[Full-disclosure] Fwd: WiFi is no longer a viable secure connection
-- Forwarded message -- From: Anshuman G <[EMAIL PROTECTED]> Date: Sat, Oct 11, 2008 at 9:08 AM Subject: Re: [Full-disclosure] WiFi is no longer a viable secure connection To: Cedric Blancher <[EMAIL PROTECTED]> Hello, I have turned off SSID broadcast and its pretty obscure, the password is obscure too, its WPA personal, i think its impossible to crack/get in my router without knowing SSID :D . Regards, Anshuman Gholap System Administrator. On Sat, Oct 11, 2008 at 9:03 AM, Cedric Blancher < [EMAIL PROTECTED]> wrote: > Le vendredi 10 octobre 2008 à 23:05 -0400, [EMAIL PROTECTED] a > écrit : > > You only need a botnet of several hundred gamer's boxes and you're at > 10M. > > Sure. But one question remains: is it worth it ? Using a botnet to crack > John Doe's PSK where you can just push password stealing malware on his > box ? > > My problem with this kind of "announce" is that it seems to make people > believe that cracking WPA/WPA2 is easy, just like WEP. But it is not, > and really far from it. Maybe, or likely, some day, not that far away, > someone will come up with a crypto or implementation flaw that will > crush them down, but right now, it is not the case. > > So we stuck to a password guessing game. A game we play for years, with > password hashing algorithms that we are *way* more efficient at cracking > than a PBKDF2. > > I don't say we can't break PSK. I say that we suck at it with current > implementations, even with a x100 performance increase. > > > -- > http://sid.rstack.org/ > PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE > >> Hi! I'm your friendly neighbourhood signature virus. > >> Copy me to your signature file and help me spread! > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: WiFi is no longer a viable secure connection
Le samedi 11 octobre 2008 à 09:08 +0530, Anshuman G a écrit : > I have turned off SSID broadcast and its pretty obscure, the password > is obscure too, its WPA personal, i think its impossible to crack/get > in my router without knowing SSID :D . But your SSID is very easy to retrieve, as it is leaked every time you associate a legitimate box to your wlan... And guess what: the regular process of cracking a WPA PSK implies disassociating a client to sniff the 4-way handshake. Doing this, the attacker will also sniff SSID cleartext in the air. Which means: *do not* rely on SSID cloaking for your security. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: WiFi is no longer a viable secure connection
lol, yea, when i said "impossible" i thought i was pretty clear i was kidding :P. On Sat, Oct 11, 2008 at 1:53 PM, <[EMAIL PROTECTED]> wrote: > Hi, > > > But your SSID is very easy to retrieve, as it is leaked every time you > > associate a legitimate box to your wlan... And guess what: the regular > > I think Anshuman was attempting whats called 'humour' :-) > > alan > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: WiFi is no longer a viable secure connection
Le samedi 11 octobre 2008 à 20:14 +0530, Anshuman G a écrit : > lol, yea, when i said "impossible" i thought i was pretty clear i was > kidding :P. Sorry, missed ye good old smiley ;) Coffee++ -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: WiFi is no longer a viable secure connection
Hi, > But your SSID is very easy to retrieve, as it is leaked every time you > associate a legitimate box to your wlan... And guess what: the regular I think Anshuman was attempting whats called 'humour' :-) alan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
