there are generally
>plenty of networks to be had wide open as the default out-of-the-box
>security is none at all and thats what the majority of people leave it
>at.
>
>The location is also important, if you are in a busy business area its
>more threatened than if you are more isolated, although I have reports
>that my wifi node has been seen a mile away and its low powered.
you broadcast your ssid ?
dav...@alpha2.mdx.ac.uk
>
>you broadcast your ssid ?
Not broadcasting your ssid provides minimal protection. It's about as useful
as MAC filtering.
Dave Hazelwood
wrote:
OK real question.
What gets broadcast from a wireless router if you use only the wired
ports ?
Todd H.
> OK real question.
>
> What gets broadcast from a wireless router if you use only the wired
> ports ?
Depends if the wireless portion of it is enabled. By default, the
SSID of the router (e.g. Linksys is a default for Linksys devices)
will be broadcast, and by default, it'll be wide open.
In the web interface of these devices you can disable the wireless
access point functionality, which is what you should do if you are not
using the wireless features.
Best Regards,
Dave Hazelwood
What if you are using one wireless connection ? Is all the traffic
on the wired ports broadcast even if it is to/from another wired port
or the WAN connection ?
Todd H.
Ah, I see. That's an interesting and pertinent question. I'll take
the liberty of reframing it as: "If the
wireless is on and active, and if someone authenticates (by breaking
wep) to your ap, what can they do wrt to sniffing the wired segment. "
It would be interesting to know what arp spoofing with a tool like
Cain or others might be able to elicit from the wired side of the AP.
I suspect that results might vary by manufacturer. It'd be something
interesting to try with my own hardware.
But I have to give ya a hearty "I dunno, but I'm intrigued."
Unruh
Collaborator needs knowledge and intent, just as most crimes do.
Maybe contributory negligence but that too would be almost impossible to
prove.
>-- Lassi
Alun Jones
news:434c...@news.uni-ulm.de...
> Alun Jones <al...@texis.invalid> wrote:
>> Similarly, you don't use WEP for security, you do it so your neighbour
>> doesn't keep using your bandwidth.
>
> Especially the neighbour will have no problem cracking WEP.
Again, you miss the point, partly because you don't understand my
neighbourhood.
My neighbour will use his neighbour's wireless over mine because his
neighbour's wireless is wide open. Maybe even my neighbour will use his own
wireless over mine because his wireless is now offered up as the default
option.
I'm not using WEP to completely secure my network, I'm using WEP to prevent
accidental abuse. Sometimes that's all technological security has to do.
Anyone cracking my WEP to access the Internet and commit the hypothesised
crimes will lose the ability to claim that they "didn't know that they were
stealing bandwidth" as well as committing crimes.
Alun.
~~~~
Alun Jones
news:434cdea9$0$11075$e4fe...@news.xs4all.nl...
> Lassi =?ISO-8859-15?Q?Hippel=E4inen?= <lahippel.a...@moon.invalid>
> writes:
>
>>Hairy One Kenobi wrote:
>>>... I would hope that we agree that "some" is
>>> better than "none". Particularly if we all understand the limitations of
>>> "some".
>
>>There is the legal argument. If you have WEP off, you may be treated as a
>>collaborator in a crime that was launched via your network by an unknown
>>war driver. If you have WEP on, you may get off the hook.
>
> Or vice-versa: if someone abuses your bandwidth through a WEP protected
> AP, then it may be somewhat harder to convince a non-technical audience
> that you didn't do it yourself.
Then you just point back to this thread as a priori evidence that WEP can be
cracked in minutes by a large set of people, a subset of whom would include
anyone with a criminal bent and a couple of hours to do the research and
find the right tool online.
Alun.
~~~~
Dave Hazelwood
Yup you get me. I want to know what my exposure is for the "wired"
guys on the router if the wireless is activated even if it is not
being used. Can the wired lan be eavesdropped upon ?
Alun Jones
news:84ek6q7...@ripco.com...
That's if you trust the settings to tell you what they are doing.
I'm currently trying to get D-Link to acknowledge that when you "Disable
DHCP" on the DI-624M wireless router, you don't actually disable DHCP. The
router will still happily hand out IP addresses, DNS server settings, etc.
Trust but verify.
On the plus side for security, it won't allow any TCP or UDP packets from
the wireless to go to the LAN and vice-versa. So, when I'm wireless (ICMP),
I can ping the other systems on the network, but can't actually do anything
useful to them. Secure, but unusable. If they continue to show as little
interest in fixing this as they have to-date, it's going back for a refund.
