Show me your one-click WPA crack.

Wireless security is evolving just as other areas of security have. There's no silver bullet, but if you practice Defense in Depth using different security controls, wireless can be secured and be very useful. DoD, NSA, and other agencies use wireless every day, and they have successfully gone through Certification and Accreditation just like other infrastructure pieces.

I would try to avoid making blanket statements like this in the future.

I think you are absolutely wrong and in 5 years, Access points (if they could talk) would qoute Samuel Longhorne Clemens by saying "The rumors of my demise have been greatly exaggerated."

Wireless security, if properly implemented, suffice for everyday use, and the benefits of being untethered by cabling will not diminish over the years.

The problem is getting people to read their manuals,and configure their devices iso just plugging a WiFi device into the network with default settings.

WEP as such is a bad implementation of a good algorithm, somewhat rectified in WPA with TKIP, and even better rectified in WPA2 (AES-CCMP).
Using a non dictionary WPA passphrase with a length >16 is secure enough for the time being. Using WPA2 with the same params, is IMHO secure enough for the next 5 years.

Remember that IT is not a static industry. Hardware gets faster, cheaper, more features, etc etc. The same will be true for the features and encryption algorithms used for WiFi devices.

So if you plan on new career earning a living by forecasting the future of hardware usage, I'd say you shouldn't give up your day time job. Oh, and could you please hold the lettuce on the burger, and extra ketchup for the fries please...

Dutch

http://www.crimemachine.com/Tuts/Flash/WPA.html
http://www.crimemachine.com/Tuts/Fla...crack-wpa.html
http://www.crimemachine.com/Tuts/Fla...crack-wep.html

WPA cracked, even I could do that ;), and i ment for the mass, not for secret agencies ;)
And WEP cracked ;)

nice sarcasm;), but almost everything will eventually be cracked, because there are enough skilled hackers around. (no I'm not counting myself as one ;), I only know how to exploit ;) )

I mean, WPA2 will probably be cracked too.

You still don't get it..
Reason why the tutorial from Max's ASC forum works, is because the passphrase was an easy one. Try to reread my above post, and this time try and comprehend the statements non-dictionary passphrase and length > 16. Max's tutorials are made as a proof of concept, specifically to state that you should NEVER use a weak passphrase. Weak means short, and a phrase that can be found in dictionairies.

And let me put it this way : It is still not a one-click WPA crack. YOU most definitely would NOT have been able to do it, if it had not been for the tutorial spoonfeeding you each step. As for you knowing how to exploit, I'm guessing it's akin to how scriptkiddies using a virustoolkit knows how to code...

WEP can be employed in a secure manner, albeit that means using rotating keys with a short time usage span. Short in this manner means a life span of max 5 minutes, before next key is used. The concept behind WEP isn't bad, it is just the implementation of the algorithm that is fubared.

And yes, any encryption, given enough time and resources, can theorethically be broken.

You either ought to go back to making oliebolletjes/flipping burgers, or start reading up on the subject, before coming with halfassed statements in a public forum.
Or go into politics, if you do insist on making halfassed statements in a public forum.

Dutch

I'm sorry for saying something that's not right, jesus, can't even have a normal discussion

SSH came out a decade ago and yet many people are still using Telnet. people "keep using" older, less secure technologies long after suitable replacements are proposed or implemented for a variety of reasons. this will not change.
how you define "everybody" is key to the validity or falacy of your statement. are you including this guy, for example...


... because somehow i don't think he's totally up to date with respect to reading slashdot, packetstorm, and the securityfocus forums. there's many more of those people than there are infosec professionals. for that reason alone, access points are not going anywhere.

also... don't tell anyone... but i came across this astonishing secret...


i know, i know... it's hard to believe. but there are literally millions of users, nodes, and switches out there that make up this crazy thing we call teh intarweb... data packets being sent out from one machine make hops across all sorts of segments of the network... all of which have varying security.

and yet, wonder of wonders, somehow people manage to send data back and forth in a secure fashion. this is because of all the traditional measures that can be taken... all of which are totally suitable for use on a wireless lan. treat connected wireless clients as if they're users sitting in some internet café in Rickmansworth many miles from your network and then it almost doesn't matter if you run a totally unsecured AP. if you tunnel with enough encryption you'll be in pretty rockin' shape.

but for marketplace / clueless user reasons alone, it is a sure thing that Wi-Fi will be with us for a loooooong time to come.

[edit: does anyone else have a lot of difficulty with the IMG tag on these forums? sometimes it works for me, sometimes it doesn't... personally, i type my vB code manually but there are times (like now, for instance) when i notice that the "insert image" button doesn't even show up duing the compose post screen. is this a bandwidth-saving function? when the forums sense heavy load do they temporarily disable the insertion of images and treat the IMG tag like the URL one instead?]

Looks like a whole bunch of normal discussion to me; we can't help it if you opened the topic up on the wrong premise without *intending* to troll the forums with some bullshit 'ok, let me play the devils advocate' startup.

You came in yelling at the transport while really complaining about a couple of low-level encryption mechanisms. Don't shoot the messenger. Of course anything sent through the air is going to be highly insecure by default. Using stronger encryption on top of wireless best practices mitigates the risk that someone will be able to make use of the data for a relatively decent length of time. If you're transmitting important information that should never be accessed by a freak waiting 10 years for the encryption break, you should know better than to publicly transmit that data to begin with.

true, but ain't it odd that not many people seem to care that their bandwith is used or can be used :S without paying for it?

And sorry for the title, i should put it better, wifi ain't a big laugh, but the encryptions are ;) and I was talking about WEP and WPA and not about WPA2, i did not heard of that yet, sorry for my ignorance.

I hear this Internet thing is a big fad too. It will probably go away once people realize how insecure it is. 5 years from now, hardly anything or anyone will be connected to it...

I get the point :-/

hmm.. but now you're hopping from security of the data back to transport issues via ACL mechanisms ... iirc wep was never intended as an means of controlling access, but lame people (including myself) use it that way.

My rational thought is that even 64-bit wep will be enough, in combination with not broadcasting my essid and not providing dhcp, to keep general passer-bys off my network. Anyone wanting free internet will surely hit one of the two broadcasting essids for my high-powered public node.. anyone really intent on seeing and craftily breaking the awe of my 64bit WEP will just get the benefit of my donkey pr0n viewing, unless they camp and break my ssh tunnel to a completely different system. Anyone serious about controlling access to the network would implement one of many other available means... their network would could look completely open, but you wouldn't get anywhere on it.

Wireless is Here to stay

Wireless is here! And it's not going anywhere. Most users (with the exception of security professionals) couldn't care less about the security issues - they just need to get their e-mail, downloads etc... It is being built into a lot of new technology, your laptop, your new smart phone. And even through some users don't use wireless, because they don't understand the technology, don't even know thir wireless is on by default, with XP automaticly associating to the strongest signal. As wirelss evolves, so will the secuirty measures. Just because it's insecure, you can't ignore it. Not now...... it's here!

It might get more secure

But i doubt it.

It will get more secure...but you can associate wireless like the postal mail system.

For the mostpart, your mailbox (the kind that is a box on a stick) is going to be left alone by a system of trust and respect even though it is the least bit secure. It is the worst way to get mail. But people still do it and will continue to do it even though there are better ways. It will take their mail getting stolen and their identities stolen for them to change that. It is about convenience just as wireless is.

No one is going to force you to get a PO Box or install a mail drop setup that is secured and locked (or installed in your front door). YOU have to make that decision.

No offense to anyone here with that kind of mailbox :)