I like France's idea

said by Karl Bode :

Who would have guessed. :)

What about WEP. Do you fine a user for using WEP?

Do you like the idea of taxpayer dollars going toward a government agency that tracks P2P users between ISPs for the entertainment industry?

said by Lazlow :

But how secure is secure enough? Is wep enough? WPA? WPA2? All of these can and have been hacked. So is a higher layer required?

Edit: Keep in mind that Docsis has also been hacked.

said by Mospaw :

It's the Mani-roll!

said by TKJunkMail :

I like France's idea. Users with unsecured APs SHOULD be fined. Until individuals, and their ISPs, make sure computers are secure, they should be kicked off the internet. It will be the only way to minimize malware on the internet.

said by ck9 :

So we are going to fine grandma and grandpa who have a wireless network at home which is unsecured because they didn't know that BY LAW all wireless AP's/routers must ship with SECURITY DISABLED BY DEFAULT and don't know how to enable it?

said by Lazlow :

Just google WPA2 crack and you will see tons of howtos. The basics method has been around for at least a couple of years.

said by BIGMIKE :

Russian WPA, WPA2 Crack
»hothardware.com/News/Russian-Fir···PA-WPA2/

said by StNickless :

Nifty thing these new video cards...they outdo CPU's in cracking passwords...

»www.i-hacked.com/content/view/285/1/
WPA cracking is supported by CUDA :)

said by Ebolla :

store bought units are unsecured by default. routers from your isp will likely be secured if shipped or secured when setup by a tech. His point is valid.

said by DataRiker :

No, there is no "crack" for WPA or WPA2. Contrary to popular belief and numerous news articles here, brute force is still the only option.

said by Angrychair :

Pride goeth before destruction, and a haughty spirit before a fall.

said by IGGY
For the one comment above = I listen to Barry Manilow Actually went to his concert as well years ago. Have a problem with that now? I'd be more than happy to discuss it in person.
[/BQUOTE :


reply

---

Lazlow @ 17th Oct 03:27PM:
Re: Fine unsecured APs

Ian

The thing you are leaving out of the equation is the human element. The vast majority of users will only use common phrases, which (generally) narrows down the choices to a few hundred thousand variations(which is where GPUs can really shine). Since one can passively grab the encrypted phrase and brute force it off line, it drops the attackers risk to almost zero. Add this to the fact that the vast majority of people seldom change their pass phrase more than once a year, and it becomes obvious how easy access can be obtained.
reply

---

Ian @ 17th Oct 03:38PM:
Re: Fine unsecured APs

Oh, I know. And as was stated, the vast majority of users leave it with WEP, or entirely unsecured. However, we're talking about hypothetically fining people for leaving their access unsecured. To me, that includes users who set up weak passwords that can be dictionary attacked.

That said, even a passphrase generated with dictionary words sky-rockets in complexity when the word count is beyond two words and includes numbers and other symbols.

And looking at the real world implications... So I want to leech off of my neighbours WiFi, which is protected by WPA2. Do I shell out hundreds of dollars for a Russian program to attempt to crack into it, not knowing (yet) whether or not he used his pet's name "Princess" or "Gh6$#@L!(s72tTyfij6sb2hidFFWEFdfsd" to encrypt it?
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong
reply

---

Lazlow @ 17th Oct 03:58PM:
Re: Fine unsecured APs

»dookie.dkearns.ca/?p=49

Above is an example of breaking a probably above average password. The tools used to break it are all open source (no cost). It probably took less than 15 minutes from start to finish.

You can change my original question to how(and who) decides if a pass phrase is strong enough? Remember one can add any pass phrase one wishes to one's attack dictionary. You can even link it to things like john the ripper, that will generate even your example password. It is just a matter of time. With the use of rainbow tables and simple parallel processors(GPUs), the time required is dramatically reduces.
reply

---

Jameson @ 17th Oct 04:15PM:
Re: Fine unsecured APs

Hahaha..that's got to be the stupidest thing I've ever herd. What is a fine going to do? Grandma and Grandpa are still not going to know how to secure their wirless.

Also, how would you plan on tracking down these "Unsecured" wireless APs? From personal experience, any unconfigured AP from a retail store usually has their wireless name set as Linksys, Dlink, etc.. Do you really think the government is going to send around people to knock door by door to confirm that the unsecured wireless access point that they are going to be fining for belongs to the house? No.
reply

---

TKJunkMail @ 17th Oct 04:17PM:
Re: Fine unsecured APs

Then they can hire someone to do it.
reply

---

Jameson @ 17th Oct 04:20PM:
Re: Fine unsecured APs

You missed an important part of my post.
reply

---

Ian @ 17th Oct 04:27PM:
Re: Fine unsecured APs

Interesting video. Although that was WPA, not WPA2, and with an extremely short password.

Still calls to question though the lengths that the "average" person should go through to have their home wireless considered "secure" enough to avoid the hypothetical fine. And the flip-side is that if we consider WPA2 with a decent passphrase "insecure", we've now created a defense for someone who has allegedly broken copyright by trading files.

"I'm sorry your honour, but that wasn't my accessing those files. Someone must have cracked my WPA2."