In something approaching an on-topic note for this group, though, this
appears to be caused by a simple rule in the firewall, which says "Deny From
*:* to LAN:*", when it ought to be "Deny From WAN:* to LAN:*". It's a
default rule, and of course the UI element that allows you to edit or delete
rules in the firewall is not present. That's what I get for buying D-Link.
Alun.
~~~~
Alun Jones
news:dij168$166$1...@news.mdx.ac.uk...
> In article <nrupk1ldt59lujvf7...@4ax.com>, Dave Hazelwood
> <the_big...@mailcity.com> writes:
>>
>>you broadcast your ssid ?
>
> Not broadcasting your ssid provides minimal protection. It's about as
> useful
> as MAC filtering.
Yeah, it's really rather like saying "you tell everyone your car's
registration number?" - whether you do or don't, it's printed in large type
on the car itself. If you use that as the only key for getting into the
car, it'll be stolen.
[Again with the car analogies, I know. If car analogies worked for
software, we'd be talking about how to protect convertibles against nuclear
weaponry wielded by the local juvenile delinquents.]
Alun.
~~~~
Hairy One Kenobi
news:4aSdnd4FEtl...@adelphia.com...
> Hairy One Kenobi wrote:
>
> > "Juergen Nieveler" <juergen.nie...@arcor.de> wrote in message
> > news:Xns96EC8D9048DF...@nieveler.org...
> >> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote:
> >>
> >> >> Either go for real security, or no security - if you have no
> >> >> encryption enabled, you'll at least always remember that there's a
> >> >> good reason to be carefull.
> >> >
> >> > Interesting argument.
> >> >
> >> > A car ignition lock can be forced.. so do you park your car with the
> >> > doors open and the key in the ignition? ;o)
> >>
> >> No, I keep the Garage door locked ;-)
> >>
> >> And yes, as the car windows are transparent and non-armoured, I don't
> >> leave valuables lying openly in the car.
> >
> > So, in other words, some security (even fairly inadequate) is batter
than
> > a choice of none at all?
> >
> > I *do* follow your argument, but I would hope that we agree that "some"
is
> > better than "none". Particularly if we all understand the limitations of
> > "some".
> ...I think this is more of a "weakest link" argument. I think you are both
> right and wrong. True *some* security is better than none, but to
> *evaluate* your security you *must* examine your weakest link. If I have
> safe with a concrete floor and walls but with a paper roof does the
> concrete floors *really* get me more security? In this example it does
> not...I think that is the point Juergen is making.
Not if you leave the door wide open, because a paper roof means that,
shucks, might as well not bother using what few options we have.
To take YACA (yet another car analogy) - old cars often came fitted with
static lap belts; in the event of a crash, these caused greater injuries
than modern over-the-shoulder seat belts with pre-tensioners. Hence the
change.
Would you then argue that it's better to drive without any belts at all,
simply because the old design isn't as good; that not wearing one will make
you drive more carefully, and somehow immune from an accident?
After all, that's pretty much what's been stated.
H1K
Todd H.
> Yup you get me. I want to know what my exposure is for the "wired"
> guys on the router if the wireless is activated even if it is not
> being used. Can the wired lan be eavesdropped upon ?
I would have to say that the general answer is "yes", but there are
probably specific access points whereby it's inordinately
difficult/impossible. Penetration testing or a paper evaluation
with your specific WAP is the only way to tell for sure though.
However, to secure yourself or business against this issue, the
longstanding general topology recommendation is to deploy wireless
networks on their own dedicated subnet, firewalled off from the rest
of your wired network, locking it down to data flows that are
specifically needed, and using VPN connections if possible.
John Hyde
> Hairy One Kenobi wrote:
>
>
> ...I think this is more of a "weakest link" argument. I think you are both
> right and wrong. True *some* security is better than none, but to
> *evaluate* your security you *must* examine your weakest link. If I have
> safe with a concrete floor and walls but with a paper roof does the
> concrete floors *really* get me more security? In this example it does
> not...I think that is the point Juergen is making.
>
> Im
I get Juergen's point. But my answer is maybe it does give you more
security, if the highest probability of attack is through the floor.
(Which assumes that the attacker does not know about the paper roof,
which causes the analogy to break down, because attackers *do* know
about WEP weaknesses . . .)
All depends on the likely attack mode, No?
john
Casper H.S. Dik
>Then you just point back to this thread as a priori evidence that WEP can be
>cracked in minutes by a large set of people, a subset of whom would include
>anyone with a criminal bent and a couple of hours to do the research and
>find the right tool online.
