Hacker News new | comments | ask | show | jobs | submit login
How I cracked my neighbor's WiFi password without breaking a sweat (arstechnica.com)
240 points by laxk on Aug 28, 2012 | hide | past | web | favorite | 141 comments

No doubt, this neighbor should have changed his password long ago, but there is a lot to admire about his security hygiene nonetheless.

I think it's taken too much for granted that one should change passwords on a regular basis. If we assume that changing passwords more frequently means that we are more likely to use more rememberable - and, thus, more guessable - passwords, then perhaps this is not a fluke. Perhaps "pick a truly random, long sequence and keep it for a long time" is not actually bad policy.

In short, I find it odd that the author unquestionably says his neighbor should have had different password behavior, yet it was the only password he couldn't crack. That's an opportunity to revisit assumptions.

One should change passwords on an irregular basis (a regular basis is weaker protection than an irregular basis). This is just an additional layer of security, not a perfection. If the password has ever been compromised, a password change policy removes the key from bad hands. Discovered passwords are not always immediately used; in many situations, they are stored for later use, perhaps even sold/traded.

We shouldn't make such proclamations based on reasoning along. Security policy that involves human behavior depends extensively on what humans do. So while a particular security policy may be the safest, most rational thing to do, it may fail in practice if people execute it poorly.

So, if it is true that when people regularly change their passwords, they pick poorer passwords, then perhaps those poor passwords are a larger risk than the risk of maintaining a compromised password. Again, this is not a question of what is the most rational policy. It is a question of human behavior, which means in order to find an answer, we need to study what people actually do.

I googled to see if I could find studies on this, and I did: "The True Cost of Unusable Password Policies: Password Use in the Wild" by Philip Inglesant & M. Angela Sasse: http://www.cl.cam.ac.uk/~rja14/shb10/angela2.pdf I have yet to read it in full, but they do touch on this idea at least some.

Cryptography in it's own principals are based on probability. If ignoring physical access attacks, social engineering attacks, etc are acceptable to you then yes, you can keep a "good" password for a long time. You also have to accept that out of all possible attacks accounting for nothing but brute force and basic dictionary attacks is 'enough' then you should also acknowledge the risks.

I think you're missing my key point: you have to compare two different risks, based on observation. The first risk is the risk of continuing to use a compromised password. The second risk is the risk of users introducing weaker passwords because they continually change them. We can use our reasoning to come up with a decent probability for the first risk. We cannot do so for the second risk, since it depends on how people behave. We must study people to assign a number to the second risk.

I think I see your point but you have to admit you haven't really established a foundation for your argument. You seem to feel (and I may be wrong of course) that one person selecting a fairly secure pass phrase once would be much more secure at any single point in time rather than a hap-hazard, dictionary based pass phrase that in comparison would be likely trivial to compromise at that same point of time. If that is indeed your point you do convey a valid point.

I just ask that if you advertise this method as somehow ideal then please allow for your audience to appreciate it as it is, an "if all else fails it's better than nothing" approach.

You've almost got it, but you've missed the main subtlety: I'm asking a question, not making a statement. I'm not advocating what we should do. I'm stating that what we should do is actually unknown because we don't have all of the information. Specifically, we don't know human behavior when it comes to rotating passwords. If it turns out that people actually choose good passwords under a rotating password policy, then we should keep the rotating password policy.

My only prescription is to say, instead of telling everyone "this is how you should behave" in order to achieve the best security, we should design our security policies based on how people actually behave. My assertion here is that if we do this, we will end up with better actual security than if we came up with a policy that, on paper, is better, but is not well implemented by people in the wild.

How often do you rekey your house?

I put a keylock on my window and tripwired a claymore to my door. Problem solved.

Edit: In all seriousness, wouldn't it be logical to keep records of all IP addresses that attempt/login to the system. If you frequently see attempts made from one IP address, or IP group (ISP block) then simply prevent them accessing the login.

Further, for Wifi, wouldn't it be logical to record the MAC codes of computers trying to access the network and if one you don't recognize is frequently trying to access the system, simply block it.

It's not foolproof. Actually it probably is. It's not true security against a determined person (proxies and MAC spoofing), but then a good password protects you against fools and often not skilled individuals. A key logger on an insecure computer clearly trumps any password.

In all seriousness, wouldn't it be logical to keep records of all IP addresses that attempt/login to the system.

If you mean specific to WiFi, then no, it wouldn't be logical - often the WiFi access point acts as a DHCP server and assigns an IP. If you mean more broadly, then yes it would - see [1].

