On Sun, Nov 15, 2009 at 9:40 AM, Kurt Granroth <kurt+plug-discuss@granroth.com> wrote:

On 11/15/09 5:57 AM, Lisa Kachold wrote:
> On Saturday, November 14, 2009, Kurt Granroth
> <kurt+plug-discuss@granroth.com> wrote:
>> Lisa,
>>
>> I'll grant you the denial-of-service attack, but I'm still not finding
>> any evidence that WPA is fundamentally flawed (much less "easier to
>> crack... than WEP").
> You simply capture the auth with airocrack-ng.
> Even 20 characters can be decrypted eventually! A dictionary attack
> is faster and a truely random passwrd delays the process and none of
> this is any reason to not use security tools but the fact is the
> protocol has been broken! I know I put in a nomadix and cisco aironet
> with active directory and radius in 2003'
> radius is anice solution; we used them for our dialup with livingstons
> at Nike and various ISPs.

I guess I still disagree with your use of the word 'broken'. By that
definition, gpg is 'broken' as well as *any* encryption system that uses
passwords. Just because because you can brute force a crack doesn't
mean that the protocol broken.

And as far as 'eventually' goes... according to the people at
ElectricalAlchemy, a 12 character random password would take 28 TRILLION
hours of computing power (defined as 'high-CPU on Amazon EC2'). Let's
say that you can wrangle up 10,000 systems to work on this
simultaneously. It would still take over 300,000 YEARS to brute force it.

Actually no; it would with current CUDA NVidia and faster processor techniques take at most 60 days.

http://pyrit.wordpress.com/the-twilight-of-wi-fi-protected-access/

Let's imagine I drive over to a well known corporation with WiFi (or target you and your networks); I can obtain sufficient information in less than 5 minutes; take it home and start the work. Once I get the Pairwise Master Key - additional auth (captured in the stream) is trivial.

Now tell me truly that your Wifi configurations are:

20 character pass
truly random with upper case letters and numbers
fully tested against current crack techniques
changed every 60 days

and optimally:
on their own isolated VLAN

pyrit is a Google Code CUDA NVidia cracking utility. Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocols that protect todays public WIFI-airspace. Pyrits implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. The performance gain for real-world-attacks is in the range of three orders of magnitude which urges for re-consideration of the protocols security. Exploiting the computational power of Many-Core- and other platforms through ATI-Stream, Nvidia CUDA, OpenCL and VIA Padlock, it is currently by far the most powerful attack against one of the worlds most used security-protocols. For more background see this article on the projects blog.http://code.google.com/p/pyrit/

Looking at the curve, I would guess that a 20 character password would
take well into the trillions of years (or likely more) to brute force.
That's much older than the age of the universe!

I feel pretty safe with a protocol that would require long than the age
of the universe to crack! I would NOT consider that broken :-)

Well, evidently you are stuck in the security matrix; feels all good and safe in that denial? I would challenge you to a real live test with your current configuration, but that work is (or was) really in your realm to complete right after installation; and I only pentest/crack with a fully signed contract or for demonstrations at PLUG HackFests for ITT and DeVry students at the John C. Lincoln Cowden Center.