Then the prosecution would deny it and will do the math with 128 bit keys,
and juries, eager to convict as always, will lean towards believing the
prosecution.
Alun Jones
> "Alun Jones" <al...@texis.invalid> wrote:
>
>> Then you just point back to this thread as a priori evidence that WEP
>> can be cracked in minutes by a large set of people, a subset of whom
>> would include anyone with a criminal bent and a couple of hours to do
>> the research and find the right tool online.
>
> secured your network properly and therefore are guilty of aiding and
> abetting ;-)
s/you/you and your lawyer and the expert he hired/
:-)
Not being a lawyer, I wouldn't know for certain, but I'm guessing the best a
prosecutor could hope for is calling it an "attractive nuisance".
Alun.
~~~~
Alun Jones
> "Alun Jones" <al...@texis.invalid> wrote:
>
>> Similarly, you don't use WEP for security, you do it so your neighbour
>> doesn't keep using your bandwidth.
>
Not at all - he's using wide-open wireless networking after all, more or
less trivial to sniff whether it's to your router or not.
Alun.
~~~~
Alun Jones
> "Alun Jones" <al...@texis.invalid> writes:
>
>>Then you just point back to this thread as a priori evidence that WEP can
>>be
>>cracked in minutes by a large set of people, a subset of whom would
>>include
>>anyone with a criminal bent and a couple of hours to do the research and
>>find the right tool online.
>
> Then the prosecution would deny it and will do the math with 128 bit keys,
> and juries, eager to convict as always, will lean towards believing the
> prosecution.
Better hope for an appeal, and enough amicus curae briefs that the case
would be thrown out and the prosecution's "Expert" ("ex" - has been;
"spurt" - a drip under pressure) would find his name muddied enough that he
doesn't get used in future, for fear that the opposing counsel would bring
the case up as a reason to dismiss his testimony.
Alun.
~~~~
Volker Birk
> >> Similarly, you don't use WEP for security, you do it so your neighbour
> >> doesn't keep using your bandwidth.
> > Especially the neighbour will have no problem cracking WEP.
> Again, you miss the point, partly because you don't understand my
> neighbourhood.
The latter may be ;-)
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister
Unruh
>"Alun Jones" <al...@texis.invalid> wrote:
>> Then you just point back to this thread as a priori evidence that WEP
>> can be cracked in minutes by a large set of people, a subset of whom
>> would include anyone with a criminal bent and a couple of hours to do
>> the research and find the right tool online.
>Then the judge will point out that if you're so smart, you should have
>secured your network properly and therefore are guilty of aiding and
>abetting ;-)
Nuts. No judge would ever do that. Intent is part of a crime. IF they could
prove that you left it weak with the intent of allowing the wardrivers to
use your system to commit a crime, then you might be liable.
But your scenario is silly.
>Juergen Nieveler
>--
>Press <Alt-A> to Adopt Me! I need a better home.
Unruh
>"Alun Jones" <al...@texis.invalid> writes:
>>Then you just point back to this thread as a priori evidence that WEP can be
>>cracked in minutes by a large set of people, a subset of whom would include
>>anyone with a criminal bent and a couple of hours to do the research and
>>find the right tool online.
>Then the prosecution would deny it and will do the math with 128 bit keys,
>and juries, eager to convict as always, will lean towards believing the
>prosecution.
And if your defence lawyer is smart, he brings in your wireless and a
laptop and demonstrates how to crack it , or brings in an expert witness to
demonstrate. The prosecution would be idiots to that that tack.
dav...@alpha2.mdx.ac.uk
>Dave Hazelwood <the_big...@mailcity.com> wrote:
>
>> Yup you get me. I want to know what my exposure is for the "wired"
>> guys on the router if the wireless is activated even if it is not
>> being used. Can the wired lan be eavesdropped upon ?
>
>wired LAN is 100MBit, the WLAN at most 54MBit. Even IF you can trick a
>WLAN router to route packets through the antenna, you'd loose a lot of
>packets.
>
With most home WLAN router's the router and firewall is to connect to and
protect you from the Internet. The Wireless connections will appear to be on
the same segment as the switched wired ports. Check what addresses the inbuilt
DHCP server is giving out to your wired and wireless clients - in most cases
they will be on the same subnet.
Hence all broadcast packets will be going out over the airwaves. This will give
away some information about the systems on your wired network eg MAC addresses.
Since it is a switched wired network non-broadcast traffic from your wired
systems to the internet or to other wired systems shouldn't, by default,
be seen.
David Webb
Security team leader
CCSS
Middlesex University
>Juergen Nieveler
>--
>Lunix... because I'm better than you.
z0nk
> Greetings,
>
> I am in the process of setting up wireless access in our small office.