Further, for Wifi, wouldn't it be logical to record the MAC codes of computers trying to access the network and if one you don't recognize is frequently trying to access the system, simply block it

No, MAC addresses are trivially spoofable (as you note), and in some cases I believe this spoofing is automated. MAC blocking isn't a real security feature at all.

[1] http://www.fail2ban.org/wiki/index.php/Main_Page

Just like in work, after every major relationship status change :)

Every time I move.

Your point is well taken, though.

If we are talking about system passwords (router or otherwise), there's a good chance you'll just be left with something malicious (ex. key logger) that is going to render null your irregular change of passwords. Regardless, irregular updates is just another form of security by obscurity. What if your password is cracked at the beginning of an irregular cycle?

The only reason one should have to change their password is if it is significantly weak -- "crackable" -- or they enter it manually -- it is visible -- in front of others a significant number of times for them to "record" the strokes. Good password managers, more or less, solve both cases.

If using a significantly good password, from the beginning, it is pretty unlikely that anyone would go through the trouble or have the opportunity to watch you enter your password. To me, it only makes sense to change a WiFi password for the following reasons:

a) you care if people are using your network, or you do not simply keep track or whitelist-only of machines that have negotiated with your router

b) you use a short -- "crackable" -- password

c) someone can peer into rooms were they might spy on you entering your WiFi password

d) (c) happens enough that they can make out the whole password

For typical passwords -- desktops, laptops, email, etc -- it makes sense to change passwords (and use a password manager), but only for those things that really matter. Otherwise, there is probably not a lot of undo-able harm that can come of someone having access to your account(s) on <forum du jour>.

When addressing various physical home security issues, I came to the realization that if a trained team of attackers equipped with body armor and night vision broke into my home, the issue escalated beyond anything I could sensibly prepare for.

The article reminded me of that. If someone attacks my home wifi with network sniffing hardware, sophisticated password guessing tools, hours of planning and execution, etc then, well, the issue escalated beyond anything I could sensibly prepare for.

I realize these computing tools are easy to come by and not terribly hard to use. Ditto body armor, night vision, and combat training. And if someone is inclined to apply them against my pathetic existence, I'm screwed. Planning for such events is pretty pointless, I have other things to do.

A physical assault carries a high chance of being noticed, and unless carried out by law enforcement, a significant chance of being punished with jail time. So it's not something that has a high chance of happening. Additionally, it's hard to defend against, and you definitely don't want to defend against a SWAT team.

Whereas a bored teenage neighbor could attack your wireless network with a very small chance of being detected. Or with a sensitive directional antenna it doesn't even have to be your neighbor if the goal is just to sniff traffic. Plus, the only cost to you in defending against this attack is entering a more complex password on new devices. Stick a note on the fridge or choose a phrase.

I'm no security expert, but after I saw each new wifi password standard cracked within days of its release, I stopped passwording my wifi and used a little script I put on a home linux server to watch the router and if it spotted any unrecognized MAC addresses getting an IP address from DHCP, it would throw them out within a few seconds.

These days, I just turn on the MAC address filter that's built in to most wifi base stations. Now, unless I've manually entered your MAC address into my whitelist, my router won't connect you. My wifi shows up as "open" to any machine that passes by, yet it won't connect.

Many (most?) of you know more about security than I do. How secure is the MAC address whitelist approach compared to a password approach?

A few thoughts

* WPA2 hasn't been 'cracked' * Without 'passwording', all your traffic is unencrypted and can be trivially sniffed * Spoofing one of your whitelisted MAC addresses in order to use your network is easy

First: thanks to ALL of you who answered. This was very informative. If I understand correctly:

1) I would define something as "not cracked" if it is as strong as its password--in other words, there's no way to circumvent it that isn't a general vulnerability (peek through my window, get a keylogger on my machine, etc.) I assume you're telling me that this is the case with WPA2.

2) It sounds as though you are saying that something like WPA2 doesn't just authenticate a login but remains in use as an encryption key for subsequent wireless data interchange between client and base station. If I'm understanding correctly, that's a powerful point.

3) I knew that MAC addresses could be spoofed, but I was thinking they wouldn't know WHICH MAC address to pretend to have. Of course, if I'd been a little smarter, I would have noticed that my own linux process was using the MAC address a client claimed to have to throw out unrecognized machines (before I had MAC address filtering as a built-in router feature). If they were sending their MAC address to me, then my own client machine would be sending its MAC address in clear text to them, telling them which MAC address to pretend to have. Duh.

Well, I feel a little dumber and a little smarter. Time to go change my network. Thanks again.

It is also trivial to see which MAC addresses are associated with which APs.

This approach is very easy to bypass by any knowledgable hacker.

