[QCLUG] Recent article on Slashdot and VPN setup
David Hinkle
hinkle@cipafilter.com
Mon, 13 Oct 2008 13:56:30 -0500
This is a multi-part message in MIME format.
---------------------- multipart/alternative attachment
WPA in all it's mutant forms probably isn't going away any time soon, =
but it arguable should never have been born. For day to day =
applications such as playing world of warcraft and picking up girls on =
the internet it's fine, but if you really need to keep something =
confidential you should be using something with a lot longer history and =
a lot more research behind it.
Wep was always a hack, and will always be a hack, the purpose of which =
is only to give lip service to security without having to build AP's =
with enough horse power to do real encryption. Whatever parts of the =
standard may or may not have been broken at any given time is =
irrelevant, it'll all get broken sooner rather than later anyway. The =
golden rule: Anyone smart enough to design their own secure crypto =
system knows better than to do so. If the people who designed WEP were =
smart enough to build a secure encryption system they would have done so =
by deploying IPSEC.
David
-----Original Message-----
From: qclug-bounces@qclug.org on behalf of Chris Cooper
Sent: Mon 10/13/2008 1:41 PM
To: qclug@qclug.org
Subject: Re: [QCLUG] Recent article on Slashdot and VPN setup
=20
The WPA2 standard is far from dead. This only applies to WPA/WPA2 PSK
(Pre-Shared Key). It has no effect on WPA-EAP (or any variation
thereof). If you use a radius server for WPA Authentication, this
article means nothing.
Hardware assisted WPA-PSK cracking is nothing new. coWPAtty (a
popular WPA cracking utility) already has support for FPGA hardware
acceleration. What they did was simply alter the code to use the new
NVida API (the NVidia in API mode acts almost like an FPGA for the
heavy floating point math required by RC4 and AES encryption).
Back in May, Lockheed used the Playstation 3 Cell processor to do the =
same:
http://www.networkcomputing.com/blog/dailyblog/archives/2008/05/lockheed_=
breaks.html
This really isn't anything new, just a new application. Even at that,
it is still just brute forcing. This isn't like WEP where they found
design flaws that let them derive the keys.
Given enough processing power, any encryption is trivialized. The
3DES standard once used by Linux crypt() is just as cryptographically
sound as AES. The only difference is AES can use larger keys at the
cost of MUCH greater processing power. This increases the time
required to exhaust the entire keyspace during a brute force attack.
As computers get faster and faster, and the average core count becomes
greater, all of our current encryption standards will become
trivialized, much the way 3DES has.
As Arron pointed out, it really just boils down to password strength.
A great password generator and site explaining password strength and
complexity is:
https://www.grc.com/passwords.htm
On Mon, Oct 13, 2008 at 10:11 AM, Arron Lorenz <arronlorenz@gmail.com> =
wrote:
> I also should mention that in Soviet Russia you don't crack WPA, WPA =
CRACKS
> YOU!!
>
> On Mon, Oct 13, 2008 at 10:07 AM, Arron Lorenz <arronlorenz@gmail.com>
> wrote:
>>
>> I read the article you mentioned and the method for cracking is still =
the
>> same method they just figured out that if you use hundreds/thousands =
of
>> networked pc's that it goes faster.
>> From the article:
>> "The 100-fold increase in speed is achieved with two GeForce GTX280's =
per
>> workstation"
>> Now that is two (2) Nvidia GTX 280's per workstation. They also said =
you
>> would need 20 of these workstations.
>>
>> They also mentioned in the article that:
>> "This will, of course, mainly affect simple ascii keys. And it will =
only
>> work against static keys; anyone using more complicated =
authentication
>> schemes will not be at risk for now. But since that takes a couple of =
extra
>> minutes when installing, smaller businesses or departments often skip
>> setting this up."
>> I hope that no one is using simple keys for their passwords. =
"abcd1234"
>> will be cracked quickly whereas "a^b#c$d*1.2,3?4" will take a lot =
longer.
>> original
>> article: =
http://securityandthe.net/2008/10/12/russian-researchers-achieve-100-fold=
-increase-in-wpa2-cracking-speed/
>> So I would say make sure your WPA keys are updated to a good =
password.
>> Make sure that you change it regularly (The Ron Popeil "Set it and =
forget
>> it" method of security is not good). Also don't put important =
financial data
>> over wireless. I also would make sure to not piss off anyone with =
$20,000 in
>> top of the line nvidia graphics cards.
>> Thanks,
>> Arron
>>
>>
>> On Mon, Oct 13, 2008 at 9:46 AM, Mark Riedesel <mriedesel@gmail.com>
>> wrote:
>>>
>>> Those ingenious Russians. I plan to be there!
>>>
>>> On Mon, Oct 13, 2008 at 9:18 AM, agamotto <agamotto@sbcglobal.net> =
wrote:
>>>>
>>>> I read last night that apparently gfx cards can now be used =
to
>>>> hack WEP and WPA networks with relative ease. Anyone coming to the =
meeting
>>>> tomorrow care to discuss setting up a VPN with the usual DSL or =
Cable
>>>> router/modem setup? I am a bit confused as to where the VPN sits =
in terms
>>>> of setup.
>>>>
>>>> I figured this might be a good discussion topic!
>>>>
>>>> _______________________________________________
>>>> QCLUG mailing list
>>>> QCLUG@qclug.org
>>>> http://qclug.org/mailman/listinfo/qclug
>>>
>>
>>
>>
>> --
>> From:
>> Arron James Lorenz
>> Reel to Reel Drive In
>> http://www.DavenportDriveIn.com
>> 563-579-7046
>
>
>
> --
> From:
> Arron James Lorenz
> Reel to Reel Drive In
> http://www.DavenportDriveIn.com
> 563-579-7046
>
_______________________________________________
QCLUG mailing list
QCLUG@qclug.org
http://qclug.org/mailman/listinfo/qclug
---------------------- multipart/alternative attachment
An HTML attachment was scrubbed...
URL: http://qclug.org/pipermail/qclug/attachments/09130d76/attachment.htm
---------------------- multipart/alternative attachment--