> The wireless access point hardware I have seen is all equipped to do up
> to 128 bit WEP encryption and MAC filtering. A couple of questions:
>
> 1. I have read that WEP is broken. Is it really? Do I want to use
> something else? One of the laptops that will be connecting is a few
> years old and it's built in wireless supports WEP 128 but not other
> encryption as far as I can tell.
>
> 2. MAC filtering seems to me to be a great idea. Adds a layer of
> security. If WEP is enabled, is the MAC address of the laptop also
> encrypted? Does it matter?
>
> 3. Thinking out loud now. If my laptop is busy looking for wireless
> access points, and transmitting it's MAC address in the clear. Assume an
> attacker learns my MAC address. Then I get to my office and log on to
> the Wireless Access Point. It requires that I send the MAC encrypted.
> Does the attacker have a crib that will them to pry open WEP 128? If
> so, am I better off with just WEP and not MAC filtering?
>
Your network is not save. Perhaps you need 30min-3hour to acces to your
wirles network. The best idea is use Radius. I don't know any person
who's broke radius security. sorry for my terrible english. In poland
wardriving is popular too :)
ROBERT S AMP BA Drake
1. Hide your wireless network
2. Change its name from the provider default
3. Limit the IPs of the computers using the router to just what you need.
The default is usually about 25
Bob Drake
"Unruh" <unruh...@physics.ubc.ca> wrote in message
news:difg9n$fvf$2...@nntp.itservices.ubc.ca...
> John Hyde <EJ...@netscape.net> writes:
>
>>> WEP128 is broken, it's not even worth thinking about anymore.
>>>
>>>
>>> Juergen Nieveler
>
>>Thanks for the reply. I'll be trying to find a firmware upgrade for the
>>laptop since it is built in. If not, I'll take the advice of finding an
>>alternate card.
>
>>I did find this interesting quote about WEP.
>
>>"WEP is better than nothing
>
>>If you can't use WPA, perhaps because you can't afford new base stations
>>and Panther upgrades for all your laptops, at least enable WEP, feeble
>>though it may. There is an old joke about two guys hiking in the woods
>>who spot a mean looking grizzly bear heading their way. One of the
>>hikers takes off his back pack, pulls out running shoes, and starts
>>putting them on. The other says "You idiot, you can't outrun a hungry
>>bear in the woods." The first replies "I don't have to outrun the bear,
>>I only have to outrun you." Even minimal security may be effective
>>against snoops who have plenty of unprotected targets to choose from.
>>Use the higher, 128-bit security setting, if possible, and change
>>passwords frequently."
>
>>From: http://world.std.com/~reinhold/airport.html
>
> That depends on whether or not someone wants to target you. do you have
> competitors who you would rather not have on your network? They do not
> care
> that the lumber yard down the street is easier to break into, they want
> you.
>
> Ie, if the bear wants you, for your red hat, being able to run faster than
> your friend is irrelevant.
>
ROBERT S AMP BA Drake
The earlier anology about the bear and the tennis shoes is a good one. When
"war driving" for a network, the wide open ones will be attacked. If yours
is at least WEP, hidden, and protected with a strong password, the "bear"
will fo after the other networks.
Around where I live, I can go through "condo canyon" and see 20-30 wide open
wireless networks. WEP is better than nothing.
"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
news:7dX2f.144$N57...@newsfe1-gui.ntli.net...
> "Juergen Nieveler" <juergen.nie...@arcor.de> wrote in message
> news:Xns96EC8D9048DF...@nieveler.org...
>> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote:
>>
>> >> Either go for real security, or no security - if you have no
>> >> encryption enabled, you'll at least always remember that there's a
>> >> good reason to be carefull.
>> >
>> > Interesting argument.
>> >
>> > A car ignition lock can be forced.. so do you park your car with the
>> > doors open and the key in the ignition? ;o)
>>
>> No, I keep the Garage door locked ;-)
>>
>> And yes, as the car windows are transparent and non-armoured, I don't
>> leave valuables lying openly in the car.
>
> So, in other words, some security (even fairly inadequate) is batter than
> a
> choice of none at all?
>
> I *do* follow your argument, but I would hope that we agree that "some" is
> better than "none". Particularly if we all understand the limitations of
> "some".
>
> "Holy Dictionary, Batman":
>
> Uncrackable, adj.
> Something that hasn't been cracked just yet. Give it a year or two.