Since you said your WiFi is open, the only thing that needs to be done is fire up the aircrack-ng airdump and sniff, there I would see your MAC, in the clear. Then I could set my own to it or select any other mac I have seen connecting to for a longer while ,and use it and access your router and add my other mac on its whitelist.

This works great until someone comes along and spoofs the MAC address of your base station. Then the real fun begins.

Someone's said in the Ars Technica comments that MAC addresses are freely available in the packets-in-flight, and MACs are spoofable, so MAC filtering will only deter the casual, passing wifi-borrower, not anyone actually determined to gain access.

> MAC filtering will only deter the casual, passing wifi-borrower, not anyone actually determined to gain access.

Isn't that true of WPA and WPA2 though also?

WPA2 with good password, at least, would put up a non-negligable barrier in terms of the number crunching required; in contrast, getting around MAC filtering would take effectively no time at all.

WPA2 is as strong as the password used on it, so it can easily be strong enough to deter any attacker from that perspective.

The only in-the-wild attacks against WPA2 are variations of brute-force attacks.

There are precomputed rainbow tables of common SSID+passphrase combinations floating around, but as a general rule, WPA2 with a sufficiently complex passphrase should be secure against anyone who doesn't have a massive compute cluster at their disposal.

This provides no security at all. A good solution would be to use a VPN like OpenVPN; i.e., you treat the wifi as an insecure channel just as the internet, and only after connecting to the VPN you would be able to get to the internal network and the uplink.

Unfortunately, MAC addresses can be spoofed by a dedicated attacker. It prevents your neighbor from using your connection without paying, until they decide to listen to what your address is and then just use your address when you go to bed.

I'm chagrined to admit that this simple approach didn't even occur to me. I'm interested as well; are there any disadvantages to this?

It's a terrible way to secure a network. MAC addresses are easily spoofed, and without encryption anyone can sniff your traffic anyway. Even using WEP is better since then there's (usually) a requirement to see a connected client for longer than a few seconds in order to break the encryption. The only reasonable approach for a home network imo in practice is WPA2 PSK with a decent password.

Convenience. Easier to give a visitor a password than get the device's MAC address and enter it into the router's whitelist.

a bored teenage neighbor could attack your wireless network

He would have to be very bored indeed. Singling out my home to spend considerable time at an inconvenient in-range location to crack passwords to access ... what, exactly? view pictures of my toddlers? copy my slightly deranged music collection? If he's looking for free network access, he can go down the street and get it from McDonalds or Starbucks or wherever while sitting in a comfortable chair sipping a soda.

I realize a bored teen is different from a SWAT team. Both, however, would need unusual motivation to turn their talents on my abode.

>network sniffing hardware

a large fraction of normal wifi devices that can be set into a proper receiving mode

>sophisticated password guessing tools

some password cracker they downloaded in minutes

>hours of planning

pressing a button or typing a couple commands

>and execution

taking a nap

It's not hard to secure a network from extremely simple attacks. At least for now.

And that analogy is nonsense. Body armor, night vision, combat training don't help them break into a house. At best it'll get them past the armed guards you don't even have.

The analogy is fine.

Walk into a well stocked military surplus store and you can walk out with all the tools you need to break into a house in short order, and trust me it doesn't take long to learn how to use them well enough.

The point is that once someone is determined enough to get into either your home or network, it doesn't take much to reach a stage where the owner has to go to great lengths to resist a very unlikely occurring, but very likely successful, attack.

Like locks at doors, only meant to desuade the random amateur. Given enough dedtermination, preparation, tools and skills one can enter anything.

But since I'm not the Pentagon I don't live in nuclear bunkers and don't employ regiments of cybersecurity people. I uess the risk of being cracked by pros is just part of the normal risk of live.

My point is that you don't need any tools to break into a house. Kick in a door or throw a rock through a window. That is why the analogy is bad. Someone has to be very determined at breaking in to buy all those things. Someone has to be very determined to break into a secured network.

But someone does not have to be determined to break into the average house. And they do not have to be determined to break into a network that is misconfigured.

Using WPA2 with a long password and turning off WDS makes a network safe from direct attack.

You know, at the cost of $2,500 per year, (although I can't actually find where to purchase the software) you'd probably be better to just YouTube some kid's backtrack tutorial.

Or get better at social engineering.

What software are you talking about? CloudCracker?

Using the Silica wireless hacking tool sold by penetration-testing software provider Immunity for $2,500 a year, I had no trouble capturing a handshake established between a Netgear WGR617 wireless router and my MacBook Pro.

Using the aircrack-ng suite you can do it for free.

That's exactly what this article points out in the very next sentence after the section I quoted.

Read the article, or view it and press CTRL-F and type $2,500.

