Cycling and bicycle discussion forums. 
   Click here to join our community Log in to access your Control Panel  


Go Back   > >

Foo Off-Topic chit chat with no general subject.

User Tag List

Reply
 
Thread Tools Search this Thread
Old 11-06-08, 11:39 PM   #1
mlts22 
Senior Member
Thread Starter
 
Join Date: Aug 2006
Bikes:
Posts: 998
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Ignore if not a geek -- WPA cracked

For you wireless security geeks, looks like WPA got cracked.

This is WPA-TKIP, not WPA2-AES, so if you are using WPA2, you are OK. WPA was intended to be a transitory protocol, to let older equipment which didn't have the CPU power for AES encryption have non-trivial security.

For you non geeks, if you are using a wireless Internet connection, get it checked out, because you might have uninvited guests sucking up your bandwidth soon.

Last edited by mlts22; 11-07-08 at 10:41 AM. Reason: Changed for accuracy.
mlts22 is offline   Reply With Quote
Old 11-07-08, 12:26 AM   #2
z415
Senior Member
 
z415's Avatar
 
Join Date: Apr 2006
Location: Gainesville/Tampa, FL
Bikes: Trek 1000, two mtbs and working on a fixie for commuting.
Posts: 2,343
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
*bleh* I am not too afraid. I just surveyed my neighbors' routers and two are unsecured without even changing the default PW, tsk-tsk. 3 are on outdated WEP. Not like a hacker would target me when all that is out there.

You think WPA2-TKIP with PSKs would be safe?
z415 is offline   Reply With Quote
Old 11-07-08, 12:35 AM   #3
x136 
phony collective progress
 
x136's Avatar
 
Join Date: Sep 2006
Location: San Hoosey
Bikes: http://velospace.org/user/36663
Posts: 2,981
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Ha! Break my WEP, hackers, I dare you!
x136 is offline   Reply With Quote
Old 11-07-08, 12:41 AM   #4
Wordbiker
Pwnerer
 
Wordbiker's Avatar
 
Join Date: Jun 2005
Location: Pagosa Springs, CO, USA
Bikes: Road, MTB, Cruiser, Chopper, BMX
Posts: 2,907
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
I've wardriven all the way to Denver from here.

Fully half the networks I pinged were unsecured. Ya think this will really matter?
__________________
Quote:
Originally Posted by ahsposo View Post
Ski, bike and wish I was gay.
Wordbiker is offline   Reply With Quote
Old 11-07-08, 01:32 AM   #5
msincredible
crazy bike girl
 
msincredible's Avatar
 
Join Date: Jul 2007
Location: CA Central Coast
Bikes: '07 Orbea Onix, '07 Birdy Yellow, '06 Cannondale Bad Boy (stolen)
Posts: 3,325
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Given the number of unsecured networks near me that are named "Linksys" and "NetGear", I doubt I have much to worry about.
__________________
Countries I've ridden in: US, Canada, Ireland, UK, Germany, Netherlands, France, China, Singapore, Malaysia
States I've ridden in: Illinois, Connecticut, Massachusetts, Pennsylvania, California, Nevada, Missouri, Colorado
msincredible is offline   Reply With Quote
Old 11-07-08, 02:34 AM   #6
mlts22 
Senior Member
Thread Starter
 
Join Date: Aug 2006
Bikes:
Posts: 998
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Maybe I'm just anal. AT&T will soon be charging by the bit over their lines. People with unsecured DSL segments will be feeling the pain when their monthly bill comes in and William Wardriver who lives next door has been downloading via BitTorrent every episode of "Married With Children" in full HD.

Guess when I buy a new AP, I'm going WPA2-Enterprise. This plus a ZeroShell RADIUS vmware appliance should do a decent job.
mlts22 is offline   Reply With Quote
Old 11-07-08, 02:45 AM   #7
Wordbiker
Pwnerer
 
Wordbiker's Avatar
 
Join Date: Jun 2005
Location: Pagosa Springs, CO, USA
Bikes: Road, MTB, Cruiser, Chopper, BMX
Posts: 2,907
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
My security is based upon range.

