Results 1 to 6 of 6
  1. #1
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    376
    Thanks
    1
    Thanked 29 Times in 24 Posts

    Using the cloud to guess wireless passphrases




    IN THE WILD

    Using the cloud to guess wireless passphrases


    By Robert Vamosi

    Using Amazon's cloud-based servers, a German researcher claims he can
    crack your WPA-PSK wireless network encryption in 20 minutes or less.


    The risk is real, but you can take steps to protect yourself.

    The full text of this column is posted at WindowsSecrets.com/2011/01/20/07 (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by Tracey Capen; 2011-01-19 at 16:55.

  2. #2
    Lounger
    Join Date
    Jan 2001
    Location
    york, Yorkshire, England
    Posts
    30
    Thanks
    0
    Thanked 1 Time in 1 Post
    my british bank (Nationwide) insist that I now use Verified by Visa for on-line transactions. it insists that i use a 'strong' password. however, their 'rules' do not allow the use of symbol characters (such as #). the bank claims this is because of VbV's rules, although I cannot find anything at VbV to confirm that.
    neither my bank or VbV have responded positively to me pointing out this shortcoming. if the banks cannot be bothered to adopt best practices, in their efforts to protect themselves from fraud, then it's a very poor show - although given the general approach of banks towards their customers, maybe hardly surprising.
    john galloway, york

  3. The Following User Says Thank You to john galloway For This Useful Post:

    Browni (2011-01-28)

  4. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Canada
    Posts
    13
    Thanks
    2
    Thanked 1 Time in 1 Post
    My Linksys router offers me "WPA2-Personal", how does this compare to "WPA-PSK" as recommended in the article?

    John Inkle

  5. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,397 Times in 1,220 Posts
    Quote Originally Posted by johninkle View Post
    My Linksys router offers me "WPA2-Personal", how does this compare to "WPA-PSK" as recommended in the article?

    John Inkle
    Hi,

    WPA2-Personal is WPA-PSK.

    Regards

    Rui

  6. The Following User Says Thank You to ruirib For This Useful Post:

    johninkle (2011-01-20)

  7. #5
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by john galloway View Post
    my british bank (Nationwide) insist that I now use Verified by Visa for on-line transactions. it insists that i use a 'strong' password. however, their 'rules' do not allow the use of symbol characters (such as #). the bank claims this is because of VbV's rules, although I cannot find anything at VbV to confirm that.
    neither my bank or VbV have responded positively to me pointing out this shortcoming. if the banks cannot be bothered to adopt best practices, in their efforts to protect themselves from fraud, then it's a very poor show - although given the general approach of banks towards their customers, maybe hardly surprising.
    john galloway, york
    "The conventional thinking is that the additional complexity presents such an increased workload for the hacker that complexity is the holy grail of password hacking prevention. After all, conventional wisdom says that all the good Web sites require complexity. Heck, a Microsoft Windows log-on password requires complexity. Every new password policy I read requires complexity -- but gives scant consideration to the equal (or better) importance of longer password length.

    They're all wrong! Character-for-character, password length is more important for security than complexity. Requiring complexity but allowing passwords to remain short makes passwords more vulnerable to attack than simply requiring easier-to-remember, longer passwords."

    Source: Roger A. Grimes, Infoworld Security Watch. He has updated this article recently, and still stands by his statement. Web reference here .

    Your bank is completely correct in their behavior -- you are safer with longer passwords than with more complex passwords.
    -- Bob Primak --

  8. #6
    New Lounger
    Join Date
    Jul 2004
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Using the Cloud to Guess Wireless Passphrases

    I am curious why a router would allow a hacker to attempt 400,000 passphrases per second. If it implemented a 0.01-second time-out between attempted connections, that would increase the break-in time from 20 minutes to 22 days. A 1-second time-out would push that to 6 years.
    Perhaps a time-out would create problems for a large commercial service, but wouldn't it be transparent to a home wireless network?
    Nigel

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •