Domain: renderlab.net
Stories and comments across the archive that link to renderlab.net.
Comments · 9
-
Re:Why lose your time?
For the average user, how many people are going to set it up like that. And obfuscating the SSID? Care to elaborate?
Certainly the average user does not take adequate precautions against attack. I was just mentioning a method to mitigate the effectiveness of rainbow tables against WPA. (obviously WEP is bad, and is no longer recommended for any use)
WPA hashes are seeded using the SSID. Rainbow tables are constructed using known SSID's so if you "obfuscate" the SSID by making it somewhat long with random characters then rainbow tables are not effective. Increasing the length and randomness of your PSK is also helpful, as rainbow-table attacks rely on a dictionary and are computed to a finite length (commonly 20 characters).
Using WPA2 with a gobledegook SSID and a PSK of 63 characters in length that contains no dictionary words is in practice not crackable. -
O RLY
> It's really easy to protect your data: simply turn on WPA.
hahahahaha. http://www.renderlab.net/projects/WPA-tables/
-
Re:Salts?
The site host/cracked NTLM LM MD5
NTLM is still used in the following situations:
* The client is authenticating to a server using an IP address.
* The client is authenticating to a server that belongs to a different Active Directory forest, or doesn't belong to a domain.
* No Active Directory domain exists (commonly referred to as "workgroup" or "peer-to-peer").
* Where a firewall would otherwise restrict the ports required by Kerberos (of which there are quite a few)So kids getting their teeth wet on home networks, which probably explains why its not being supported. MD5 is still used by applications that arn't quite sure what they are doing/can't do much more e.g grub, im clients, etc.
Lookup tables are still useful in cracking WPA
-
Only MD5/LM/NTLM?
I was expecting more tables than just MD5 and two types of Windows passwords. You can already download the Ophcrack DVD to do Windows passwords with rainbow tables.
Renderlab offer wifi WPA rainbow tables: http://www.renderlab.net/projects/WPA-tables/ . I hope whoever takes over takes note of projects like that, and tries to expand the range of tables available.
-
Re:Rotate your keys
I dont think you understand how WPA cracking works. Perhaps i used the wrong word when i said keyspace, im no cryptography expert. What i meant was computing the hash into a form where you can compare it with the captured packets takes a long time, but comparing it doesn't
a quick read of church of wifi tells us that a computer with 15 GPUs could manage ~9000 hashs per second, even with a 20fold speed increase ~180,000 hashes per second, a p3/700 could check 18,000 of these hashes a second, so a dual core 2.5ghz machine can probably compare 180,000 hashes per second ( i couldnt find any benchmarks or comparison to p3/p4 flops to verify the speed increase ). So while the 1st run of an attack requires substantial power to generate the hashes (unique for your SSID) a 2nd attack will be 1500 times faster (or 75 if the checking speed isnt affected by the "breakthrough")
Realistically if you know the victim changes the passkey you only need to generate the hashes for a smaller subset of the all the possible passphrases to get the same chance of success, thus reducing the attack time and security of the system
t = G/n + nC
where
( t is the time taken for an attack , G is time taken to generate hashes , C is time taken to check the keys, n is the number of key)Assuming G = 75C [ its probably still 1500 ] for the same chance of success
1 key takes 76 time units (75 to generate 1 to compare) [1501]
2 keys take 39.5 time units [752]
9 keys take 17 time units [196.5]
above 9 keys the attacker can just take a sample of 9 keys to work onChanging keys does mean that if your key is broken youll loose less data however it does weaken your security and the time to get all your keys is still 75+n unless you change your SSID with your key changes
-
Make your own...
$20 of PVC pipe, an old hiking pack frame and you can build a pack to do whatever you want.
-
Testing claims yourself...
I've participated in the Lockpick contest for the last 2 years. It's been a blast. Quite a challenge too. The book is'nt anything hugely groundbreaking (check out Security.org for a really amazing book), but it's a good thing to read if your curious or if your like me and are not very good at explaing how to do it to others.
I just find lockpicking facinating because it's yet another case of people proving manufacturers claims are often highly exadurated, or just full of BS. Knowing, and proving for yourself what makes a good lock vs. a bad lock fits well into the computer security dynamic (Physical security anyone?). That extra $1-2 for a master brand lock can buy you several minutes more security vs. a cheap look alike that can be shimmed in about 3 seconds, kind of useful to know. They can both be opened, but your less likely to have a thief willing to be exposed for several minutes than for a few seconds. The Kyptonite vulnerability now makes everyone re-think trusting the manufactureres claims now does'nt it?
It's also a handy skill for those inevitable times when someone locks the server cabinet and loses the key and you don't want to pay a locksmith through the nose. I also use my skill in security audits to very dramatically show how little security that cheap lock on ther server room provides.
I've got some descriptions of the contests and LP resources up at my site and some links to videos and the MIT guide if anyones curious.
Just remember that there is little a set of bolt cutters, a crow bar, or a sledge hammer can't get through. Lockpicking is the 'elegant solution' to that (literal) brute force. -
We need this in Canada!
We've seen many urban wifi networks setup in Europe and the US, but what about Canada?
Wifi hotspots (Intentional or not, hehe) are pretty common in Edmonton and Calgary. Now we just needs some of these access points linked together. -
Yes, Very Very useful for some compaines
I'm suprised no one has brought this up yet.
Several "leading" companies went through the public embarassment of such stupid flops as not being able to track their domain name expiration dates- the equivalent of dentists with toochaches or editors making spelling and grammar errors. Some websites that lost their domains for some time:
hotmail.com
norton.com
For more information, I refer you to RenderMan's Art of Domain Stalking
Buying domains for a long time makes a lot of sense for anyone who's budget is over dozens of thousands of dollars - it's cheaper than having a department or even a single employee tracking the expiration date of your domains.
$30'000 in employee salary versus $1000 for 100 years of registration- see the benefits?