Results 1 to 9 of 9

Thread: General Wireless Questions

  1. #1
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    2

    Default General Wireless Questions

    Hi,

    Fisrst post so take it easy.

    Been looking around and have cracked wep at home just for a test. It is so easy to do with some research. Also seen the ideas behind wpa cracking and have managed to find my hidden ssid. My questions are is wpa safe if you use a password from some where like grc.com[/url] which would be a long mixed password. Can wpa only be cracked from words out of a dictionary ?

    Thanks for your help.

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by markiejd View Post
    Hi,

    Fisrst post so take it easy.

    Been looking around and have cracked wep at home just for a test. It is so easy to do with some research. Also seen the ideas behind wpa cracking and have managed to find my hidden ssid. My questions are is wpa safe if you use a password from some where like grc.com[/url] which would be a long mixed password. Can wpa only be cracked from words out of a dictionary ?

    Thanks for your help.
    If you use a passphrase with lowercase,uppercase,numbers and special characters and make it at least 15 characters long the chances of some one brute forcing it are slim to none.
    ex. dyo+&Q;upa@?Np+/*

    It would probably take more than a few years to brute force this.

  3. #3
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    2

    Default

    Thanks for the speedym response.

    If I do this and also set my router to not allow any new connections on the wireless this should be ok.

    WPA on cracks on words in a dictionary ?

    Thanks,

  4. #4
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by markiejd View Post
    Thanks for the speedym response.

    If I do this and also set my router to not allow any new connections on the wireless this should be ok.

    WPA on cracks on words in a dictionary ?

    Thanks,
    I think the "not allow any new connections" thing is mac address filtering. Not really useful, as macs can be spoofed. Most wpa attacks are using precompiled dictionaries, so yes it is a dictionary attack. I'm sure they could use John to just start throwing random characters at it, that's why purehate said use one at least 15 characters long. I'm sure there's a math genius here somewhere that could tell us how many possible combinations that would be. It's a really big number though.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  5. #5
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Barry View Post
    I think the "not allow any new connections" thing is mac address filtering. Not really useful, as macs can be spoofed. Most wpa attacks are using precompiled dictionaries, so yes it is a dictionary attack. I'm sure they could use John to just start throwing random characters at it, that's why purehate said use one at least 15 characters long. I'm sure there's a math genius here somewhere that could tell us how many possible combinations that would be. It's a really big number though.
    I'm fairly sure it's more than 42.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #6
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Quote Originally Posted by purehate View Post
    If you use a passphrase with lowercase,uppercase,numbers and special characters and make it at least 15 characters long the chances of some one brute forcing it are slim to none.
    ex. dyo+&Q;upa@?Np+/*

    It would probably take more than a few years to brute force this.
    True, another aspect I see people overlook is the physical one. As renderman has pointed out before with the use of a switchblade.





    switchblade's are evil
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  7. #7
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by PrairieFire View Post
    True, another aspect I see people overlook is the physical one. As renderman has pointed out before with the use of a switchblade.





    switchblade's are evil
    Just let me say, that particular incident was hilarious, and the particular vendor was none too pleased.

    Did you see the video of Render cracking the safe on stage at Shmoo two years ago?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #8
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Quote Originally Posted by streaker69 View Post
    Just let me say, that particular incident was hilarious, and the particular vendor was none too pleased.

    Did you see the video of Render cracking the safe on stage at Shmoo two years ago?
    Yes, what ended up being inside the safe?

    For others interested check here.
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by PrairieFire View Post
    Yes, what ended up being inside the safe?

    For others interested check here.
    Well, nothing because I didn't have time to get anything in it. If you watch the video, I showed up late and had to get the safe on the table shortly after they started presenting.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •