From the Cobia Community Blog:
"WPA is not bulletproof, but it's a lot better than WEP. A script kiddy could break WEP in 10-20 minutes, where as I've been told WPA takes at least a week. WPA2 hasn't been cracked yet, to the best of my knowledge, but it's not supported by all vendors."
I'm sorry, but I need some backing up on this (bolded) statement, e.g. under what circumstances? As far as I know, using a strong key you should be pretty secure against any dictionary/brute force attacks against WPA-PSK. Maybe I have missed something and need some schooling :)
Only thing I could imagine is a huge rainbow table type of pre-calculated values to test, but even with current computing power it would become quite hard to go over a certain limit.
June 16, 2007
Subscribe to:
Post Comments (Atom)
4 comments:
*wanders in from... another blog...?* Huh, no, I don't think WPA-PSK can be cracked in one week. I know KisMac (lovely, wonderful wireless sniffing and cracking tool) has had support for WPA cracking by wordlist for a very long time now, and from a very brief google search, bruteforcing seems to be the only way to go right now...
Exactly :) That is the perception I've also had. I made the post to get some response on what this one-week comment was based on, of course getting the response may be a bit difficult, even if we are in the same blogger network.
Erm...I hate to burst anyone's bubble but WPA and WPA2 can both be cracked in minutes using a bruteforce dictionary attack, (in this regard WPA2 is no more secure than WPA! Naturally it depends on the password, if you use a lowercase 8 letter password from the standard English dictionary then your WPA is no more secure than WEP! Wordlists are usually alphabetised, so using a password such as "actually" would take less time than a word such as "xylophone"...but both are equally vulnerable to such dictionary attacks. A more appropriate password would include CAPITAL and lowercase letters, numbers, punctuation and spaces, and ideally it would be a minimum of 15 characters long. An example of a "safe" password would be "~Try2brEak ThIs pA22w0rd,.=!"...although for ultimate security you should employ the full 64 possible characters, with random characters and avoid any proper words, (including "foreign" words), adding any special characters that your local keyboard will support. Remember that once someone has "hacked" your encryption all the data you send across WIFI is vulnerable, (as is your computer itself). I hope this advice helps, security is paramount so don't let anyone take it from you without a fight...so secure your network properly!!!
Hi,
Thanks for your input, but I fail to see the bursted bubble (if it was directed to me), as I have been using the longest possible passphrase with WPA since day one I took it in use. I also said that creating a rainbow table to certain length will be computationally difficult, hence dictionary attack being effective only to a certain length.
But anyways, good advice and nice that the blog post woke someone up! :)
Post a Comment