[Tfug] Slightly OT crypto question (WiFi/WPA)

Sun Dec 13 10:53:11 MST 2009

> OK, but...a deauthentication attack means
> they just shut down the WiFi setup, rather than read data
> from it, right?

Any time you can force the client to reauthenticate.  I suspect
"noise" of the right color that interferes with transmissions
(complete packets) between the client would eventually force
this -- without having physical access to the link.

I suspect you could also forge packets from the client's MAC
and "confuse" things enough to force a reauthentication?
(dunno)

> On Sun, Dec 13, 2009 at 10:22 AM,
> David Rice <david.l.rice at gmail.com>
> wrote:
> 
> I think that's a good password
> for dictionary attacks, but if your really concerned about
> other attacks then you need to log authentication attempts
> and alert on some sort of threshold of bad attempts, Long
> passwords won't cover deauthentication attacks, this is
> were you force the client to disconnect and you capture the
> authentication attempt, the brute force that using rainbow
> tables offline. So I would also hard code the mac addresses
> that you trust if your really worried about it.

But even that can be spoofed...

> On
> Sun, Dec 13, 2009 at 9:51 AM, Jim March <1.jim.march at gmail.com>
> wrote:
> 
> We all set up and run WiFi routers once in a while so this
> only slightly off-topic.
> 
> Dictionary attacks against WPA security are on the rise. 
> The latest trend:
> 
> http://news.techworld.com/security/3208347/new-cloud-hacking-service-steals-wi-fi-passwords
> 
> Throw enough MIPS at it, it'll break.

That is always the case.  Don't trust any medium to which you can't
control access!  My wireless router has a power switch (added) on
it.  It is off probably 99.5% of the time (i.e., on less than an 
hour per week).  Nothing plugs into the *wired* router ports on
it.  And, the WLAN port goes through my bastion host *before*
it gets to any other machine.  (I take "access" to my network
very seriously   :< )

> At this point, it still appears unlikely something like
> "5435GDS5YHFHJF37GFBA" will fall any time soon. 
> While "thesaurus" is meat for the beast.  My
> question is, what about:
> 
> ithinktucsonreallysucks
> 
> ?
> 
> In other words, phrases of that sort that contain
> dictionary words, but are not themselves in any possible
> dictionary.
> 
> How secure are they as compared to really randomized
> passwords?

With rainbow tables, "IthiNkTh at YouRiN4asURpriZe!" and "sex"
are equally bad (well, the former is better simply due to
its *length* -- the point being the latter is one of the most
common passwords and the former *seems* really cryptic).

Rainbow tables just brute force possible "character
combinations" (note I didn't say "letter combinations")
so if a table has been built using all of the characters
that you have chosen in your key AND it is long enough
to cover the *number* of characters in your key, then your
door is wide open.  E.g., cracking passwords on a windows
box takes a few *minutes*.