If anyone can get close enough to connect with my network...they're also within rifle range.
__________________
Quote:
Originally Posted by ahsposo View Post
Ski, bike and wish I was gay.
Wordbiker is offline   Reply With Quote
Old 11-07-08, 07:39 AM   #8
SegFault
BOFH
 
SegFault's Avatar
 
Join Date: May 2008
Location: Twin Cities, Minnesota, USA
Bikes: Many.
Posts: 46
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
"Cracked hard" is a bit of an overstatement of this attack, don't you think?
SegFault is offline   Reply With Quote
Old 11-07-08, 07:54 AM   #9
EvilPhish
Perpetually Amused
 
Join Date: Jun 2008
Location: Alabama
Bikes: Bianchi 1885 Veloce
Posts: 126
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
They pretty much retracted the story this morning.
The encryption method is still safe, they've 'just' found a way to decrypt short transmitted packets, longer (normal) packets are still safe.
EvilPhish is offline   Reply With Quote
Old 11-07-08, 08:05 AM   #10
vtjim
Belt drive!
 
vtjim's Avatar
 
Join Date: Sep 2004
Location: Burlington, Vermont
Bikes: 2011 Trek Soho DLX
Posts: 2,614
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by msincredible View Post
Given the number of unsecured networks near me that are named "Linksys" and "NetGear", I doubt I have much to worry about.
+1 My neighbor had an unsecure "Linksys" network. I switched to it from my back yard for kicks one afternoon. He has since changed it to his name and secured it, however.

Ours is secure, with an unusual name, and doesn't broadcast. WPA2, as well.
vtjim is offline   Reply With Quote
Old 11-07-08, 08:16 AM   #11
Tude 
Blasted Weeds
 
Tude's Avatar
 
Join Date: Aug 2006
Location: Rochester, NY
Bikes: Trek 1200C, Specialized Rockhopper, Giant Yukon FX, Giant Acapulco
Posts: 1,182
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Darn you guys! How am I ever to get on the internet at night with people encrypting their stuff! Hmmph!



__________________
Tude is offline   Reply With Quote
Old 11-07-08, 08:19 AM   #12
ModoVincere
Riding Heaven's Highways on the grand tour
 
ModoVincere's Avatar
 
Join Date: Aug 2006
Bikes:
Posts: 1,675
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
meh.....128 character encryption. Should last at least 2 minutes.
__________________
1 bronze, 0 silver, 1 gold
ModoVincere is offline   Reply With Quote
Old 11-07-08, 08:28 AM   #13
127.0.0.1
50000 Guatts of power
 
127.0.0.1's Avatar
 
Join Date: Sep 2008
Bikes:
Posts: 1,001
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
they only broke the tkip a little bit

the did not break the encrypted data


still will take a lot of time and cpu power to break into your actual data stream. about 4 years
and 1000 nvidia GPU's.

------------------
your attempt at panic is fail
------------------
The early coverage of this crack indicated that TKIP keys were broken. They are not. "We only have a single keystream; we do not recover the keys used for encryption in generating the keystream,"

AES is immune, and choosing a long network key at or more than 20 characters that are relatively random, can defeat all known brute-force key cracking methods.

WPA isn't broken.

Last edited by 127.0.0.1; 11-07-08 at 08:34 AM.
127.0.0.1 is offline   Reply With Quote
Old 11-07-08, 08:30 AM   #14
jsharr
You Know!? For Kids!
 
jsharr's Avatar
 
Join Date: Apr 2005
Location: Just NW of Richardson Bike Mart
Bikes: '05 Trek 1200 / '90 Trek 8000 / '? Falcon Europa
Posts: 6,157
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 3 Post(s)
If the WPA is cracked, they better get it fixed. Last time we had a bad depression, the WPA saved us.
__________________
Are you a registered member? Why not? Click here to register. It's free and only takes 27 seconds! Help out the forums, abide by our community guidelines.
Quote:
Originally Posted by colorider View Post
Phobias are for irrational fears. Fear of junk ripping badgers is perfectly rational. Those things are nasty.
jsharr is offline   Reply With Quote
Old 11-07-08, 08:31 AM   #15
Little Darwin
The Improbable Bulk
 
Little Darwin's Avatar
 
Join Date: Jul 2005
Location: Wilkes-Barre, PA
Bikes: Many
Posts: 8,401
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
I haven't checked my neighborhood lately, but my 79 year old neighbor mentioned that her son used some neighbors wireless with his laptop and she assumed it was mine when I mentioned I ran wireless, but I encrypt and don't broadcast, so I know there is at least one unsecured wireless in my semi-rural neighborhood...