>
> :o)
>
> H1K
>
>
ROBERT S AMP BA Drake
better keep it in encrypted files with strong keys. Cat 5 won't help you -
firewalls raise the bar a bit
"Imhotep" <Imh...@nospam.net> wrote in message
news:mYKdnRc6eKZrb9fe...@adelphia.com...
> John Hyde wrote:
>
>> Greetings,
>>
>> I am in the process of setting up wireless access in our small office.
>> The wireless access point hardware I have seen is all equipped to do up
>> to 128 bit WEP encryption and MAC filtering. A couple of questions:
>>
>> 1. I have read that WEP is broken. Is it really? Do I want to use
>> something else? One of the laptops that will be connecting is a few
>> years old and it's built in wireless supports WEP 128 but not other
>> encryption as far as I can tell.
>>
>> 2. MAC filtering seems to me to be a great idea. Adds a layer of
>> security. If WEP is enabled, is the MAC address of the laptop also
>> encrypted? Does it matter?
>>
>> 3. Thinking out loud now. If my laptop is busy looking for wireless
>> access points, and transmitting it's MAC address in the clear. Assume an
>> attacker learns my MAC address. Then I get to my office and log on to
>> the Wireless Access Point. It requires that I send the MAC encrypted.
>> Does the attacker have a crib that will them to pry open WEP 128? If
>> so, am I better off with just WEP and not MAC filtering?
>>
>>
>> Thanks for all your thoughts,
>>
>> John
>
>
> Your security policies should match the security risk you are willing to
> live with. In other words, do you have sensitive date? Critical data?
> Analyze what you have on your computer and how "sensitive" it really is.
> WEP is a very weak "encryption" protocol and I have read, but not done it
> yet, that it can be broken in minutes. MAC filtering is moot and really
> gets you little added security....
>
> If your data is that important, ie you have SS#, credit card info, etc,
> etc
> Just use some cat5....or look into some of the new wireless protocols.
>
> Imhotep
ShadowEyez
business that has ANYTHING sensitive being transmitted over the air, DO
NOT use WEP. It is trivial to break - trust me.
WPA with a password (WPA-PSK) is can be brute-forced by an entity with
enough computing power (read: $$$) and because of this most businesses
use a radius server with WPA. Most of your cards probably support this
with a driver and/or firmware update, and win XP with SP2 has the
software for connecting securely to a radius server with WPA.
MAC filtering is useless, as any one who knows what they are doing can
bypass this, as you don't even need to crack encryption to see the MAC
address.
Hope this helps,
ShadowEyez
John Hyde
> The arguments for security vs. practicality are all nice, but if have a
> business that has ANYTHING sensitive being transmitted over the air, DO
> NOT use WEP. It is trivial to break - trust me.
Yeah, I got that message loud and clear.
>
> WPA with a password (WPA-PSK) is can be brute-forced by an entity with
> enough computing power (read: $$$) and because of this most businesses
> use a radius server with WPA. Most of your cards probably support this
> with a driver and/or firmware update, and win XP with SP2 has the
> software for connecting securely to a radius server with WPA.
>
So, in a brute force attack, how long does it take to try each possible
permutation? Surely this is a matter of sending each permutation to the
wireless access point and having it accepted or rejected. So how many
can you try a second? I assume the limitation is not processor speed,
but the turn around time for the wireless nodes to attempt a connection.
I have no concept of how long it would take an attacker. I know that
when my laptop attempts to connect to a wireless, it takes a few
seconds. Some of that time is also negotiating the rest of the
connection, so how long is spent up to the point of a WPA password being
accepted or rejected? This really is the question for whether a
password can be brute forced in the real world.
If I understand the math correctly, a password made up of 5 "diceware"
words (from a dictionary of 7,000 right?) would have 7,000^5 =
1.68*10^19 possible passwords.
If you can do 10 a second, that works out to 315 million tries a year
(3.15*10^8) so it will take about 10 million years.
On the other hand, if you could transmit one attempt each clock cycle of
the sending computer (I assume bus speed, not cpu speed) say 333 Mhz,
then the tries per year is 1.05*10^16. It would still take 2,000 years
to try all the permutations, but someone might consider this a possibility.
Of course, if the attacker does not know that they are attacking a
Diceware passphrase, then they'll have to try all the alphanumeric
combinations of the same length (Diceware words are 5 letters, right?)
so upper and lower case, numbers and the symbols over the numbers only
So, 26 letters, upper and lowercase, that's 52, 10 numbers and 10
symbols and a 25 character password. Uh that would be 72^25 or
2.71*10^46. So, even if you can send one attempt a clock cycle (which I
doubt) then it will take you 10^30 years.