I have successfully cracked a couple of Routers using Reaver. Reaver Leverages a bug in WPS (wifi protected setup) http://arstechnica.com/business/2012/01/hands-on-hacking-wif... It's way faster than brute force or dictionary attacks.

People are still really surprised when I offer to crack their neighbors' wifi passwords for them - "You can do that?". We've only been at it for over 10 years now.

>What's more, WPA and WPA2 passwords require a minimum of eight characters, eliminating the possibility users will pick shorter passphrases that could be brute forced in more manageable timeframes

Should I point out that 'password' is 8 characters :) Have there been studies done that attempt to test the hypothesis that when forced to pick passwords that meet some arbitrary complexity threshold most common users pick things like "password1"? I have a hard time believing most non-techies (heck, even a lot of techies) pick secure passwords.

One of the things I try very hard to drive home to people is that WPA2 uses a passphrase and not a password.

I highly encourage people to use something like a favorite movie quote or a line from a book. Something like "Alas, poor Yorick! I knew him Horatio;" is both harder to crack and easier for a human to remember than something like "v3$bk:j".

You're essentially taking natural language, which is something humans are pretty adept at remembering, and turning it into a direct mnemonic for a more complicated passphrase.

Obligatory xkcd: http://xkcd.com/936/

The problem with movie quotes and lines from books is that they're out there in a database somewhere. That means they're not nearly as hard for a computer to guess as you might think.

WPA2 keys hash the passphrase and the SSID.

The precomputed tables that make cracking WPA2 feasible have to not only target passwords, but password+SSID combinations as a result.

I think you're grossly overstating the relative weakness of a longer passphrase. The more obscure, the better, obviously, but the chances of any given quote or phrase of any length appearing in a precomputed table are relatively minimal.

More importantly, any variations in punctuation, capitalization, spacing, etc would make a precomputed table worthless while still making the passphrase far easier for a human to remember than a random string of 8 characters.

> More importantly, any variations in punctuation, capitalization, spacing

Alternatively, exact spacing, punctuation, etc. limits the human advantage of remembering phrases ("Wait, was that a capital A before the comma? Do you use two spaces between the sentences?").

This is the exact reason I've had a hard time with long pass-phrases and often generate a unique string and rely on physical protection.

It's worth noting that if we stripped whitespaces (and possibly some other common "could go both ways" features), we may be able to encourage people to choose higher entropy passwords.

>Alternatively, exact spacing, punctuation, etc. limits the human advantage of remembering phrases ("Wait, was that a capital A before the comma? Do you use two spaces between the sentences?").

Then append a random character at the end.

The point is that any variation whatsoever from what's included in the precomputed table renders the table useless while being easier to remember than a purely random string of characters.

> "variations in punctuation, capitalization, spacing"

... have the same problem as a random string of characters. You have to remember which letter it was you capitalized, where you put the semicolon in place of the comma, and so on.

From a human-memorable standpoint, that's no better than using an actually randomly generated passphrase. It's no better from a computer-guessable standpoint, either. So instead of trying to create a new scheme for generating passwords like "mangle a movie quote", you're better off just using the xkcd method / passphra.se

> From a human-memorable standpoint

Not to derail your point, but who needs their WiFi password to human-memorable? Tape it to the bottom of the router like the rest of us.

>From a human-memorable standpoint, that's no better than using an actually randomly generated passphrase.

Are you seriously arguing that "The quick brown fox Jumps over the lazy dog!" is less human-memorable than "dlLejs$sAgkCnzklS%9sxckAAnvk"?

Any variation from what a precomputed table expects renders the table useless.

>It's no better from a computer-guessable standpoint, either.

Besides the increased key space that has to be attacked?

> "Are you seriously arguing that "The quick brown fox Jumps over the lazy dog!" is less human-memorable than "dlLejs$sAgkCnzklS%9sxckAAnvk"?"

I didn't say "password", I said "passphrase". Something like "breath red long provide" or "itself even willing establish".

If you're using memorable movie quotes or Shakespeare quotes or anything else that you could find on wikiquote, your keyspace is going to be smaller than what you get from stringing 4 random words together. You can try to grow that keyspace by adding in variations, each of which will get you a few bits of entropy, but those variations come at the cost of memorability.

It's counterproductive to start with a non-random phrase like a quote, and then try to add randomness on top of it. If you want both entropy and memorability, use a randomly generated passphrase (via http://passphra.se or by using dice and a dictionary) instead of piecemeal randomness-on-top-of-non-random-quotes strategies.

>It's counterproductive to start with a non-random phrase like a quote, and then try to add randomness on top of it.