Actually, I have loaned out my laptop, so I don't even run my wireless router right now, so I am even more secure.
Little Darwin is offline   Reply With Quote
Old 11-07-08, 08:36 AM   #16
127.0.0.1
50000 Guatts of power
 
127.0.0.1's Avatar
 
Join Date: Sep 2008
Bikes:
Posts: 1,001
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
as I said I will say again

wpa is not cracked. it is rekeyed all the time. they can't bust in. by the time the most powerful computers on earth crack into your data, it will be on it's 1 millionth rekey.

so, useless to try in a real life scenario. even spys can't access it.

if you pump more data it will rekey even faster


fail


WEP is the encryption that is breakable in under 1 minute. most people will use WEP because unpatched
XP and a lot of Xboxes only use WEP and can't use WPA until they are upgraded
127.0.0.1 is offline   Reply With Quote
Old 11-07-08, 09:09 AM   #17
kila kila kila
Guest
 
Bikes:
Posts: n/a
Mentioned: Post(s)
Tagged: Thread(s)
Quoted: Post(s)
Anything out there that explains wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.
  Reply With Quote
Old 11-07-08, 09:25 AM   #18
oakback
Senior Member
 
Join Date: Jul 2008
Bikes:
Posts: 249
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by kila kila kila View Post
Anything out there that explains wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.
Same here.

I figure if my bill goes up because one of my 3 neighbors in range is using my DSL, I'll just unplug it until I want to use it, or use a wire instead.
oakback is offline   Reply With Quote
Old 11-07-08, 09:27 AM   #19
MrCrassic 
Senior Member
 
MrCrassic's Avatar
 
Join Date: Jun 2007
Location: Brooklyn, NY
Bikes: 2008 Giant OCR1 (with panda bear on the back!)
Posts: 3,650
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by kila kila kila View Post
Anything out there that explain wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.
Think of a wireless connection as packages going up chutes in a mail office preparing for delivery. The mail office is sending packages, routing them to their proper destinations. Imagine for a second that someone wanted to attempt to steal a package while in transit. Wireless security is the protection that keeps that thief from entering the origin of these packages. This probably isn't the best analogy to use, but it's all that I got.

In a wireless network connection, the computer and the wireless access point where the signal is being originated from are exchanging data "packets" between each other. Each of these packets contains the requested data, as well as header information, which contains important information about the connection established between the two computers. Anyone with a computer and a bit of time can "sniff" out these packets, but wireless security tries to protect this stream of information by authenticating each user that wants to use that wireless network.

The first form of wireless security that was widely available was the Wireless Encryption Protocol, or WEP. WEP depends on generated hexadecimal keys that had to be entered in order for the computer to gain access. The only problem with this was that snippets of this key was appended onto EVERY packet transmitted between the computer and the access point. This meant that if you waited around a while, you could eventually force a solution to the key and log on.

This was superseded by Wi-Fi Protected Access, or WPA. This was a much more secure protection mechanism, in that the authentication process was designed to be much tougher to crack. There are different kinds of authentication protocols, which can be a simple as a passphrase (a word or hex key) to as complex as having computers compare certificates against a special server. The former method can be made to be really easily crackable (which is the case for MANY wireless router configurations out there now) to nearly impossible (a truly random passphrase). The later is extremely difficult to crack.

HOW TO PROTECT YOURSELF.


With a bit of tech savvy and common sense, it's actually really simple to protect your wireless network from crackers and/or hackers (YES, there's a difference).

  • HIDE YOUR SSID. Your SSID is the name of your wireless network. This can, and should, be hidden, especially if you're in a very public place. Windows has a harder time connecting to networks with hidden SSIDs, but it can do it. Most, if not all, routers provide this option, and wards off a lot of the newbies.
  • USE WPA. As I explained before, WPA is your best bet in protecting your network. With a strong password, it will take even the most powerful computer a long time to crack the passphrase. Some routers have an Easy Setup button that takes care of creating a strong password for you. If your card doesn't support WPA, get one that does.


Use those two pieces of advice, and you'll be safe and sound.
__________________
Ride more.

Code:
$ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
 $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

Last edited by MrCrassic; 11-07-08 at 09:33 AM.
MrCrassic is offline   Reply With Quote
Old 11-07-08, 09:34 AM   #20
MrCrassic 
Senior Member
 
MrCrassic's Avatar
 
Join Date: Jun 2007
Location: Brooklyn, NY
Bikes: 2008 Giant OCR1 (with panda bear on the back!)
Posts: 3,650
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by z415 View Post
*bleh* I am not too afraid. I just surveyed my neighbors' routers and two are unsecured without even changing the default PW, tsk-tsk. 3 are on outdated WEP. Not like a hacker would target me when all that is out there.

You think WPA2-TKIP with PSKs would be safe?
You think that's bad? When I go to Hoboken, I CAN LOG INTO PEOPLE'S ROUTER CONTROL PANELS WITHOUT DOING ANY HARD WORK.

