[Tfug] Slightly OT crypto question (WiFi/WPA)

David Rice david.l.rice at gmail.com
Sun Dec 13 10:54:24 MST 2009


No they force one of the clients to disconnect or wait for a client to
connect to the wifi then capture the authentication streams, that has the
key that your trying to crack. The sort version is password authentication
doesn't stop the motivated attacker. If your really worried about it layer
your security. Connect via wifi then force VPN into the network.

On Sun, Dec 13, 2009 at 10:32 AM, Jim March <1.jim.march at gmail.com> wrote:

> OK, but...a deauthentication attack means they just shut down the WiFi
> setup, rather than read data from it, right?
>
> Jim
>
>
> On Sun, Dec 13, 2009 at 10:22 AM, David Rice <david.l.rice at gmail.com>wrote:
>
>> I think that's a good password for dictionary attacks, but if your really
>> concerned about other attacks then you need to log authentication attempts
>> and alert on some sort of threshold of bad attempts, Long passwords won't
>> cover deauthentication attacks, this is were you force the client to
>> disconnect and you capture the authentication attempt, the brute force that
>> using rainbow tables offline. So I would also hard code the mac addresses
>> that you trust if your really worried about it.
>>
>> On Sun, Dec 13, 2009 at 9:51 AM, Jim March <1.jim.march at gmail.com> wrote:
>>
>>> Folks,
>>>
>>> We all set up and run WiFi routers once in a while so this only slightly
>>> off-topic.
>>>
>>> Dictionary attacks against WPA security are on the rise.  The latest
>>> trend:
>>>
>>>
>>> http://news.techworld.com/security/3208347/new-cloud-hacking-service-steals-wi-fi-passwords
>>>
>>> Throw enough MIPS at it, it'll break.
>>>
>>> At this point, it still appears unlikely something like
>>> "5435GDS5YHFHJF37GFBA" will fall any time soon.  While "thesaurus" is meat
>>> for the beast.  My question is, what about:
>>>
>>> ithinktucsonreallysucks
>>>
>>> ?
>>>
>>> In other words, phrases of that sort that contain dictionary words, but
>>> are not themselves in any possible dictionary.
>>>
>>> How secure are they as compared to really randomized passwords?
>>>
>>> Thanks,
>>>
>>> Jim
>>>
>>> _______________________________________________
>>> Tucson Free Unix Group - tfug at tfug.org
>>> Subscription Options:
>>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>>
>>>
>>
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>
>>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20091213/4ef7283b/attachment-0002.html>


More information about the tfug mailing list