Main Area and Open Discussion > General Software Discussion

100-fold WPA/WPA2 bruteforce speed increase

<< < (2/3) > >>

jgpaiva:
Interesting.. Thanks for the heads-up, f0dder!  :Thmbsup:

Ehtyar:
Thanks for the plug f0d man :) I would never discourage people to post news items they consider important. Last week's news contained an article that Carol had already posted. I just direct people to the original thread in hopes of directing peoples attention to the location where discussion is already going on.
In response to your post..I know everyone says this, but I KNEW this was going to happen. I finally relent, after years of resisting wireless, and now that I finally give in (my dad wouldn't shutup), with my 32 character password and my WPA2, this crops up. Wireless routers are becoming obsolete faster than USB keys, guess there's no point buying that draft-n now, I'll have to replace it in 6 months to stay secure anyway :(
(Yeah I'm paranoid, what're you gonna do about it :P)

Ehtyar.

40hz:
In response to your post..I know everyone says this, but I KNEW this was going to happen. I finally relent, after years of resisting wireless, and now that I finally give in (my dad wouldn't shutup), with my 32 character password and my WPA2, this crops up. Wireless routers are becoming obsolete faster than USB keys, guess there's no point buying that draft-n now, I'll have to replace it in 6 months to stay secure anyway
-Ehtyar (October 14, 2008, 01:47 AM)
--- End quote ---

I don't think it's really the fault of the router. Most people don't effectively use all the security features in the routers they already own. And weak passwords, which most people use, will break any security system no matter how good the technology is.

Your router is also firmware based so it should be easily upgradeable to new security standards as long as the manufacturer chooses to provide updates for the model you own.

You should still be able to get a high degree of security on many WAPs by taking advantage of the VPN feature found in most. If your router doesn't support VPN you may be able to install 3rd party firmware that can add that feature.

Take a look at DD-WRT as a starting point. It will give yousome ideas of what's out there. TAke a look at the Wikipedia article since it's easier to follow then the original website. Also take a look at what it has to say about OpenVPN and Chillispot in the features subsection. You can use that to jumpstart your understanding of network security offerings.


http://en.wikipedia.org/wiki/Dd-wrt

Maybe we can't stop the baddies. But at least we can keep them working nights and weekends. 8)

f0dder:
Ehtyar: of course it was going to happen, and it isn't surprising it's done harnessing the power of GPUs - those are pretty darn mean parallel number-crunching machines. The article does seem to hint that you'd need 20 machines at ~$800 each to bring bruteforcing down to "days or weeks" - so I really wouldn't be worried about home networks anytime soon ;)

As for VPN, I haven't seen home routers/accesspoints directly support that - well, VPN passthrough sure, but then you need VPN infrastructure support by some other device. How much work is it to set up OpenVPN? And then you need a proper VPN client as well, which can be a mess (ciscos client *sucks donkey* - the Microsoft client built into windows works like a charm, but is insecure).

Mark0:
With a long password (as it was always recommended) even a 100 folds increase doesn't make much of a difference.

Navigation

[0] Message Index

[#] Next page

[*] Previous page