running Linux on odd devices is SOOO COOL!

Lisa Kachold lisakachold at obnosis.com
Sun Nov 15 12:53:34 MST 2009


On Sun, Nov 15, 2009 at 9:40 AM, Kurt Granroth <
kurt+plug-discuss at granroth.com <kurt%2Bplug-discuss at granroth.com>> wrote:

> On 11/15/09 5:57 AM, Lisa Kachold wrote:
> > On Saturday, November 14, 2009, Kurt Granroth
> > <kurt+plug-discuss at granroth.com <kurt%2Bplug-discuss at granroth.com>>
>  wrote:
> >> Lisa,
> >>
> >> I'll grant you the denial-of-service attack, but I'm still not finding
> >> any evidence that WPA is fundamentally flawed (much less "easier to
> >> crack... than WEP").
> > You simply capture the auth with airocrack-ng.
> > Even 20 characters can be decrypted eventually!  A dictionary attack
> > is faster and a truely random passwrd delays the process and  none of
> > this is any reason to not use security tools but the fact is the
> > protocol has been broken! I know I put in a nomadix and cisco aironet
> > with active directory and radius in 2003'
> > radius is anice solution; we used them for our dialup with livingstons
> > at Nike and various ISPs.
>
> I guess I still disagree with your use of the word 'broken'.  By that
> definition, gpg is 'broken' as well as *any* encryption system that uses
> passwords.  Just because because you can brute force a crack doesn't
> mean that the protocol broken.
>
> And as far as 'eventually' goes... according to the people at
> ElectricalAlchemy, a 12 character random password would take 28 TRILLION
> hours of computing power (defined as 'high-CPU on Amazon EC2').  Let's
> say that you can wrangle up 10,000 systems to work on this
> simultaneously.  It would still take over 300,000 YEARS to brute force it.
>

Actually no; it would with current CUDA NVidia and faster processor
techniques take at most 60 days.

http://pyrit.wordpress.com/the-twilight-of-wi-fi-protected-access/

Let's imagine I drive over to a well known corporation with WiFi (or target
you and your networks); I can obtain sufficient information in less than 5
minutes; take it home and start the work.  Once I get the Pairwise Master
Key - additional auth (captured in the stream) is trivial.

Now tell me truly that your Wifi configurations are:

20 character pass
truly random with upper case letters and numbers
fully tested against current crack techniques
changed every 60 days


and optimally:
on their own isolated VLAN

pyrit is a Google Code CUDA NVidia cracking utility.  Pyrit takes a step
ahead in attacking WPA-PSK and WPA2-PSK, the protocols that protect todays
public WIFI-airspace.  Pyrits implementation allows to create massive
databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a
space-time-tradeoff. The performance gain for real-world-attacks is in the
range of three orders of magnitude which urges for re-consideration of the
protocols security. Exploiting the computational power of Many-Core- and
other platforms through ATI-Stream, Nvidia CUDA, OpenCL and VIA Padlock, it
is currently by far the most powerful attack against one of the worlds most
used security-protocols. For more background see this article on the
projects blog.http://code.google.com/p/pyrit/

>
> Looking at the curve, I would guess that a 20 character password would
> take well into the trillions of years (or likely more) to brute force.
> That's much older than the age of the universe!
>
> I feel pretty safe with a protocol that would require long than the age
> of the universe to crack!  I would NOT consider that broken :-)
>

Well, evidently you are stuck in the security matrix; feels all good and
safe in that denial?  I would challenge you to a real live test with your
current configuration, but that work is (or was) really in your realm to
complete right after installation; and I only pentest/crack with a fully
signed contract or for demonstrations at PLUG HackFests for ITT and DeVry
students at the John C. Lincoln Cowden Center.

Happy wireless network sharing with smart kiddies running Backtrack4 USB on
their NVidia gamer machines, Kurt!

See my other post regarding current Cisco LEAP for Microsoft A/D or Radius,
and sLDAP/Radius WPA "secure" auth implementations of Wireless networking.

Radius is actually very trivial to run on Linux, and if you want to be
really secure, it's especially easy to implement via SSO with sLDAP to a
shared intregration of Active Directory (where the Microsoft desktop staff
maintain the users).

-- 
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20091115/eddf7863/attachment.htm 


More information about the PLUG-discuss mailing list