Canadian TV, Computing and Home Theatre Forums banner

1 - 11 of 11 Posts

·
Banned
Joined
·
1,051 Posts
Discussion Starter #1

·
Registered
Joined
·
1,986 Posts
The only thing really 'groundbreaking' with this news is the utilisation of NVIDIA GPU's in what is otherwise a conventional brute-force attack. I wouldn't really define a 100x increase as something that's out of this world.

And as per the article:

Update: This will, of course, mainly affect simple ascii keys. And it will only work against static keys; anyone using more complicated authentication schemes will not be at risk for now. But since that takes a couple of extra minutes when installing, smaller businesses or departments often skip setting this up.
Meaning you are really only at risk using simple 6-8 character passphrases i.e. from a zdnet blog:

a 15 character password made up of uppercase, lowercase, digits and common punctuation is highly resistant to a brute-force attack. Even at the rate of 100,000,000 password attempts a second, cracking that could take 3.5 x 10^12 years.
Anyway, if someone wants to build a dedicated password-cracking server farm so they can break my WPA security to see what pr0n I've got stored on my PC, then there's not much I can do about it :p
 

·
Registered
Joined
·
101 Posts
i'm in fear...what will i do now that all my 55+ year old neighbors who barely have an interest in turning a computer as it is, could pool their money and build a code breaking farm to see this message???????
 

·
Banned
Joined
·
1,051 Posts
Discussion Starter #4
"In theory, there is no difference between practice and theory. In practice - there is."

The opening post wasn't targeting these know-it-all types... It was mostly theory.

First, there was no protection in the WiFi space and it was used. Under the same premise of 55 years old neighbours.
Then, WEP came along. And it was hailed as best thing after sliced bread until FBI showed how to break it in 5 minutes.
WPA2 was the latest significant development in consumer level routers. It was considered to be almost as good as VPN. Until now...

In practice, if you know what you're doing, this doesn't change much.
Install WPA Enterprise, RADIUS, use good passwords and you'll be OK
http://www.schneier.com/blog/archives/2007/11/how_to_harvest.html
BTW, if you believe Schneier, the network must be free; the endpoints should be secured, aka VPN...

What this latest Elcomsoft announcement changes is the perception that WPA2 is "good enough" for sensitive communication...
 

·
Registered
Joined
·
10,415 Posts
So now you're gonna break my WEP password AND spoof my MAC address (considering the real MAC is already on the network, have fun with that)?

Just how badly do you want those vacation photos from summer 2003?
 

·
Registered
Joined
·
1,105 Posts
Since I can do a scan on my WRT54G or PSP and pick up 6 or so totally unsecured networks called "linksys" this is the least of the average clueless joes problems.

One scary one is called "AmExpress".... since I live by an airport "American Express the credit card company" comes to mind. They finally put up WPA protection after it was wide open for almost a year that I know of. :eek:
 
1 - 11 of 11 Posts
Top