my isp gave me a crappy rebranded modem that *thinks* it's a router.
my isp gave me a crappy rebranded modem that *thinks* it's a router.
It's true that WPA is less supported than WEP, but with the exception of devices like a PSP or DS, almost all wireless NICs support it out of the box and if they don't there's usually a firmware or software upgrade to enable WPA support. Even my phone supports WPA. The whole purpose of the design of WPA was to make a more secure encryption scheme without breaking compatibility with older hardware.Originally Posted by Discord
A 40 bit WEP key can be cracked in about a minute, and not much longer for longer keys. You don't need to use bruteforce because you can decrypt the IP datagrams to obtain the key. The only algorithm that actually implements any sort of "banning" is WPA because the developers knew it would have to comply with older hardware and couldn't be as strong as they needed it to be. Banning a particular client is almost useless anyway, since a MAC address is easily spoofable.
WPA is more secure, no questions there. I still doubt that one can take out a WEP code in a minute though. Plus, where did you get the number 40 from? They're all either 64 or 128 bit based.
64 bit encrypted WEP uses a 40 bit key.
From a quick google search:
Under 1 minute for 104-bit keys (or 128-bit encryption) sounds insecure to meWEP is a protocol for securing wireless LAN. WEP therefore uses the RC4 stream to encrypt data which is transmitted over the air, using usually a single secret key (called the root key or WEP key) of a length of 40 or 104 bit.
We were able to extend Klein’s attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40 bit keys too with an even higher success probability.If you want to get your hands on such software to prove it for yourself, just look around for the linux distro BackTrack, it's a bootable ISO image too so you don't need to install anything
Time to switch to WPA then...
Not that I have any shared folders or anything worth taking, other than my bandwidth anyway.
Bandwidth is usually what people who run botnets, spamnets or illegal xdcc/ftp servers want anyway, not your personal files
256bit WPA please.
everything is wrapped in gray
i'm focusing on your image
can you hear me in the void?
Well, it certainly does matter for somebody using a laptop with the latest feedback from the accountancy and project management departments. Most companies don't want that data out in public and, mind you, there are enough people who want it dearly.Bandwidth is usually what people who run botnets, spamnets or illegal xdcc/ftp servers want anyway, not your personal files
This of course doesn't apply for the casual home PC.
My encryption is a dead end road with a 'no trespassing' sign and dead cow skulls hanging up, and neighbors who all have their own internet.
Posting Permissions
Reply With Quote