But perhaps "brute force" means something else. I'm certainly no
cryptographer. (And not much of a mathmatician either).
> MAC filtering is useless, as any one who knows what they are doing can
> bypass this, as you don't even need to crack encryption to see the MAC
> address.
>
Well, that was one of my questions, "is the MAC encrypted by WEP?" I
guess this would be a "NO." Still, I would not say MAC filtering is
totally useless. At least it forces an attacker to wait around until I
connect to see what an acceptable MAC address is. Not much of a burden,
but it prevents a "drive by."
Volker Birk
> 1. Hide your wireless network
This does not help with security at all. (if you mean disabling ESSID
broadcast)
> 2. Change its name from the provider default
This does not help with security at all.
> 3. Limit the IPs of the computers using the router to just what you need.
This does not help with security at all. (if you mean MAC filtering or
a max count for the connections)
Volker Birk
> "war driving" for a network, the wide open ones will be attacked. If yours
> is at least WEP, hidden, and protected with a strong password, the "bear"
> will fo after the other networks.
A wardriver will crack the low secure network while already using the
unsecured networks.
No bear in sight.
> WEP is better than nothing.
Having a sign at the garden's gate "Do not enter!" is better than
nothing.
Volker Birk
[WPA-PSK]
> So, in a brute force attack, how long does it take to try each possible
> permutation?
This depends on the entropy your passphrase has. So better use enough
entropy.
> Of course, if the attacker does not know that they are attacking a
> Diceware passphrase, then they'll have to try all the alphanumeric
> combinations of the same length (Diceware words are 5 letters, right?)
Wrong. A dictionary attack any sensible attacker will do first, because
it's likely that words are used, and it can be done without extra costs
before a brute force attack.
> But perhaps "brute force" means something else.
No, your description is correct.
> Well, that was one of my questions, "is the MAC encrypted by WEP?" I
> guess this would be a "NO."
Yes, it will be a "No" ;-)
> Still, I would not say MAC filtering is
> totally useless. At least it forces an attacker to wait around until I
> connect to see what an acceptable MAC address is. Not much of a burden,
> but it prevents a "drive by."
There are only 2^48 possible MAC addresses. And many of them are reserved.
And the manufacturers have fixed address ranges for their NICs.
ShadowEyez
WPA is dependent on CPU speed, and here's why. When attacking WPA with
programs like Aircrack or COWpatty, the attacker first captures the
4-packet association that WPA always does. With WPA2 they optimized it
to 3 packet - same in principle but no common software tries to crack
WPA2 AFAIK - this does not mean it's hard to do for a good programmer.
From what I understand WPA's 4-packet association has a
challenge-response in it of a Pre-Shared Key that is hashed (calculated)
using the user-supplied password and the ESSID (name) of the network.
Once the attacker has the captured packets (usually in a .cap file)
(s)he runs the program which basically calculates the hash from the
essid and every password in his/her dictionary.
Paranoia says if a really good attacker wanted to, (s)he could make a
program to go through every combination of pre-shared key (which is 64
HEX digits, so 0-9 and A-F), not even attempting passwords but would get
any possible key, which would take a _long_ time. Reality says use a
good password (not in a dictionary, I'm assuming you know the rules) and
you'll be fine.
As a point of reference, I have a 3 ghz intel CPU which can go through
around 120 passwords/sec on aircrack. I shutter to think what NSA or
even a big/well funded company can do with mainframes and clusters of
servers ;-)
>> MAC filtering is useless, as any one who knows what they are doing can
>> bypass this, as you don't even need to crack encryption to see the MAC
>> address.
>>
> Well, that was one of my questions, "is the MAC encrypted by WEP?" I
> guess this would be a "NO." Still, I would not say MAC filtering is
> totally useless. At least it forces an attacker to wait around until I
> connect to see what an acceptable MAC address is. Not much of a burden,
> but it prevents a "drive by."
Think of it like this - if someone wanted in and could get through WPA,
do you really think MAC filtering would slow them down ;-)
ShadowEyez
Joris Dobbelsteen
news:M_69f.1516$te3....@typhoon.sonic.net...
>
[snip]
> Paranoia says if a really good attacker wanted to, (s)he could make a
> program to go through every combination of pre-shared key (which is 64
> HEX digits, so 0-9 and A-F), not even attempting passwords but would get
> any possible key, which would take a _long_ time. Reality says use a
> good password (not in a dictionary, I'm assuming you know the rules) and
> you'll be fine.
