feasibility of cracking wpa
Just a question,
To the best of my understanding, the way all of the wpa cracks work at present is using dictionary attacks and using these dictionary entries as possible wpa keys.
Taking into account the fact that these key's need to be at least 8 chars long, most users will pick something as a password usually something shorter then 8 chars long and either add another word or add numbers to it.
Thus essentially reducing the chance of it being in a dictionary or wordlist?
i.e my old wpa password was something like kevinrules. and i assume alot of people also do this or would use a known password and add numbers to then.
By doing this these wpa keys become very hard to crack?
If so this would make the majority of wpa keys very difficult to crack.
Exactly, especially if the user chooses a long, 63 characters is the upper limit, password cracking it using a dictionary attack becomes unfeasible.Originally Posted by blindnz
Of course there are always client side attacks, which in many cases is the only realistic way to go.
-Monkeys are like nature's humans.
I still think social engineering is absolutely underrated.
As said before: there is no patch for human stupidity
Tiocfaidh ár lá
So very, very true. A lot of people seem to concentrate only on the new tools and exploits that come out, although the same old tricks that worked 15 years ago still work today.I still think social engineering is absolutely underrated.
As said before: there is no patch for human stupidity
-Monkeys are like nature's humans.
Even for the technical more savvy guys that applies. Once in a while one will make a mistake and boom, you got pwned by some sort of malware. I don't exclude myself here.
Even if it is only on a testmachine/virtual machine.
And I am talking of non intended infections.
Tiocfaidh ár lá
There is, its called training... fortunately/unfortunately (depends on who you are) that's one patch that almost never gets applied.I still think social engineering is absolutely underrated.
As said before: there is no patch for human stupidity
Even if it gets applied, guess how long it will take before people forget. Give it maximum a month the training will have an actual result. Afterwards people will get back to their old behaviour, especially if it makes work more complicated for them instead of making it easier. A regular user won't understand why he should pay more attention, it just makes everything harder and he has to remember more stuff.
In theory it is different yeah, but in the real life it is most likely like that. Sure there might be exceptions but usually it is like that.
Tiocfaidh ár lá
Heh, I often have a buddy of mine call random employees and say "Hi, this is Dave. I am the new IT intern. I need to fix your mailbox files, and for that I am going to need your username and password". 95% of the time they just give it to him, even though I tell them not to, and there is no intern in my department.
Yeah, that's exactly the point and it is the same all over the world. Users are users always the same and that won't change.
Human stupidity, the best vulnerability since 100K years.
No end predictable.
Tiocfaidh ár lá
Posting Permissions
