WEP and WPA - How secure

  dms05 07:17 24 May 2006

We all know WEP is better than nothing but can be cracked easily by a serious hacker. I'd always thought WPA was secure. However this article click here shows both can be cracked and WPA can be cracked with less packets (provided they are the right packets).

  keewaa 09:45 24 May 2006

You might find episode 13 relevant click here

  ghm101 10:14 24 May 2006

WPA is secure provided you use a key that is not vunerable to brute force attacks.

i.e. if you use the password "12345" you are not really securing youself against a determined hacker. That would keep someone out for about 5 seconds.

Use a long random jumble of stuff - not in a dictionary, and WPA soon provides security that becomes unfeasible to break.

Use something like this: "X%b!]P^FX$I2* vvy<'N*.},[email protected]=+$?%9}M05&GK9h~mj02d$gK"s""
and you are about as safe as you can be with the theoretical time taken to crack it measured in eons, even on the a supercomputer.

Needless to say you don't try to memorise these passwords, you stick them in a notepad doc and save them on your PC, then copy and paste when you need to use it. If someone can get to that file your wireless security is the least of your problems.

Estimates of cracking times for various length & types of passwords and methods of attack see click here

The Security Now podcast bentioned above gives an excellent coverage of this and is a really worthwhile listen if you want to know more about comp security.

  dms05 10:40 24 May 2006

Interesting answers. So it's all in the Password! Makes me feel a little more secure.

  Mr Mistoffelees 14:03 24 May 2006

Based on dms05's link, a class F attack on my network would take around 82,415,873,180,880,076.8 years. That'll do for me!

  Mr Mistoffelees 14:06 24 May 2006

ghm101's link.

  ghm101 14:58 24 May 2006

This encryption stuff gets very interesting if you look into it.

If the technology is designed and deployed correctly (it wasn’t using WEP) its strength has foundations determined by really difficult mathematics (factoring prime numbers), We need as yet unimagined advances in maths or some sort of truly weird quantum computing tech before this situation changes.

This is why Hackers just use brute attacks that involve just firing wordlists at the problem and hoping that one works - the reason why dictionary words and low length passwords are bad.

It is why the UK government is talking about enforcing Part 3 of the Regulation of Investigatory Powers Act that forces people to give up their encryption keys upon demand or go to jail.

If a government or other organisation had some sort of clever way to do this it wouldn’t be necessary to pass a law. It would also mean that they would be sitting on, and keeping secret a major advance in mathematical theory.

So you (or your friendly neighbourhood terrorist) can lock down your wireless networks with WPA, your internet communications with VPN, your email communications and your data, with readily available, often open source, security products, and provided you do it properly, be secure.

But if someone really wants to at this stuff the threat will come from key loggers or similar physical old-fashioned snooping.

  ade.h 15:35 24 May 2006

More useful techie reading:

click here for WPA2 spec.
click here for AES.

  Danoh 17:15 24 May 2006

Excellent web links! Thanks!!

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iPhone X review

Political cartoons in 2017: Chris Riddell, Rebecca Hendin and Dave Brown on what it’s like to…

The best iPhone for 2017

Tennis : comment regarder la finale de la Coupe Davis 2017 ?