I could disconnect their internet access, lock them out of their routers and, if I'm apt enough, completely brick them so they couldn't access them with a reset. But I'm not that cruel.
__________________
Ride more.

Code:
$ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
 $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces
MrCrassic is offline   Reply With Quote
Old 11-07-08, 09:35 AM   #21
SegFault
BOFH
 
SegFault's Avatar
 
Join Date: May 2008
Location: Twin Cities, Minnesota, USA
Bikes: Many.
Posts: 46
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by kila kila kila View Post
Anything out there that explains wireless security to a layman? I've found some sites, but they all assume a certain level of familiarity that I don't have.
A big concern with wireless networks is that anybody with a wireless card can listen in on network traffic (it's just radio waves), or jump on the network themselves without the permission of the network's owner and potentially interfere with network traffic. To combat these issues, there are a few security schemes that scramble (encrypt) the radio traffic (to prevent eavesdropping) and provide some sort of authorization control (to prevent strangers from signing on) and authentication (to make sure traffic is really from the computer it claims to be from).

In very general terms, these schemes usually require every authorized user of a wireless network to know some sort of password to sign on to the network, and once signed on, an encryption key is established between the user and the wireless router that is used to encrypt all communications between the user and the router. There is some really interesting stuff going on here; basically the computer and the router agree on this key in such a way that some intruder recording all the traffic during the key negotiation can't figure out what was agreed upon.

The "trick" is to balance security with performance. You can use very strong encryption, but the speed of the network may suffer, and wireless devices might have a shortened battery life due to the power demands of the extra processing required.

The three most common schemes are:

WEP - The simplest scheme. This is completely broken. It is trivial to break this, mainly because this scheme was not designed by people with sufficient knowledge of cryptography. If your network is protected by WEP, anybody with a computer can break in with just a few minutes of (mostly automated) work. It is, however, better than nothing. Think of it like a cheap file cabinet lock; it sends the message that your network is private, but if somebody really wants in, they can get in with some simple tools.

WPA - The system mentioned here. This is significantly better than WEP, but apparently some minor weaknesses have been discovered. WPA is not "broken" in the same sense that WEP is. This was mainly designed for devices not powerful enough to run WPA2, the next item. This is find for home use, but if you're running a nuclear missile control system you might want to run WPA2.

WPA2 - The most secure common scheme, but also the most resource-intensive.

If you have a home network, WPA or WPA2 are the preferred schemes to use. You can usually specify which in your wireless router's configuration utility. Some older devices only use WEP, some just have WEP and WPA.
SegFault is offline   Reply With Quote
Old 11-07-08, 09:36 AM   #22
MrCrassic 
Senior Member
 
MrCrassic's Avatar
 
Join Date: Jun 2007
Location: Brooklyn, NY
Bikes: 2008 Giant OCR1 (with panda bear on the back!)
Posts: 3,650
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by z415 View Post
You think WPA2-TKIP with PSKs would be safe?
If you have a really strong and well-configured VPN front-end, you don't even need wireless encryption.
__________________
Ride more.

Code:
$ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
 $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces
MrCrassic is offline   Reply With Quote
Old 11-07-08, 09:37 AM   #23
oakback
Senior Member
 
Join Date: Jul 2008
Bikes:
Posts: 249
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by MrCrassic View Post
You think that's bad? When I go to Hoboken, I CAN LOG INTO PEOPLE'S ROUTER CONTROL PANELS WITHOUT DOING ANY HARD WORK.

I could disconnect their internet access, lock them out of their routers and, if I'm apt enough, completely brick them so they couldn't access them with a reset. But I'm not that cruel.
How physically close do you have to be in order to do this?
oakback is offline   Reply With Quote
Old 11-07-08, 09:38 AM   #24
MrCrassic 
Senior Member
 
MrCrassic's Avatar
 
Join Date: Jun 2007
Location: Brooklyn, NY
Bikes: 2008 Giant OCR1 (with panda bear on the back!)
Posts: 3,650
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Within the router's broadcasting range.

Unless you have some tools to extend your card's scanning range.
__________________
Ride more.

Code:
$ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
 $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces
MrCrassic is offline   Reply With Quote
Old 11-07-08, 09:39 AM   #25
ehidle
T-Shirt Guy
 
ehidle's Avatar
 
Join Date: Jul 2008
Location: Lansdale, PA
Bikes: 2005 Fuji Team Issue, 2007 Fuji SL-1
Posts: 464
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
This whole thread is FAIL.

__________________
Yellow + Blue Jerseys!

Get your Cranky T-Shirt!
Men's
and Women's designs available
ehidle is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -6. The time now is 02:37 AM.