FBI Teaches Lesson In How To Break Into Wi-Fi Networks

[whatthe]

Nothing new, just thought it was an interesting article.

http://informationweek.securitypipeline.com/160502612

[GONEin62nd]

Hi there!

Good demonstration, although after some thinking,

He encrypted the access point with a 128 bit key—made by just keying in random letters and numbers.

At least the Agent should have used a strong PASSPHRASE and demonstrate it. If I were there, I will try to ask if I can also join the fun by being the ONE who will put the PASSPHRASE and see them CRACKING in action. Of course I will use the MAXIMUM allowed PASSPHRASE CHARACTERS to be entered and observe the next few moments while they’re on to CRACKING IT.

128 bit WEP key

Ehem, since it could be down to 104 (after subtracting the semi-random 24 bit number called an Initialization Vector (IV), as part of the key, they haven’t mentioned CRACKING WPA (Wi-Fi Protected Access) standard yet.

3) Use WPA with a strong key WPA is a definite improvement over WEP in providing wireless security. But the version intended for home and SOHO use—WPA-PSK—has a weakness shared by any passphrase security mechanism. The choice of simple, common and short passphrases may allow your WPA-protected WLAN to be quickly compromised via dictionary attack (more info here).

dictionary attack!? OK, what if we really use a stronger PASSPHRASE, any other related tools to do the CRACKING job?

-GONE

[Negative]

GONEin62nd >

The point here is that no matter what WEP-key you choose, it can (and will) be cracked. The "keying in random letters and numbers" mentioned in the article is about the strongest passphrase one can have, wouldn't you think? If, as you mention, the agent would have used a "strong passphrase" (which imo, he did, by just typing in a bunch of gibberish), the result would have been the same: it would be cracked in a matter of minutes, just because of the way WEP works - not because of a strong Vs. weak choice in passphrase.

With WPA on the other hand, the passphrase does matter. WPA PSK can be cracked, but for now the only way to do it is with a dictionary attack: hence, the passphrase does matter. With WPA, there are two common options for now: TKIP, and AES. TKIP is the minimum, and for now (afaik), it's safe - probably not for long, though. AES on the other hand is the standard, and (again, afaik) rock-solid and, for now, uncrackable. Again, though, this only goes for a strong (random letters and numbers is what I do - putting your entire hand on the keyboard and smacking it a couple of times is what I prefer) passphrase.

So, in short: WEP can be cracked easily, no matter what passphrase. WPA depends on the passphrase, since the encryption (with AES) is rock-solid (for now).

That's what I understand from all this - and why I have WPA with AES on my AP and clients with a password generated by banging my hand up and down the keyboard ...

If I'm wrong, feel free to correct me

[GONEin62nd]

Negative,

Thank you for the enlightenment. Well, as of now, I coundn't agree more with the WEP.

For WPA, I will still check more white papers and stuff related to it.

Since WIRELESS TECHNOLOGY and DEVELOPMENT OF SECURING it is promising, I am curious about things happening with it.

and why I have WPA with AES on my AP and clients with a password generated by banging my hand up and down the keyboard

Nice way of creating password. By-The-Way, if any, what PASSPHRASE STRENGTH tester (SW or method) you use for your PW?

Thanks again!

-GONE

__________________
an"to*nym (noun) [Greek: a word used in substitution for another]
A word of opposite meaning ; a counter-term ; used as a correlative of synonym
- Dr. Gung-ho

[Negative]

With 64 totally random characters as a passphrase (for AES), who needs a passphrase strength tester?
A totally random (as far as "random" can be "random", that is) passphrase should stand up against any dictionary attack.

Here's an interesting white paper (PDF) by Takehiro Takahashi on WPA passive dictionary attacks - the most mentioning-worthy is the stress that should be put on passphrases that can withstand dictionary attacks - those should, for now, be safe...

[phishphreek]

Here is a thread I started a couple weeks back regarding the creation of a secure passphrase.
http://www.antionline.com/showthread...hreadid=267432

A random extended ASCII key with the maximum mount of characters would, IMO, create the strongest "passphrase" for WPA. More so than just randomly hitting keys on the keyboard. With extended ASCII, you get characters that would have required you to press <alt> and then the number... example <alt> 168 = ¿ which is not found on a standard keyboard. WEP is out of the equation because it can be cracked regardless.

[GONEin62nd]

Here's an interesting white paper (PDF) by Takehiro Takahashi on WPA passive dictionary attacks

Nice Overview!

Many thanks again!

-GONE

__________________
an"to*nym (noun) [Greek: a word used in substitution for another]
A word of opposite meaning ; a counter-term ; used as a correlative of synonym
- Dr. Gung-ho

[GONEin62nd]

phishphreek80,

Using ASCII indeed promotes better strength.

On a side note, however, ASCII used in PW discourages me. Last month, I had updated my e-mail PW's (as a routine activity), I just happened to implement ASCII char in my PW to make it stronger, unfortunately, Yahoo! had rejected it. I just went back using PASSPHRASE (combination of symbols, number and char [UC/LC]). I did not try it with MSN since it doesn't even allow symbols to be used. I don't know if it's with just me only or it is general, perhaps I was discouraged enough since the ASCII char that I used (the one I prefered - Also using Alt+numbers combinations) is not working with Yahoo! . Any ideas on this? Thanks!

-GONE

__________________
an"to*nym (noun) [Greek: a word used in substitution for another]
A word of opposite meaning ; a counter-term ; used as a correlative of synonym
- Dr. Gung-ho

[Negative]

Phish > that's a good point - If someone has the means to crack a 64-bit randomly-generated standard ASCII passphrase, though, I'm sure they could do the same for extended ASCII...

I changed the title of that other thread

From that other thread:

NOTE: I'm not taking into account all the other layers of wireless security. (MAC filtering, Disable SSID, rename default SSID, change default password, firmware updates, WPA with an authentication server (RADIUS), put wifi on separate subnet with firewall between, VPN, etc.

As far as I understand, MAC filtering and disabling SSID broadcast are obsolete, completely useless and a waste of time... MAC filtering takes 5 seconds to bypass (much less time than you need to set it up), and heres a white paper called "Debunking the myth of SSID hiding" (PDF)...

[phishphreek]

I understand that MAC filtering and disableing broadcast is a waste of time.

But... it is one more layer.

Just one more "road block". The more of a pain it is for them... they might just go attack someone elses AP? Maybe not... it might just make them go at it more because its more of a challenge? Dunno...

For home, its all a bit overkill for me. I only have a cople of WIFI devices. Pocket PC and my laptop. Everything else is wired. I have the AP hooked to a light switch. When I need it, I just flip it on. Turn it off when I'm done.

BTW: Thanks for changing the title. I tried to do it myself but it wouldn't change.