>
> As a point of reference, I have a 3 ghz intel CPU which can go through
> around 120 passwords/sec on aircrack. I shutter to think what NSA or
> even a big/well funded company can do with mainframes and clusters of
> servers ;-)
In this respect I believe you should know what kind of adversery you are
trying to prevent to access your network.
For you usual neighboors, WEP might be sufficient.
If the adversery is more skilled, WPA(2) could pose a barrier, most
people/organizations won't be able to brake.
If the adversery is the NSA (or similar) I don't think you should have to
worry about wireless security in the first place.
So first estimate the value of your data, the risk of attacks and the costs
(in the larger meaning) of a successful attack.
This way you might be able to deside that for a small office WPA with a
pre-shared key might be sufficient. Considering that installing RADIUS might
be too much of an burden. Ensure your servers are sufficiently secure. Maybe
you should ensure the wireless network has not access to (some of) them.
Of course if you don't have the technical possibilities of implementing WPA,
you should at least try to provide the maximal security that is possible,
meaning WEP. There might be legal reasons to do so. You should verify this,
but I believe in some/most countries you must provide security measures that
are reasonable for what you are protecting.
- Joris
John Hyde
Uh, I think they'd be better off with passwords. The math on those
permutations: 16 hex digits, 64 in length = 16^64 = 1.15*10^77. If I
were buying the CPU time, I'd take 10^46 any day.)
>
> As a point of reference, I have a 3 ghz intel CPU which can go through
> around 120 passwords/sec on aircrack. I shutter to think what NSA or
> even a big/well funded company can do with mainframes and clusters of
> servers ;-)
>
Ok, that's an interesting data point. Note my "one try per clock cycle"
example above. Here's that math:
333 Mhz = 333,000,000 cycles per second.
333,000,000 * 3600 (sec/hour) = 1.19*10^12 or 1.19e12
1.19e12 * 24 (hour/day) = 2.87e13
2.87e13 * 365 (day/year) = 1.05e16.
If you assume that you can get one try per clock cycle, then this is the
number of tries per year. To figure the number of years, you can
divide, but it's close enough to just subtract exponents.
That's where the "10^30 years" came from" (1.0e30).
So how can a well funded company do? Assume from your example that they
have software/hardware that is 10 times as fast = 1200 passwords/sec.
They will need 277,500 such machines working together just to get to my
333 Mhz range.
Naturally you can slice and dice this anyway you want. Give me more
assumptions and I'll give you another ridiculous number of years (and
$$$) to brute force my password. Actually, I can give you a guaranteed
way to "crack" the passwords on my home network. Calculate the cost to
run a server farm of 277,500 for even one year (make sure that you
include hardware, maintenance, etc. or a fair market lease rate), and
then pay me instead. (Cash only please, I'll be opening new bank
accounts) Remember that even with that install, you are still looking
at 1.0e30 years, and I'll guarantee an answer in much less time. ;-)
Regards,
JH
ShadowEyez
> Ok, that's an interesting data point. Note my "one try per clock cycle"
> example above. Here's that math:
>
> 333 Mhz = 333,000,000 cycles per second.
> 333,000,000 * 3600 (sec/hour) = 1.19*10^12 or 1.19e12
> 1.19e12 * 24 (hour/day) = 2.87e13
> 2.87e13 * 365 (day/year) = 1.05e16.
> If you assume that you can get one try per clock cycle, then this is the
> number of tries per year. To figure the number of years, you can
> divide, but it's close enough to just subtract exponents.
language the code is programmed in, how well the code is written, the
CPU speed and design, and the OS you're running, your lucky if you can
get 150/sec with aircrack for WPA. From what I've seen of the aircrack
code, each "try" involves hashing a chosen password with an ESSID with
the HMAC function, meaning there is a lot of overhead with each attempt.
If I get 120/sec with a 3.0 ghz, 3e9/120 = 25e6 (25 mhz) per try, not 1
hz per try.
>
> That's where the "10^30 years" came from" (1.0e30).
>
> So how can a well funded company do? Assume from your example that they
> have software/hardware that is 10 times as fast = 1200 passwords/sec.
> They will need 277,500 such machines working together just to get to my
> 333 Mhz range.
A paranoid person would say NSA has a back-door for both TKIP and AES
(the WPA and WPA2 algorithms). Keep in mind the average time to crack a
password is statistically 1/2 the time it takes to "run through" all of
them.
A well funded company would probably have mainframes or clusters with
thousands of times more computational power than my laptop. A big
company with competent programmers and enough computing power could
probably break through wireless-anything save WPA2 with EAP-TLS radius
and even then...