The primary attack vector against WPA2 keys is via precomputed tables. If your concern is about your SSID+passphrase combination appearing in one of these tables, any variation whatsoever from the "canonical" version somebody might pull from, say, a database of quotes is negated and they're forced back to square one of a pure brute force attack which the increased key space makes more expensive.

The point I'm trying to make here is that you can negate that attack vector by just using an xkcd-style passphrase, which always works, and which is typically more memorable than a mangled quote.

The xkcd-style passphrase is simply better than ad-hoc solutions.

The thing is, your entire line of argument is predicated on the quote approach being vulnerable to a dictionary-style attack. In order for that to be the case, both the SSID and the exact quotation used have to match, otherwise the attacker is forced back into expensive brute force attacks. Any unique element, whether intentional or not, renders that vulnerability null.

The xkcd approach certainly works, but the arbitrary, random nature of it is going to make it difficult for some people to remember. The quotation approach is just leveraging the fact that people spend their entire lives using language as a logical framework to simplify remembering things.

Either is going to be vastly more secure than a random string of characters.

My line of argument is more complex than you give it credit for. It has 3 major components:

- if you do not include "unique elements" (that is, you quote straight from wikiquote or similar), a quote is less secure than 4 random dictionary words due to being subject to wikiquote-driven dictionary-style attacks.

- if you include intentional and unique modifications, a quote from a public work like a movie or play is not particularly easier to remember than something from passphra.se or similar. Once you have to remember what you spelled/capitalized/punctuated in a nonstandard way, what have you really gained?

- if you include unintentionally unique elements (a word you always misspell), or elements that aren't really unique (you always append the same character), then your passphrase is vulnerable to a dictionary-like attack by an attacker who has some knowledge of you, particularly one who you've told your scheme to.

The key to the xkcd-style passphrase is that it remains secure even against an attacker who knows how you generated it, and who knows your personal tendencies. It's a completely universal, memorable, secure scheme.

Movie quotes are secure and memorable enough the majority of the time -- vastly more secure than using your kid's name, vastly more memorable than a string of random characters. But it seems to me like you're advocating a second-best security practice when we already have a best one.

>then your passphrase is vulnerable to a dictionary-like attack by an attacker who has some knowledge of you, particularly one who you've told your scheme to.

That's the thing right there: the difference in practical vulnerability all but requires an attacker to have a certain level of omniscience and access to a massive database of any conceivable permutation of any fragment you might choose of a huge number of works.

>But it seems to me like you're advocating a second-best security practice when we already have a best one.

I'm advocating what can be efficiently communicated to a non-technical user that gets them to use something better than the short keys they'll tend to use otherwise.

What's more likely to stick with a 40 year old office coworker that asks how to secure their wireless network? A scheme that seems nonsensical on surface that requires a comic and basic grasp of what a keyspace is to understand, or the suggestion to "use a sentence from something you like that you'll easily remember?"

Either one is going to stop all but the most determined of attackers. I don't see the point in confusing the issue for them.

On the one hand, you're saying that it's a huge keyspace because you might choose from such a huge number of works and there are so many possible variations. My criticism of that version of your idea is that those variations are as hard to remember as random words.

On the other hand, you're telling people "use a sentence from something you like", which is likely to result in only the smallest exploration of that keyspace -- the most popular lines out of the most popular shows or movies, with only a small number of capitalization or punctuation variants. If people are going to pick things like "to be or not to be" or "I can kill you with my brain", then you're suggesting something that's not particularly secure (and may already be contained in many dictionary attacks).

So the approach you advocate is fundamentally insecure, which you've argued can be made secure by adding exactly the sort of measures that confuse the issue for the people you say will benefit from the approach.

Here's an easier approach: tell people "anything you can find in a dictionary or on a list of quotes, hackers already have on their computers. To make a password hackers don't already know about, you need to put some random words together." Then point them to passphra.se and tell them to hit "generate another" until they get something they like. They can even add in more words to make it more memorable, or mix their random words into a movie quote ("I can melt you with my smoky vegetable universe", in River Tam's voice... creepy and memorable.)

In other words, instead of starting with "memorable" and then trying (and probably failing) to add enough entropy without sacrificing memorability, start with enough entropy and then make it memorable.

My understanding is that when people build password-cracking dictionaries, they include common permutations in the script. That is, for the dictionary word "dolphin", the script puts in "Dolphin" and "d0lph1n" and so forth. I'd be very surprised if someone building a table based on common quotations didn't do the same thing. I mean, how many memorable punctuation-mangling strategies are there on a common phrase anyway? I can only think of a few, right off; they're probably the ones most other people would think of, too.

