Is your network safe? Almost all of us prefer the convenience of Wi-Fi over the hassle of a wired connection. But what does that mean for security? Our tests tell the whole story. We go from password cracking on the desktop to hacking in the cloud.
Test Setup
References in this article to WPA can be read as "WPA/WPA2." Furthermore, the techniques used in this article are unaffected by TKIP or AES encryption.
Kingston Hyper-X 8 GB (2 x 4 GB) DDR3-1333 @ DDR3-1333, 1.5 V
Crucial DDR3-1333 8 GB (2 x 4 GB)
Hard Drive
Samsung 470 256 GB
Seagate Momentus 5400.6 500 GB
Graphics
Palit GeForce GTX 460 1 GBNvidia GeForce GTX 590AMD Radeon HD 6850AMD Radeon HD 6990
Nvidia Quadro NVS 3100M
Power Supply
Seasonic 760 W, 80 PLUS
-
Network Card
AirPcap Nx USB Adapter
AirPcap Nx USB Adapter
System Software and Drivers
Operating System
Windows 7 Ultimate 64-bitBacktrack 5 64-bit
DirectX
DirectX 11
Windows Drivers
AirPcap 4.1.2Catalyst 11.6Nvidia 275.33
AirPcap 4.1.2
Linux Drivers
Catalyst 11.6Nvidia 275.09.07
-
Swipe to scroll horizontally
Software
Cain & Abel
Version: 4.9.40
Aircrack-ng
Version: 0.70
Elcomsoft Wireless Security Auditor
Version: 4.0.211 Professional Edition
Pyrit
Version: 0.4.1-dev
The majority of tests in this article were performed in the field, facilitating an exploration of network security under real-world conditions. There were a few situations where the signal strength of our target network prevented us from proceeding further in our experiments, though. In those rare cases, we used our Cisco Linksys E4200, which we set up to use 802.11g at 2.4 GHz.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
runswindows95The 12 pack of Newcastles works for me! Give that to me, and I will set you up on my wifi! Free beer for free wifi!
Then either beer at your place is really expensive or internet is really cheap. Need 6x12 pack for me.
Thanks for another article that obviously took a lot of work to put together. The last couple of articles on WiFi and archive cracking were all excellent reads, and this is a welcome addition.
"Why? Because an entire word is functionally the same as a single letter, like "a." So searching for "thematrix" is treated the same as "12" in a brute-force attack."
This is an extremely wrong conclusion. Extremely wrong.
What about the permutations of the words?
i.e ape can be written:
ape, Ape, aPe, apE, APe, aPE, ApE, APE.
Thats 2^3=8 permutations. Add a number after and you get (2^3)*(10^1)=80 permutations.
You can write PasswordPassword in 2^16=65536 ways.
How about using a long sentence as a password?
i.e MyCatIsSuperCuteAndCuddly, thats 2^25 permutations :)
Any word on MAC address filtering?
Can you scan for the MAC addresses? It's probably easy to get and fake MAC adresses, or it would have been mentioned.
*scans networks*
12 networks here,
1 still using WEP
10 allowing WPA with TKIP
only 1 using WPA2 with AES only (my network)