<i>No doubt, this neighbor should have changed his password long ago, but there is a lot to admire about his security hygiene nonetheless.</i><p>I think it's taken too much for granted that one <i>should</i> change passwords on a regular basis. If we assume that changing passwords more frequently means that we are more likely to use more rememberable - and, thus, more guessable - passwords, then perhaps this is not a fluke. Perhaps "pick a truly random, long sequence and keep it for a long time" is not actually bad policy.<p>In short, I find it odd that the author unquestionably says his neighbor should have had different password behavior, yet it was the only password he couldn't crack. That's an opportunity to revisit assumptions.
When addressing various physical home security issues, I came to the realization that if a trained team of attackers equipped with body armor and night vision broke into my home, the issue escalated beyond anything I could sensibly prepare for.<p>The article reminded me of that. If someone attacks my home wifi with network sniffing hardware, sophisticated password guessing tools, hours of planning and execution, etc then, well, the issue escalated beyond anything I could sensibly prepare for.<p>I realize these computing tools are easy to come by and not terribly hard to use. Ditto body armor, night vision, and combat training. And if someone is inclined to apply them against my pathetic existence, I'm screwed. Planning for such events is pretty pointless, I have other things to do.
You know, at the cost of $2,500 per year, (although I can't actually find where to purchase the software) you'd probably be better to just YouTube some kid's backtrack tutorial.
I have successfully cracked a couple of Routers using Reaver. Reaver Leverages a bug in WPS (wifi protected setup) <a href="http://arstechnica.com/business/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver/" rel="nofollow">http://arstechnica.com/business/2012/01/hands-on-hacking-wif...</a>
It's way faster than brute force or dictionary attacks.
People are still really surprised when I offer to crack their neighbors' wifi passwords for them - "You can do that?". We've only been at it for over 10 years now.
>What's more, WPA and WPA2 passwords require a minimum of eight characters, eliminating the possibility users will pick shorter passphrases that could be brute forced in more manageable timeframes<p>Should I point out that 'password' is 8 characters :) Have there been studies done that attempt to test the hypothesis that when forced to pick passwords that meet some arbitrary complexity threshold most common users pick things like "password1"? I have a hard time believing most non-techies (heck, even a lot of techies) pick secure passwords.
You're also screwed if you have WiFi Protected Setup enabled (Its enabled by default in most routers). Once can easily crack a WPA2 passphrase easily in a few hours using a tool like reaver.
I found this article to be a bit sensational. It should be titled, "how I paid some experts to crack my neighbor’s Wifi." I’m not trying to dismiss the threat, just put it in perspective. The use of these tools is either expensive ($2500 a year?) or requires a non-trivial amount of expertise (Aircrack-ng).<p>I did find the article linked within to be more interesting and informative.<p><a href="http://arstechnica.com/security/2012/08/passwords-under-assault/" rel="nofollow">http://arstechnica.com/security/2012/08/passwords-under-assa...</a>
Don't really want to hijack this thread so feel free to downvote me if you feel its not appropriate.<p>We launched a product that protects you from these attacks - more discussion here - <a href="http://news.ycombinator.com/item?id=4444478" rel="nofollow">http://news.ycombinator.com/item?id=4444478</a>
> To his chagrin, it took CloudCracker just 89 minutes to crack the 10-character, all-numerical password he used...<p>> Remarkably, neither CloudCracker nor 12 hours of heavy-duty crunching by Hashcat were able to crack the passphrase. The secret: a lower-case letter, followed two numbers, followed by five more lower-case letters<p>So an all-number password was easily cracked with this method, but a shorter password with letters was untouchable?<p>Edit: I get that 10^10 is less than 36^8. I was more wondering how the cracker assumes, without knowing already if it's all-numeric or not, that it should try longer numerics before shorter alphanumerics and when it decides to give up on the numbers. I guess it's just known to be more likely for a good number of characters.
>To capture a valid handshake, a targeted network must be monitored while an authorized device is validating itself to the access point.<p>I think it's a really noob question, but how do you monitor a network if you are not connected to it?
As one of the comments mentions, you can bypass this whole step by using Reaver, which attacks the WPS pin number instead of the encryption scheme. It's not 100% and it takes 8-12 hours to complete, but it does work.
> To his chagrin, it took CloudCracker just 89 minutes to crack the 10-character, all-numerical password he used, although because the passcode wasn't contained in the entry-level, 604 million-word list, I relied on a premium, 1.2 billion-word dictionary that costs $34 to use.<p>There are 10 billion (10^10) possible 10-character all-numerical passwords. Can anyone explain how it was cracked using a 1.2 billion-word dictionary?
Is there way to measure WiFi signal quality between router and connected devices? any API on linux side? An easy generic protection can be done in the following way (if there is api): Ban all unknown MAC addresses with WiFi signal quality below the specific treshhold. In that case if hacker decides to use fake MAC address he cannot fake signal quality on my side.<p>Does it work?
re: MAC spoofing<p>I don't use WiFi as a matter of practice, but I'm curious: What if you could keep all the "whitelisted" MAC's continually logged in to your network, or, at least, you could keep track of when they log out. The idea being that MAC spoofing is not possible if the particular MAC that the attacker wants to spoof is currently logged in. This is generally true with Ethernet, correct? Is this true with WiFi as well? (Assume the traffic is encrypted.)<p>And in fact, it seems this guy's hack relies on someone "rejoining" the network, triggered by a deauth frame. Without that "rejoining" step, I don't think he could get very far. If his target is continually connected, and there's no way to force a "rejoin", and all the traffic is encrypted, then what can he do? The problem to me sounds like the fact that someone can send a "deauth" frame and have it be accepted, and the Apple Mac gives no warnings that the connection underwent a "rejoin".
I would place good money that most AT&T wireless routers (SSID = 2WIREXXX) are using the same 10-digit password that is printed on the sticker on the unit. Yes, it's more secure than the old days of a default password being "default" or "admin" but not so great if 10-digit passcodes are easily broken.
A couple of naive questions about the design of the security system:<p>1. Why is it possible to do the password tests remotely? Why would the key on the router be allowed to be transmitted? Even a 6 character password should be safe if you don't allow multiple tries.<p>2. Why isn't the handshake protocol encrypted?
My strategy is to use a human-readable password for my guest network (which I actually considered leaving completely open), and a crazy-long random password that I copy and paste from my password manager for my internal network.
The only reason I even have a password is on my router is that it crashes more often under traffic if I leave it open. I intentionally made the password easy to guess.
What is the command for aircrack-ng to generate the pcap file with the handshake?<p>(For those curious mac users, you can simply type "brew install aircrack-ng")