There is a very serious tendency to overestimate how clever and creative you can be in the 90 seconds you spend thinking about a password. Odds are, the "random" thing you're doing is the same random thing that a lot of other people are doing. And it's in someone's script somewhere.

If you roll dice, instead of trusting your brain to be clever, you know what you have is random and hence secure.

>I mean, how many memorable punctuation-mangling strategies are there on a common phrase anyway?

How do you define common? The person has the entirety of literature, movies, music, etc to draw from. They might select any given fragment of a work, and the attacker has no way of knowing where the fragment begins or ends.

Is a purely random key strictly more secure? Sure.

But my goal isn't to get the purest possible level of security; it's to get normal people to use something more complex than the 8-14 character passwords they generally use now. I'm certainly not claiming it's perfect, but it's a simple to understand scheme that most non-technical users will be able to understand and use that will protect them from all but the most dedicated of attackers.

They might select any given fragment of a work

Just like someone told to select an arbitrary password might select any sequence of characters. They might theoretically select anything, but most of them will choose something like 'password'.

So with your users. Star Trek fans are going to choose "makeitso". And a database of famous quotes will catch them.

What I'm really getting at, though, is that I think playing cat and mouse with professional hackers is a losing game. You shouldn't spend a few seconds trying to come up with something that they won't think of when it's their entire vocation. You're just not that creative, and too many people think alike.

Just roll dice. That way your choice is provably random.

Or if you're on Linux:

shuf -n4 /usr/share/dict/words | tr -d '\n'; echo

Actually, just:

echo $(shuf -n4 /usr/share/dict/words)

will do the trick. Though it does have some weird words in there. A trimmed "4000 common words" dictionary is what I use.

So throw an extra character in there somewhere.

Anecdotally, most people I know without secure WIFI passwords pick things like:

- Their address (sometimes with numerals spelled out)

- Their last name

- Their child's name

- single (common) dictionary word

- single (common) dictionary word + one or two digits.

for about 80% of protected home networks i’ve accessed the password ends up being someone in the home’s phone number.. not sure if it’s just because it’s often the only 8+ character string of numbers people readily have memorized or if it’s just lazy isp’s that set it that way (and lazy owners who never change it afterwards)..?

Yep, in public compromises of large sets of WPA passphrases, more than 50% of them are phone numbers. This is why we offer a CloudCracker dictionary which includes every valid NANP number in it: https://www.cloudcracker.com/dictionaries.html

It's the ISPs. Every time I move the tech resets my password to my home phone number.

I'm sure it cuts down their support, but it usually means brute forcing only need worry about the last four digits.

You're also screwed if you have WiFi Protected Setup enabled (Its enabled by default in most routers). Once can easily crack a WPA2 passphrase easily in a few hours using a tool like reaver.

Care to elaborate?

I found this article to be a bit sensational. It should be titled, "how I paid some experts to crack my neighbor’s Wifi." I’m not trying to dismiss the threat, just put it in perspective. The use of these tools is either expensive ($2500 a year?) or requires a non-trivial amount of expertise (Aircrack-ng).

I did find the article linked within to be more interesting and informative.


There's also an in-between. Many CloudCracker users employ tools like KisMAC (which are fairly user-friendly) to get a capture, and then simply upload the output to CloudCracker (also fairly user-friendly).

Don't really want to hijack this thread so feel free to downvote me if you feel its not appropriate.

We launched a product that protects you from these attacks - more discussion here - http://news.ycombinator.com/item?id=4444478

My review (of wifiprotector.com): dude, this looks like a virus. Spruce up the page! Give me some screenshots! Please, let me trust you!

Thanks! The download link goes to CNET download.com where they make sure all software is trusted. but I understand we should improve the page so people actually feel reassured before they click on download.

Ehm... if anything CNET will add malware, not remove it.

Was many years since I've downloaded anything off of download.com and I have a hard time believing that I ever will.


I want to add to mock's point - I will trust you more if I could download it from your site than from download.com. It has become such a dump that I actively avoid visiting it. Why delegate the user experience of downloading your products to someone whose interests don't align with yours?

OK. Point taken. We have done some A/B tests and see that download rate is the same as from our website. The benefit of redirecting to download.com is that with increased rankings we get more users who visit download.com. I know these issues you said and I saw the articles on HN before. However, you can tell download.com to stop injecting offers into the installer which we did and there are no issues.

However, you can tell download.com to stop injecting offers into the installer which we did and there are no issues.

How are your users supposed to know that?

Also, you are know asking your users to trust both you and CNET.

Provide an S3 link if you are worried about bandwidth, where the name of your company is in the URL (ie, bucket name).