> Naturally you can slice and dice this anyway you want. Give me more
> assumptions and I'll give you another ridiculous number of years (and
> $$$) to brute force my password. Actually, I can give you a guaranteed
> way to "crack" the passwords on my home network. Calculate the cost to
> run a server farm of 277,500 for even one year (make sure that you
> include hardware, maintenance, etc. or a fair market lease rate), and
> then pay me instead. (Cash only please, I'll be opening new bank
> accounts) Remember that even with that install, you are still looking
> at 1.0e30 years, and I'll guarantee an answer in much less time. ;-)
What a deal ;-)
Back to reality: my recommendation for most plp is to pick a big long
password and use WPA2 if all your equipment supports it and WPA if not,
as setting up a radius server is not for everyone, and WPA support is on
most wireless stuff sold these days.
ShadowEyez
John Hyde
>>Ok, that's an interesting data point. Note my "one try per clock cycle"
>>example above. Here's that math:
>>
>>333 Mhz = 333,000,000 cycles per second.
>>333,000,000 * 3600 (sec/hour) = 1.19*10^12 or 1.19e12
>>1.19e12 * 24 (hour/day) = 2.87e13
>>2.87e13 * 365 (day/year) = 1.05e16.
>>If you assume that you can get one try per clock cycle, then this is the
>>number of tries per year. To figure the number of years, you can
>>divide, but it's close enough to just subtract exponents.
>
> One try per clock cycle is not even close to reality. Depending on the
> language the code is programmed in, how well the code is written, the
> CPU speed and design, and the OS you're running, your lucky if you can
> get 150/sec with aircrack for WPA. From what I've seen of the aircrack
> code, each "try" involves hashing a chosen password with an ESSID with
> the HMAC function, meaning there is a lot of overhead with each attempt.
> If I get 120/sec with a 3.0 ghz, 3e9/120 = 25e6 (25 mhz) per try, not 1
> hz per try.
>
realistic. But it helps to make a point. Your example is slower than mine.
>
>>That's where the "10^30 years" came from" (1.0e30).
>>
>>So how can a well funded company do? Assume from your example that they
>>have software/hardware that is 10 times as fast = 1200 passwords/sec.
>>They will need 277,500 such machines working together just to get to my
>>333 Mhz range.
>
> A paranoid person would say NSA has a back-door for both TKIP and AES
> (the WPA and WPA2 algorithms).
Yes, and maybe they do and maybe they don't, but that's not "brute
force" is it? And does not depend on computing power to solve.
Keep in mind the average time to crack a
> password is statistically 1/2 the time it takes to "run through" all of
> them.
>
Which means that the number of years has a pronuncible name. What comes
after a quadrillion?
> A well funded company would probably have mainframes or clusters with
> thousands of times more computational power than my laptop.
I agree. Perhaps a million times more?
A big
> company with competent programmers and enough computing power could
> probably break through wireless-anything save WPA2 with EAP-TLS radius
> and even then...
>
And even then, if your password is sufficiently random, and long enough,
then the million times more computing power reduces the time to brute
force from 10^30 to 10^24. Using your figure for statistically 1/2 the
time to solution and it's 10^12 years. Hey, a trillion, I really can
pronunce that! I'll still be dead when they're done, but I can
pronounce it!
>
>>Naturally you can slice and dice this anyway you want. Give me more
>>assumptions and I'll give you another ridiculous number of years (and
>>$$$) to brute force my password. Actually, I can give you a guaranteed
>>way to "crack" the passwords on my home network. Calculate the cost to
>>run a server farm of 277,500 for even one year (make sure that you
>>include hardware, maintenance, etc. or a fair market lease rate), and
>>then pay me instead. (Cash only please, I'll be opening new bank
>>accounts) Remember that even with that install, you are still looking
>>at 1.0e30 years, and I'll guarantee an answer in much less time. ;-)
>
> What a deal ;-)
>
> Back to reality: my recommendation for most plp is to pick a big long
> password and use WPA2 if all your equipment supports it and WPA if not,
> as setting up a radius server is not for everyone, and WPA support is on
> most wireless stuff sold these days.
>
Oh, absolutely! The reason that security gets compromised is because
the cypher is cracked (WEP), or compromised (NSA Backdoors?) or because
the users pick their dog's name as the password. Basically if you can
find a way to pick strong passwords, that's one thing you don't have to
worry about.
Cheers,
John
maTze
i think, this point is clear... but what about quantum computers? seems
to be really unlikely that NSA has some in the very moment :]... but
things can change, eh? i guess they'd be faster this way than guessing
this amount of years (as described above).
however, it will take some time til they get one (if they ever get one).
at least i hope so...
Cheers,
maTze