But as an intellectual exercise, let's say my WPA2 password is not gibberish (much more secure), but three English language words separated by 2 random characters.

The use of Rainbow Tables, I assume, is already part of this Russian software to achieve 100 million guesses per second.

There are 500,000 words in the Oxford English Dictionary. If we assume the random characters are among even a short set (128), and assuming even all lower case for the words, that gives 2,048,000,000,000,000,000,000 possible word/character combinations to test. Even at 100 million per second, we're talking 300-700 millenia to crack with one machine. And that's with the foreknowledge that the vector to attack is three English words separated by 2 random characters. Which is not likely to have been known.
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong
reply

---

FastiBook @ 17th Oct 04:29PM:
Anyone, anywhere....

If you have an internet connection, or a wireless network, people can still get to your music if they wanna break into your computer. Music will never be fully secure on any medium. RIAA go blow it out your ***.

- A
--
LETS GO METS!
reply

---

DataRiker @ 17th Oct 05:01PM:
Re: Fine unsecured APs

Firstly, there are no rainbow tables ( technically precomputed hash tables) large enough to store anything but "worded" dictionaries. Even good dictionaries contain several languages and are enormous, hundred's and thousands of gigabytes.

Secondly, a good password, say 21+ characters when chosen properly is secure against any GPU or CPU attack ( assuming WPA or WPA2 ).

To reiterate, even the fastest GPU on the market is just a drop in the bucket when it comes to brute forcing anything but the lamest passwords.
reply

---

Lazlow @ 17th Oct 05:04PM:
Re: Fine unsecured APs

1st. In reality that is a relatively secure password as compared to what is commonly used. Yes, much stronger(and longer) passwords can (and probably should be) used, but the fact is that they are not.

The other thing you are missing (again) is that people do not (generally) use the vast majority of words in the (regular) dictionary. The vast majority of passwords(actually used) use a very small subset of those words. First names, god, and other key words, are still used in the vast majority of passwords. Even the selection of "random" characters chosen in a password is subject to human limitations. People will generally only use characters that they can easily type (in other words, ones that they commonly use).

Edit: After auditing a lot of small business over the last few years, VERY few had even a 15 character pass phrase much less a 21 character.
reply

---

DataRiker @ 17th Oct 06:27PM:
Re: Fine unsecured APs

I agree 100%. Bad passwords are to blame, not a falsely accused "cracked" cipher like WPA and WPA2.

Also I would like to note that anything above 8-9 characters is a formidable password ( assuming its not in the dictionary )

My issue is with the fact that people assume a rainbow table is helpful. I have found most passwords contain a NAME + some simple number like "Austin21" for example.

You can kiss that rainbow table goodbye.
reply

---

hoyleysox @ 17th Oct 06:44PM:
Re: Fine unsecured APs

I helped a neighbor set up their internet connection. I had just changed a router password from 'admin' when I realized I had logged into some else's router! oops.
reply

---

Lazlow @ 17th Oct 07:26PM:
Re: Fine unsecured APs

You can include anything in the table that you like (and most do include digits).

Here is a popular table and its discussion.

»www.renderlab.net/projects/WPA-tables/

Some highlights would include: checking 18,000password/sec on a 700Mhz PIII(using a paralell GPU would increase this by a factor of the number of streaming processors in the GPU), the current large list is 33GB and includes the top 1000 SSID list from wigle.net. There is current hardware available (for adding to the list) that can calculate 9000 pass phrases/sec.
reply

---

DataRiker @ 17th Oct 10:18PM:
Re: Fine unsecured APs

Yes you could, but its pointless. (most do NOT include digits, nor special characters - almost all include dictionaries)

That is why experts completely dismiss rainbow table's that include digits(they become too large and self defeating - it starts taking more time to index than to "use"). You will never see a rainbow table include "Austin21" for example. In fact your table attack will fail on my simple password.

Why? because it would require an almost infinite amount of memory and time to pre-compute.

Even adding 1-3 characters permutations on a simple dictionary is impossible given todays memory constraints.

The point I've been beating to death is raindow tables are only good for dictionary attacks. That will be true for a long long time.

Given this and the fact that an AP "salts" its password hash with this, your on an impossible uphill battle. Your never going to win without some fundamental flaw in the Cipher, which thus far nobody has shown.

Also, I am very familiar with the PreComputed Hash table on the internet, including the one you posted. What they don't tell you is that it will fail well over 99% of the time. ( actually, I've never heard of successful cases in the wild of success )

33 GB is extremely small for a hash table. Professional tables range from 1 - 50 Terabytes and are still very unlikely to find keys on all but the easiest passwords.

Also, your assumptions about common passwords has never been proven. Its such a common misconception that has been debunked numerous times.

From my own observations, the vast vast majority of passwords are a person's last name + a digit, or a street number+name. (again such passwords make tables useless)

Also, a valid counter point is that, again taken from my own area and experience, most people rename their AP's to some unique name. The iconic "linksys" is becoming all to rare these days.