Well my point wasn't about the installer (although it is too a good point). I'm mostly talking about the UI and UX benefits of having a streamlined experience of downloading a product.

download.com does not make me trust you. It's a red flag that makes me think you're even more likely to be malware. Especially given this: http://insecure.org/news/download-com-fiasco.html

I agree- have a few "learn more" buttons, videos etc

Correct me if I am wrong but the solution proposed is to use a free vpn under your control, my question is why do users have to trust you with their data?

> To his chagrin, it took CloudCracker just 89 minutes to crack the 10-character, all-numerical password he used...

> Remarkably, neither CloudCracker nor 12 hours of heavy-duty crunching by Hashcat were able to crack the passphrase. The secret: a lower-case letter, followed two numbers, followed by five more lower-case letters

So an all-number password was easily cracked with this method, but a shorter password with letters was untouchable?

Edit: I get that 10^10 is less than 36^8. I was more wondering how the cracker assumes, without knowing already if it's all-numeric or not, that it should try longer numerics before shorter alphanumerics and when it decides to give up on the numbers. I guess it's just known to be more likely for a good number of characters.

I run CloudCracker, so I can add some color. 'English' dictionary jobs use dynamic models built by password compromises from english speaking users, augmented by the results of our own jobs (as well as occasional brute force jobs we run against a sample of handshakes which didn't crack).

The smaller 'English' dictionaries focus tightly on that. The larger 'English' dictionaries include the longer curve of those passwords, but also start to mix in the hot spots from other models, such as valid NANP numbers (which is what got this example).

Look at it this way. Lets say I give you 5 characters to create a password. If you use all numbers then each value can be anywhere between 0 to 9. That's only 10 values! So that's 10 to the power of 5. That's only 100,000 permutations.

With letters, assuming standard English, you get 26 per value. Or 52 when we include case. That's a big difference. So lets say I only give you 4 lowercase characters. That's 4 to the power of 26. 456k permutations. So almost 5x more secure with less characters!

Your offline password cracker can crack numeric only passwords with ease. Heck, if you know who supplied the access point, you can narrow your search. For example I have uverse and I got a 10 number password by default, just like all uverse customers. So if you know its a uverse customer you can tell your cracker to focus on 10 digit permutations. There's only 10 billion permutations there. With 10 lowercase letters its 141 trillion.

Sounds a lot like my bank. 5 characters of 0-9 is exactly what they validate their passwords on. Luckily that validation is done only in Javascript, so disabling the check allows you to use any password you want. That doesn't help the average person though.

So you actually tricked the server into setting a password it usually wouldn't accept? Uh oh, hope they don't "fix the problem" by adding similar validation on the server side later :P

I would ask "Why are they still your bank?" but I know that most online banking is similarly awful.

Most likely all the numbers up to 10 digits long were in the dictionary.

tl;dr of this article: don't use stupid passwords.

Edit: the article mentions it was a phone number, so that narrows it down a lot.

I'm assuming the ten character all numerical password was a phone number. Phone numbers have discernable patterns, like area codes.

Yes. The exchange (middle three for US numbers) also has patterns. More on the allowed codes is here:


although, in practice, many of the allowed codes are not occupied. For instance, no exchange around LA would be 213, and no exchange near SF would be 415.

Surprising considering that the latter has less than 2 bits more entropy.

By my math, a 10 byte sequence of decimal numbers has 33.2 bits of entropy, while a 8 byte sequence of lower case numerals and decimals has 41.3 bits. That's almost 300x as hard to crack.

There's also the issue of pattern heuristics. Number-only passwords seem like they'd be common, and thus a reasonable pattern to try out to ~35 bits or so (something that corresponds roughtly to "can be tried in a perceptively short time"), but it's not as clear that there's a significant fraction of passwords in the wild that use alphanumerics but no capitals. So they wouldn't try the passwords from the 36-character alphabet, more likely using a slower heuristic like things where the leading alpha character might be capital, or there might be punctuation between "words", etc...

All-number passwords are default on several ISPs so they're much more likely to succeed than a full keyspace search.

>To capture a valid handshake, a targeted network must be monitored while an authorized device is validating itself to the access point.

I think it's a really noob question, but how do you monitor a network if you are not connected to it?

The same way you tune into a radio station, these packets are in the air for everyone to see.

Many wifi chips can be put into 'promiscuous mode' which allows them to monitor a channel and capture all traffic on it.

Its wireless so the same way you can overhear two people talking.

The network card sees all packets that go through the air but discards the ones not meant for your computer. Unless you tell the card not to which is called promiscuous mode, then all the packets are available to the OS.

As one of the comments mentions, you can bypass this whole step by using Reaver, which attacks the WPS pin number instead of the encryption scheme. It's not 100% and it takes 8-12 hours to complete, but it does work.

