Feds Hack Wireless Network in 3 Minutes
xs3 writes At a recent ISSA (Information Systems Security Association) meeting in Los Angeles, a team of FBI agents demonstrated current WEP-cracking techniques and broke a 128 bit WEP key in about three minutes. Special Agent Geoff Bickers ran the Powerpoint presentation and explained the attack, while the other agents (who did not want to be named or photographed) did the dirty work of sniffing wireless traffic and breaking the WEP keys. This article will be a general overview of the procedures used by the FBI team.."
When I first read the closing line of the article, I chuckled.
Then I felt dismayed.
It really is a shame when the prevailing "geek" attitude towards agencies like the FBI is mistrust and fear, not confidence and respect.
Obliteracy: Words with explosions
I am surprised that wireless A/P dont block a MAC address after X number of attempts
WEP is like gun laws in the US. They only keep the honest people from having guns. What a great society we live in.
Only 'flamers' flame!
Does slashdot hate my posts?
Personally, I use "random.org" to generate 152 bit keys. These should be reasonably secure from brute force attacks.
This is reasonably secure for most of my clients, but I'm still a bit worried about those mind-control-rays penetrating my tinfoil hat. How do I know the numbers weren't intercepted. Granted, I'm not advertising the customers they're going to, but you can never be too careful.
Anybody have experience with building and integrating a hardware random number generator?
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
This is a demonstration of why anything that is not isolated should be treated as inherently insecure.
Put the AP on the outside of the firewall and your network security is no more compromised than it is by simple fact of being connected to the internet in the first place. Your internet connection is FAR more dangerous. Secure yourself against that and treat any wireless connection no differently.
I use WEP _purely_ to limit leeching, nothing more. Beyond that, I don't see the point in bothering worrying about it, since if your primary network connection is LESS secure than your WiFi connection, you have MUCH bigger problems. Bandying around about encrypted APs just seems pennywise in that context. I mean, would you feel terribly secure if your wired network connection was absolutely secure for 500ft from your building and totally wide open at either end? Seems rather pointless to me and that is EXACTLY what you have with WiFi. Who the fsck cares and if so why?
128 bits. Roll one 8-sided die 51 times (discarding the least-significant bit of the last roll).
.50c. I'm fairly certain you could find cheaper prices. I estimate the total cost of this hardware randomizer at $20 if done on the cheap.
To speed up the process, get one of those
clear boxes they use to make sure people take the right number of pills per day. Get one with more than 22 boxes. (4 times a day for a week = 28, fairly common)
Put dice in boxes. Put a sheet of something solid on the door side. Shake. Invert. voila, random byte strings. w/ 28 boxes you have 84 random bits. Repeat twice for your 152 bit key, dropping the last 16 bits.
chessex.com has a variety of dice - you can can order single d8s for
Someone will probably complain about the non-cryptographic quality randomness of this process. But you only need cryptographic quality randomness when you're going to use it very repeatedly and someone can attack the similarity between them. Since the nonrandomness isn't known to anyone outside and you probably aren't generating a massive number of keys you're fairly safe. To increase security, buy dice from multiple manufacturers and occasionally switch around the lots.
(every 4 d8 values converts to 3 hex values. If you're converting by hand, you could alternately use a pair of dice for a hex value, generating only 56 bits per shake but only needing a table of 16 values to convert by hand to hex. You could also use 4 sided dice for this equally well, since you're only using 4 bits per pair.)
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
Here at work (an R&D facility for a major electronics company) we have opened up our WLAN for anyone to use and dropped WEP completely. Instead we use VPN's. This enables the following:
1. Any customer/vendor can get easy net access
2. Anyone in our local area can get free Internet access and feel good about our company. The range isn't that far, but for geeks in a pinch, it's there for them.
We don't advertise this feature but it is definitely done for these reasons.
I strongly recommend other companies to just dump WEP or any other authentication system and open up their access points.
Pretty much. It does have some historical meaning, although most people are probably unaware of it. See DEADBEEF in the Jargon File.