This stops Precomputed tables dead. You have to recompute the table for each AP name ( and thus defeating its purpose entirely).
reply

---

Lazlow @ 18th Oct 12:20AM:
Re: Fine unsecured APs

Yes, SSID is salted(which I and the links referred to). Keep in mind one(at least) of the major ISPs that installs wireless uses a standard format (2WIREXXX, XXX is three digits). Here is a link to a "salt" table(short one) that lists many of these and other common ones:

»mirror.fpux.com/Rainbow_Tables/w···SSID.txt

Within range of my place I have over twenty APS using SSID off of this list. In some cases there are multiple APs using the same SSID.
reply

---

DataRiker @ 18th Oct 03:07AM:
Re: Fine unsecured APs

I have found that most who leave an AP in its default state, never even bother putting a password on.

Besides that, have you ever penetration tested with these tables? I promise a 0% success rate.

Also, many isp's who set up wireless networks as part of installs, set a password for the account owners - never heard of simple words being used as a pass phrase.

Again, the most common types of passwords of non tech-savvy people I have come across are always "Name+Number" combinations, rendering a hash table useless ( even more useless I should say )

Pretty soon, routers will start using a pseudo random seed for the SSID salt, regardless of whether or not an SSID is chosen, but even that is just a formality. Nobody is cracking anything but so called "lame" passwords for a very very long time.

To make things even worse, most routers sold within the past few years default to WPA2, which unless someone finds some major flaw are immune to Precomputed attacks.
reply

---

TKJunkMail @ 18th Oct 09:22AM:
Re: Fine unsecured APs

A rational look at SECURITY:
»www.newsweek.com/id/217014?from=rss
--
My BLOG .. .. Internet News .. .. My Web Page



reply

---

Lazlow @ 18th Oct 11:49AM:
Re: Fine unsecured APs

Yes, I have ran those tests with the security audits I have done. Very few APs survived without penetration. Most of the companies removed wireless, running cat6 is really not that difficult or expensive. The ones that required a wireless AP used various methods to limit the time it was in operation. A simple method is to put it on the same circuit that the lights are on. The current versions of attack software apply equally well to WPA2 as it does to earlier security measures (note the repost in GolfnSun's post as well as it being mentioned in several of my links).

GOLFnSun's post makes a lot of the points (not all) that I have been trying to make. In absolute terms a password with less than 20(?) characters is not out of reach of current hardware/software attack capability, but virtually no one is using passwords of that length. It also points out what I have been saying all along, people only use a small subset of the possible passwords out there. One does not need to run the entire (as in Websters) dictionary, one only needs to run a very small subset. This also applies to ones table. You can (and many do) include such things as first name +2 digits. These types of passwords are included in hash table becuase (as you pointed out) it is a popular format that people use. Another similar common thing people use is to substitute "15" for "is', as in name15god (an amazingly popular password).
reply

---

menumorut @ 18th Oct 02:34PM:
Re: Fine unsecured APs

Thank GOD (and you)!

I was panicking there for a minute!
reply

---

cameronsfx @ 18th Oct 04:18PM:
Re: Its almost poetic

Karl is just showing his feminine side.
reply

---

DataRiker @ 18th Oct 05:23PM:
Re: Fine unsecured APs

On second though, I'm done arguing. Your first paragraph was nonsensical at best.

Bruteforce, is what it is. One could literally use thousands of the newest 250+ shader core video cards in tandem, it wouldn't make a bit of difference.

This stems from a lack of scope.

Your assume most use simple passwords ( they do, but not the type favorable to hash tables ).

A standard cpu like mine can fly through a dictionary in about 6 minutes. No video card needed. Video cards accelerate a problem that didn't need fixing.

So what happens now that I have exhausted by dictionary, or my table?

***I would also like to point out that you statement that very few AP's survived penetration testing is a red flag. Even the most experienced auditors have "low" success rates. I would say anything above 2-3 out of 100 is unbelievable success (2-3%).
reply

---

Lazlow @ 18th Oct 05:49PM:
Re: Fine unsecured APs

As I pointed out earlier, this same software can be linked to software like john the ripper (and others) to apply pure brute force (try absolutely every character if necessary).

If your cpu can generate all the hashes in a table in 6 minutes, I am sure there are a lot of people who would like to be your friend.

Going into meetings with clients having valid macs, ssids, and pass phrases is why the vast majority of clients stopped using wireless. In the long term wireless cost more in exposure, than wiring for cat6.
reply

---

DataRiker @ 18th Oct 06:02PM:
Re: Fine unsecured APs

Any cpu on the market can RUN a simple dictionary in a few minutes. Your talking about computing the hashes from scratch (which takes my cpu overnight usually). Which tells me you have no idea about what you are saying.

And most corporate environments have password rules defined, such that they must contain special characters and what not ( never seen corporate networks use SSID's or MAC ADDY's for any purpose)

Please, I will be willing to shut up if you can prove to us that you can break random wpa keys as easily as you say. Any type of verifiable evidence will do. Perhaps we can have a public challenge? There are lots of BBR members here from everywhere. I say 20 random AP's secured by WPA, I will bet that not one will fail.

If your really having that much trouble securing wireless AP's please send your business to me.
reply

---

Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC