Once thought safe, WPA Wi-Fi encryption is cracked

Discussion in 'Gaming and Software' started by msr, Nov 6, 2008.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. msr

    msr LE

  2. Or just use your graphics card and run a simple dictionary attack to crack both WPA and WPA2...
  3. Not exactly 'news'. Even WPA2 isn't totally secure.

    If you think you have something that is secure and somebody with a bit of cash and knowhow wants, don't use wireless. Easy.

    If you are just a home user, WPA and a firewall will keep the locals from accessing your files and prevent people from using your wireless as broadband access. You aren't worth the time or effort.

    Unless you do have something 'dodgy' on your computer? :?
  4. msr

    msr LE

    Assuming the other person has used a dictionary word...
  5. Saw it cracked over a year ago.

    Even back then, cert based encryption was the only way to be safe from Rainbow tables.
  6. msr

    msr LE

  7. msr

    msr LE

    And that says that WPA has been cracked where?

    Points to note:

    A rainbow table is ineffective against one-way hashes that include salts.

    Also, rainbow tables and other precomputation attacks do not work against passwords that contain symbols outside the range presupposed, or that are longer than those precomputed, by the attacker. Because of the sizable investment in computing processing, Rainbow tables beyond eight places in length are not yet common. So, choosing a password that is longer than eight characters or that contains non-alphanumeric symbols may force an attacker to resort to brute-force methods.
  8. Don’t have a link to the crack as it was shown as a demo during a security seminar.

    “Freely” available Rainbow tables now cover values of up 10 characters.

    As with all matters security, the key is the confidentially, integrity and availability of systems and data.

    Encryption only covers the first two.

    Wi-Fi should not be used for any system that is critical as it can be jammed by anyone, even just for a “Shits and giggles” DoS attack.
  9. The Elcomsoft password cracking software also does brute force - it just depends on how much processing power and time you have. However, use the longest and most complex password you can be bothered to deploy and you take it beyond the realms of the average script kiddie!