Posted on 04/05/2005 11:34:01 AM PDT by atomic_dog
Millions of wireless access points are spread across the US and the world. About 70% percent of these access points are unprotected—wide open to access by anyone who happens to drive by. The other 30% are protected by WEP (Wired Equivalent Privacy) and a small handful are protected by the new WPA (Wi-Fi Protected Access) standard.
At a recent ISSA (Information Systems Security Association) meeting in Los Angeles, a team of FBI agents demonstrated current WEP-cracking techniques and broke a 128 bit WEP key in about three minutes. Special Agent Geoff Bickers ran the Powerpoint presentation and explained the attack, while the other agents (who did not want to be named or photographed) did the dirty work of sniffing wireless traffic and breaking the WEP keys.
(Excerpt) Read more at mirrordot.org ...
Since probably 99% of home WLAN users are using channel 6, try using a channel with less overlap, like 1 or 11.
>
> If you broadcast it, it's fair game.
>
try telling that to those who broadcast satellite signals onto your property.
Nope. Anyone nerdy enough to know how to crack the WEP is going to know how to spoof a MAC address and sniff your wireless even if you aren't broadcasting.
You're better served buying a wireless router and card that supports WPA.
The ability of the human animal to rationalize dishonesty never fails to amaze me.
I would challenge anyone to try and crack my WLAN. Just be prepared to deal with the State Bureau of Investigation here in North Carolina
It isn't that 128 bit is weak, as it isn't. WEP was unfortunately designed with a significant problem. You don't need to break the encryption, just the pointers. The bit length of WEP is almost insignificant to the true hacker/cracker.
More bad news WPA isn't much better. It has recently been broken in a similar manner, but you can expect times of closer to an hour.
Channels 2, 6 and 11 don't overlap with each other. Since 99% of users are on 6, I would use one of the other two.
Is there some non-random noise in the background, or some other non-random radiation? You have to run an analysis on the results to see if you got something acceptably random. Random.org does it with atmospheric noise, and its numbers aren't exactly perfect, but they're so good that any argument is pretty much academic.
I just figured I'd put it into perspective for anyone who thinks you can just brute force 128-bits of keyspace.
To further put it into perspective, consider this:
if you go to Distributed.net's RC5/64 stats page, you'll get an idea of how much computation work was required to crack a single 64-bit message. Thousands of computers were thrown at this project for 1,726 days. They tested 15,268,315,356,922,380,000 keys, and the overall rate was 102,385,059,633,000 keys per second tested!
Remember, this was just 64-bits using a pretty optimized program. (though not specialized hardware) Now, add one bit to the key length. a 65-bit key has twice the number of possible keys as a 64-bit key does. (this is really simplified - there are caveats all around this stuff, but the general rule holds).
In general, people don't have any idea of how big 128 bits really is. The biggest problem with cyphers is, as I said earlier is the implementation. If I remember correctly AES uses a 256 bit key. Just to boggle your mind, here is what 2^256 is written out... 115792089237316195423570985008687907853269984665640564039457584007913129639936.
There is nothing in the entire universe that there are that many of. The number, IMO is nothing more than a mathematical fantasy because it represents a value so large that the universe pales in comparison to it.
A properly implented 256-bit crypto algorithm can be brute forced by G-d alone because only He has time to outlast the heat-death of the universe.
I've been fascinated by cryptography for years, and made my first post to the Cypherpunks mailing list more than 10 years ago.
Right now, just sitting at home, in a not-particularly-high-tech area, I can pick up five WLANs other than my own, six if the winds are blowing in the right direction. ;) Only one of them is even password-protected. I could hop onto any of the others at will, if I wanted to.
Yeah, mine was rounded off somewhat ;)
Except for fingerprints or other data stored on the laptop. If those connect to a real person, you can expect some kind of criminal charge for sure.
Just to put it in a bit more perspective, if you searched the 128-bit keyspace at the same rate that Distributed.net searched for their 64-bit key, it would take you (approximately) 105,319,983,119,962,000 years, give or take a hundred million or so, to search the entire keyspace and test every possible key. And, like I said before, you'll wind up searching half the keyspace on average before you find the right key. If you plan ahead - start packing now for when the sun gives up the ghost - you can probably beat the heat death of the universe, but time's a wasting ;)
I'm not too well informed wrt wireless since I've just recently acquired a wireless laptop - so this question may be naive:
I do seem to recall an oddly named sniffing application but can't remember if it was "(&^*" or not. If it was (and what you've typed is not a typo), how in the world do you search for "(&^*", as it is interpreted as special characters by the search engines? TIA for any clues to the clueless ... (A direct link would be great, too! ;^)
I would think, that if someone was going to use a laptop and wi-fi card for some nefarious reason, they would not have incriminating stuff in memory, and destroy all the evidence thoroughly.
even smart criminals make stupid careless mistakes sometimes.
Except the ones that haven't been caught.
You don't have to wait by the phone. Although, I think it might be fun to try my childhood hacking tricks just to see if I could (I don't think I'd live long enough to do it). I also never said "I" could or would be able to crack a PGP message. I know of one instance where a police computer forensics team was able to de-crypt banking information in an "old" version of PGP on a defendant's hard drive using a varriant of Brute Force. This information came to me from my brother who was a lawyer with the county DA at the time.
If I remember correctly, the time involved was 14 days of running word and number combos to get it. That's not your average hacking job, but it was done. The fool used his first dog's name, and an old street address, but it is short order to me when something that is supposed to be unbreakable when used correctly can be broken by Webster's online dictionary because someone is too stupid to mix up the pass phrase. Most people are just like that guy. Dog names, birthdays, as long as they can remember it, it will do for a pass.
Of course using a string phrase of random letters and numbers and greater bits for the pass increase the security, and granted, it can take forever to crack it, but my point is there is nothing that you can't break if you try.
Finally, I find it funny that PGP and other encryption progs like Kremlin (which I use) gloss over the NSA and others. I may put too much faith in the government's ability to break encryption, but somehow I think if the Feds wanted your phone number from your message, you'd get that call shortly.
From the PGP site:
National Security Agency
(NSA)
The following information is from the sci.crypt FAQ:
The NSA is the official communications security body of the U.S. government. It was given its charter by President Truman in the early 50's, and has continued research in cryptology till the present. The NSA is known to be the largest employer of mathematicians in the world, and is also the largest purchaser of computer hardware in the world. Governments in general have always been prime employers of cryptologists. The NSA probably possesses cryptographic expertise many years ahead of the public state of the art, and can undoubtedly break many of the systems used in practice; but for reasons of national security almost all information about the NSA is classified.
had a discussion of this with an attorney friend of mine.
I think a wireless lan in a law firm is VERY irresponsible. If the dollars are enough tapping a lan is just too sweet a source of information.
actually I do not think the warentless thing will last because of a couple of USSC cases.
There is a case that said police can not use infrared cameras to "look" into houses without warrent. The USSC said that just because technology progresses, it does not change the "castle" nature of the house and home.
The police were flying over people's houses and using an infrared camera to look inside houses to see any temperature oddities. This was an indication of hydroponic farms inside houses. (even a super airconditioned atic was suspect)
This has more application under a patriot act snooping to prevent rather than a viable law enforcement tool.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.