iPhone X review
We all know WEP is better than nothing but can be cracked easily by a serious hacker. I'd always thought WPA was secure. However this article click here shows both can be cracked and WPA can be cracked with less packets (provided they are the right packets).
WPA is secure provided you use a key that is not vunerable to brute force attacks.
i.e. if you use the password "12345" you are not really securing youself against a determined hacker. That would keep someone out for about 5 seconds.
Use a long random jumble of stuff - not in a dictionary, and WPA soon provides security that becomes unfeasible to break.
Use something like this: "X%b!]P^FX$I2* vvy<'N*.},[email protected]=+$?%9}M05&GK9h~mj02d$gK"s""
and you are about as safe as you can be with the theoretical time taken to crack it measured in eons, even on the a supercomputer.
Needless to say you don't try to memorise these passwords, you stick them in a notepad doc and save them on your PC, then copy and paste when you need to use it. If someone can get to that file your wireless security is the least of your problems.
Estimates of cracking times for various length & types of passwords and methods of attack see click here
The Security Now podcast bentioned above gives an excellent coverage of this and is a really worthwhile listen if you want to know more about comp security.
Interesting answers. So it's all in the Password! Makes me feel a little more secure.
Based on dms05's link, a class F attack on my network would take around 82,415,873,180,880,076.8 years. That'll do for me!
This encryption stuff gets very interesting if you look into it.
If the technology is designed and deployed correctly (it wasn’t using WEP) its strength has foundations determined by really difficult mathematics (factoring prime numbers), We need as yet unimagined advances in maths or some sort of truly weird quantum computing tech before this situation changes.
This is why Hackers just use brute attacks that involve just firing wordlists at the problem and hoping that one works - the reason why dictionary words and low length passwords are bad.
It is why the UK government is talking about enforcing Part 3 of the Regulation of Investigatory Powers Act that forces people to give up their encryption keys upon demand or go to jail.
If a government or other organisation had some sort of clever way to do this it wouldn’t be necessary to pass a law. It would also mean that they would be sitting on, and keeping secret a major advance in mathematical theory.
So you (or your friendly neighbourhood terrorist) can lock down your wireless networks with WPA, your internet communications with VPN, your email communications and your data, with readily available, often open source, security products, and provided you do it properly, be secure.
But if someone really wants to at this stuff the threat will come from key loggers or similar physical old-fashioned snooping.
Excellent web links! Thanks!!
This thread is now locked and can not be replied to.