Yes it does, using obvious character replacements, @ for a, 5 for s, 3 for e, makes it easier and especially using a form of "password" in the password itself.
No it doesn't. That's the reason behind convoluting names like that - it increases the number of possibilities per character from x^26 to x^[However many characters are in the character set you are using]
Yes it does, using obvious character replacements, @ for a, 5 for s, 3 for e, makes it easier and especially using a form of "password" in the password itself.
It's because dictionaries and pre-computed rainbow tables exist for most common passwords (using a lot of the default SSID's). Including a good chunk of the 2wire (AT&T Uverse RG) which uses a numeric only WPA2 key 12 character or so i length, with default SSID's like "2WIRE049"). If you don't think the leetspeakized tables exist you haven't looked very hard. Thus leetspeaking with obvious methods, (all vowels numbers, all 5's $'s) and various versions of password (p@ssw0rd, p@$$w0rd, passw0rd, etc) are alll done by this point for a number of the SSID's. Thus stlcardinals has a (fairly weak) point. It has become "easier" (actually less time-consuming) to crack the more obvious and clever obfuscations.
Another thing that I didn't see mentioned is that you don't need to physically be at the location for a very long time. The only thing you need is to log the 4-way handshake when a client associates. And with the right card you can packet inject disconnects, which force the client to re-associate, minimizing the time needed onsite.
Just for reference - a ten-digit phone number as a WPA2 key took my q6600 and GTS250 card about 8 hours to get, after 3 minutes on the laptop to get the handshake. Yes I limited to only numbers as I knew the key (my stuff). If I had to do alphanumeric + special chars I'd still be plugging at it.
What in the world are you arguing? SSID is the biggest myth? No, SSID is a real term, not a myth (lol?).
As Slugbait said, not broadcasting the SSID and using MAC Filtering does virtually nothing for you except delay an attacker and make your life harder when people want to connect to your network.
-GP
iM AGREEING ON THE ssid MATTER hence the two two parts in the reply. SSID is one of the biggest myth in thinking it has something to do with keeping your wi-fi secure.
What you got no clue about are those programs good indication your a windows GUI customer. Try linux and a command line you will find those programs have lot more functionality that you tried to described there.
You mustcapture the WPA/WPA2 authentication handshake and then use aircrack-ng to crack the pre-shared key. only plain brute force techniques can be used against WPA/WPA2. Reason for that because the key is not static, so collecting IVs like when cracking WEP encryption, does not speed up the attack.
http://www.icsalabs.com/icsa/docs/html/communities/WLAN/wp_ssid_hiding.pdfThere wasn't 2 parts to that reply - there wasn't even a period in the entire thing!
I'm really not getting into a debate about credentials with you. I'm not the only person that has told you that you are wrong in this thread or other threads. You post around with stream-of-conscious posts that typically include a bunch of terms that you haven't yet proven that you fully understand and insult those who correct you.
You are correct on the second point, though it is basically restating the flaw that bobdole369 and I were talking about and acknowledging that massive packet capture is pointless with WPA based authentication protocols.
-GP
SSID is the biggest myth in trying to secure a wireless.
It's more than just the link that doesn't work...and that should be common knowledge by now.First off, your link doesn't work.
All that aside, unless you can guess the password, WPA2-AES is virtually immune to a brute force attack. Rainbow Tables are the only things that have *theoretically* had *some* success against the AES256 encryption employed by WPA2 Personal.
Which of the following two passwords is stronger,
more secure, and more difficult to crack?
D0g.....................
PrXyc.N(n4k77#L!eVdAfp9
Simply if you are looking for a security for your WiFi. Then you do not need to look around anywhere else, as VPN is the only thing that can help you in this. VPN encrypts all of the data from end user to other network. It is the best security measure for internet users
When you say 'virtually immune to a brute force attack', what you actually mean is the only known attack on WPA2 is brute forcing. And if you use a strong enough key, it becomes VERY difficult to brute force WPA2.
Gibson makes the good point that randomness in a key is less important than length and character set size. If you use upper and lower case, numbers, and symbols, you can have repeating characters and still have a strong password. The key is the fact that password cracking doesnt let you reveal one character at a time like hollywood movies might lead you to believe. When you try a password you get a 'yes it worked' or 'no it didnt'. So you still need to test every possibility.
Password brute force calculator, https://www.grc.com/haystack.htm
Always assume someone is looking at your data once it leaves your network.
you got no clue
SSID is the biggest myth in trying to secure a wireless.
Yep. What I see even at the borders of trusted partner networks makes me go hmmm. When you have private B2B connections and see Chinese internet cafes IP addresses blocked for SSH, jeez.this couldnt be more true! i have lived by this rule for a decade now.. it seems to work. thankfully most website automatically do the secure handling thing when its needed.