[Tfug] Slightly OT crypto question (WiFi/WPA)

David Rice david.l.rice at gmail.com
Sun Dec 13 10:22:49 MST 2009


I think that's a good password for dictionary attacks, but if your really
concerned about other attacks then you need to log authentication attempts
and alert on some sort of threshold of bad attempts, Long passwords won't
cover deauthentication attacks, this is were you force the client to
disconnect and you capture the authentication attempt, the brute force that
using rainbow tables offline. So I would also hard code the mac addresses
that you trust if your really worried about it.

On Sun, Dec 13, 2009 at 9:51 AM, Jim March <1.jim.march at gmail.com> wrote:

> Folks,
>
> We all set up and run WiFi routers once in a while so this only slightly
> off-topic.
>
> Dictionary attacks against WPA security are on the rise.  The latest trend:
>
>
> http://news.techworld.com/security/3208347/new-cloud-hacking-service-steals-wi-fi-passwords
>
> Throw enough MIPS at it, it'll break.
>
> At this point, it still appears unlikely something like
> "5435GDS5YHFHJF37GFBA" will fall any time soon.  While "thesaurus" is meat
> for the beast.  My question is, what about:
>
> ithinktucsonreallysucks
>
> ?
>
> In other words, phrases of that sort that contain dictionary words, but are
> not themselves in any possible dictionary.
>
> How secure are they as compared to really randomized passwords?
>
> Thanks,
>
> Jim
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20091213/3b65ea89/attachment-0002.html>


More information about the tfug mailing list