Lisa, I'll grant you the denial-of-service attack, but I'm still not finding any evidence that WPA is fundamentally flawed (much less "easier to crack... than WEP"). I read the aircrack article earlier to see if there was new info that I had missed. I also read the article you have on obnosis.com. Finally, I read the LucidInteractive article you just provided. ALL of them say the same thing: the only valid attack on WPA-PSK is a dictionary or brute force attack! Okay, yes, it's very handy that you can do the password cracking offline. But see the links I listed earlier... any decently crafted password will be nigh IMPOSSIBLE to crack unless you have nearly infinite resources -- offline or no. I realize that you likely (for sure) know more about this than I do so if I keep missing some fundamental flaw in PSK in all of the articles provided, please enlighten me! Kurt On 11/14/09 5:59 PM, Lisa Kachold wrote: > Kurt, > > As you stated, WPA/WPA2-PSK security is inherently flawed: > > * One flaw allowed an attacker to cause a denial-of-service attack, > if the attacker could bypass several other layers of protection. > * A second flaw exists in the method with which WPA initializes its > encryption scheme. Consequently, it's actually easier to crack WPA > than it is to crack WEP. This flaw is the subject of this article. > > > A WPA key /can/ be made good enough to make cracking it unfeasible. WPA > is also a little more cracker friendly. By capturing the right type of > packets, you can do your cracking offline. This means you only have to > be near the AP for a matter of seconds to get what you need. WPA > basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS > is not so much. > > /_*But how many people actually have WPA RADIUS encryption?*_/ > > Here's another link that includes PSK cracking Howto: > http://www.aircrack-ng.org/doku.php?id=cracking_wpa > > Using airocrack-ng tools in Backtrack (per my presentation materials at > http://plug.phoenix.az.us show) WEP and WPA/WPA2-PSK are easy to crack. > > Does anyone here run Radius? > > Here's an accompanying document to better explain it: > http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks > > > On Sat, Nov 14, 2009 at 7:32 PM, Kurt Granroth > > wrote: > > On 11/14/09 12:02 PM, Lisa Kachold wrote: > > The whole concept of "wireless encryption security" is somewhat moot > > with airdump-ng etc tools. > > > > WEP keys are really easy to break. > > > > WPA is also easily encroached - but harder with a truely unique > secure > > key (which few people use) > > > > It just exists as part of the big "security" matrix to keep the > honest > > people out. Crackers can get right in anyway! > > > > http://www.obnosis.com/Layer8Wireless.html > > Okay, I have to take exception to how this is written. You are > comparing the security of WEP and WPA as if they are somehow equivalent > or equally "easy" to crack. That is just not true. > > WEP is fundamentally broken. It can be reliably cracked in seconds, in > most cases. Its use is more of a "please don't use this network" flag > than any real attempt to keep people out. > > WPA, on the other hand, is NOT broken. Only one variation of it is > crackable at all (PSK) and even then, the attack is a brute force > dictionary attack. By that argument, ALL password based encryption is > crackable. > > Yes, you could successfully argue that since MOST home APs use PSK and > MOST probably just set the password to 'admin' or 'linksys' or some > other trivial name, that IN PRACTICE, it's not hard to crack most uses > of WPA. > > But saying that "[c]rackers can get right in anyway" just isn't true. > All that is needed is a reasonably difficult password. Don't use a > dictionary word and make it decently long and it quickly becomes far too > difficult to crack to make it worth it for all but the most extreme > cases. It's either VERY expensive or takes YEARS. > > I'm sure that you read this: > > http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html > > It answers the question: "how much does it cost to crack a password?" > It assumes that you are using Amazon EC2 at $0.30 an hour. A twelve > character password using the full ASCII set would cost over $8 TRILLION > dollars to crack. Even much smaller passwords are still in the > millions. > > The password that I use on my WPA2-PSK AP is 20-odd chars long and spans > the ASCII range. Far from allowing crackers to "get right in", it's > nearly impossible for them to do so. > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > -- > Skype: (623)239-3392 > AT&T: (503)754-4452 > www.it-clowns.com > > > > > > > > > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss