Slashdot Mirror

← Back to Stories (view on slashdot.org)

WPA Weak Key Cracker Posted

Posted by michael on from the bet-the-NSA-already-has-it dept.

Glenn Fleishman writes "The folks at TinyPEAP released a cracking tool to break Wi-Fi Protected Access (WPA) keys. WPA is the replacement for weak WEP keys in the original 802.11b specification. Robert Moskowitz of ICSA Labs released a paper almost exactly a year ago documenting how WPA keys that were short and lacked randomnness could be subject to cracks. This tool automates the process. Moskowitz advised choosing passphrases of more than 20 characters or generating random keys of at least 96 bits, but preferably 128 bits. Some tools exist to produce better keys, including chipmaker Broadcom's SecureEZSetup (in selected hardware) and Buffalo Technologies' hardware-based AOSS for automatic key generation and propagation. Enterprise-based WPA with 802.1X doesn't have this weakness: each user gets a long WPA key that's randomly generated and uniquely assigned--and can be frequently changed during a session."

11 of 168 comments (clear)

  1. I'm all for this. by Anonymous Coward · · Score: 5, Funny

    Leaving my WAP wide open all the time allows experienced crackers to access all the best pr0n sites with ease via my connection. All I then have to do is check the logs and Voila! There they are! Saves me looking for them and having to wade thru the pop-ups and bogus sites!

  2. This is why by zakezuke · · Score: 5, Funny

    This is why I setup a stand alone wifi network that when ever war-drivers discover my "wireless network" everything they visit gets redirected to goatse. The result, I've observed is usually a loud exclamation followed by the sound of screeching tires and burnt rubber.

    Next i'll observe when I secretly host a wifi network near starbucks and replace everything with a small mirror of www.khaaan.com.

    --
    There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
    1. Re:This is why by zakezuke · · Score: 3, Funny

      If you want to get really evil, I assure you that some twisted people are perfectly capable of dreaming up even scarier things than goatse

      I don't know, hearing 20 laptops or so yelling "Khaaan! Khaaan!" I think is scarier than a penis bisection.

      --
      There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
  3. Re:no good excuse by Anonymous Coward · · Score: 1, Funny

    You should never access a neighbor's access point... ...except at night, to download porn, till dawn. Oh and with their permission.

    "Pardon me, mind if I use your wireless connection so I can download porn and masturbate all night long?"

  4. Re:Odds of implementation? by IamGarageGuy+2 · · Score: 3, Funny

    doh! - temporal acronym overload

    --
    Stay tuned for new sig...
  5. Re:What Morons by Anonymous Coward · · Score: 1, Funny

    i love when idiots like you post on nerd sites and make an ass of yourself.. you should have posted anonymously, your nerd creds have been lost, you can never show your face here again as StarWreck.. time to make a new username or never come back, you ruined it

    and while yes this is a troll.. its not a pure troll.. had you posted only your first post then replied to the replies with something like "oh i wasn't aware of that, sorry, i guess i was wrong"... then you'd be fine.. but you keep replying saying you are right and everyone else is wrong.. when everyone else is right and you're wrong..you're probably not stupid, you made a simple mistake, but then you acted like an ass about it and now you ruined your slashdot name

  6. What is Slashdot coming too? by Anonymous Coward · · Score: 2, Funny

    I know traffic has been declining to this site but please have a little dignity left. Posting cracks on slashdot? What next, hosting the latest music, movies and software. I would hope the moderators would do a better job sifting through stories. Lots of good stories are getting rejected while dupes and stuff like this gets posted all the time. It's just a shame to see this site suffering from the same problems big media conglomerates have.

  7. What about unsecured networks? by porkUpine · · Score: 4, Funny

    Until people start securing their wireless networks with SOMETHING, wireless will always have a bad reputation. As nice as it would be, we aren't allowed to use wireless in office... period. BTW, I'm surfing /. from my neighbors unsecured WAP. *Sigh*

  8. Re:By its nature... by drfrogsplat · · Score: 2, Funny

    As for lacking sufficient knowledge of firewalls, you're welcome to try and hack mine. It's been up for 7 years now without an intrusion. And not for trying, according to my logs.

    Put your money where your mouth is and post your IP on /. then (;

  9. Re:Just name all your specific MAC addresses by Anonymous Coward · · Score: 2, Funny
    How many home users know what a MAC address is?

    Let me guess...

    A: The street address of an Apple Macintosh?
    B: The serial number of an Apple Macintosh?
    C: Address of the closest MacDonald's?
    D: Something that can be changed under Network Device Settings?
  10. Re:Odds of implementation? by cbiltcliffe · · Score: 2, Funny

    So:

    1. Put up an ad in the mailroom for computer and network service in apartment number
    2. A week later, start enabling WEP on the open routers.
    3. Residents go ?????.
    4. PROFIT!!

    (Who knew this /. staple could ever be used in a sensible way?)

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......