> To his chagrin, it took CloudCracker just 89 minutes to crack the 10-character, all-numerical password he used, although because the passcode wasn't contained in the entry-level, 604 million-word list, I relied on a premium, 1.2 billion-word dictionary that costs $34 to use.

There are 10 billion (10^10) possible 10-character all-numerical passwords. Can anyone explain how it was cracked using a 1.2 billion-word dictionary?

Maybe they assume that a 10-number password is likely to be a phone number, and so constrain the three most significant numbers to just valid US area codes. Add in other rules, like the fourth digit never being a zero, etc...and the space is pared down quite a bit.

Is there way to measure WiFi signal quality between router and connected devices? any API on linux side? An easy generic protection can be done in the following way (if there is api): Ban all unknown MAC addresses with WiFi signal quality below the specific treshhold. In that case if hacker decides to use fake MAC address he cannot fake signal quality on my side.

Does it work?

You can measure the signal quality, but that doesn't buy you much. If you only ban unknown MACs, then he can just clone yours, and signal quality is easy to evade with a cheap (< $20) higher gain antenna.

In my home, I often get a better signal using my laptop with an external antenna two walls from the AP than with my phone just a couple of meters away from it.

re: MAC spoofing

I don't use WiFi as a matter of practice, but I'm curious: What if you could keep all the "whitelisted" MAC's continually logged in to your network, or, at least, you could keep track of when they log out. The idea being that MAC spoofing is not possible if the particular MAC that the attacker wants to spoof is currently logged in. This is generally true with Ethernet, correct? Is this true with WiFi as well? (Assume the traffic is encrypted.)

And in fact, it seems this guy's hack relies on someone "rejoining" the network, triggered by a deauth frame. Without that "rejoining" step, I don't think he could get very far. If his target is continually connected, and there's no way to force a "rejoin", and all the traffic is encrypted, then what can he do? The problem to me sounds like the fact that someone can send a "deauth" frame and have it be accepted, and the Apple Mac gives no warnings that the connection underwent a "rejoin".

I would place good money that most AT&T wireless routers (SSID = 2WIREXXX) are using the same 10-digit password that is printed on the sticker on the unit. Yes, it's more secure than the old days of a default password being "default" or "admin" but not so great if 10-digit passcodes are easily broken.

It's a pretty big keyspace, but not quite big enough these days. I haven't noticed any lack of uniformity across it, but I don't really have enough samples yet to be sure. We have a dictionary specifically for those devices, just because they're so common: https://www.cloudcracker.com/dictionaries.html

Very cool. The obvious question I have after looking at that is why the largest 2WIRE dictionary has 4.8 billion entries when the keyspace is 10 billion. Is the keyspace really not all 10 billion, or is there a 50% chance my key won't be in the dictionary?

Yep, 50% chance of success. I'll probably be able to adjust this to 100% in the coming months, but in the current setup that's the maximum space we can cover for our estimate of the maximum price elasticity.

A couple of naive questions about the design of the security system:

1. Why is it possible to do the password tests remotely? Why would the key on the router be allowed to be transmitted? Even a 6 character password should be safe if you don't allow multiple tries.

2. Why isn't the handshake protocol encrypted?

1. The attack is to brute force the shared secret (password). This can be done offline because by capturing the exchange you have the ANonce and SNonce and all other information required to generate the same key -- except the shared secret. Try lots of passwords and check if you generate the same PTK as the two stations do.

2. Encrypted with what? This is the key exchange stage that is attacked here.

802.11w adds signing to management frames which eliminates the deauth attack -- makes it harder to capture the EAPOL frames. Also, IIRC, WPA2-enterprise would not be susceptible to this sort of attack; you've pre-shared a key rather than a (short) password for generating one.

edit: spelling

Password authenticated key exchange should do what we want. I was hoping WPA2 would have have used it already.


Honest question: since all devices connecting to a WIFI network are by definition within a short distance of the router itself, is there a WIFI solution that uses pre-shared key cryptography? That seems to me to be the only truly unbreakable option.

The key isn't being transmitted, but a hash of it with a nonce is. You could do a DH key exchange and encrypt it, but I doubt that would help that much: An attacker would just need to transmit their own auth packets.

My strategy is to use a human-readable password for my guest network (which I actually considered leaving completely open), and a crazy-long random password that I copy and paste from my password manager for my internal network.

Why did you decide not to leave it open?

I felt like it would make me responsible for monitoring it for abuse.

It could be something as innocent as a cheapskate neighbor using enough bandwidth to run afoul of my cap, or someone using it for nefarious purposes either on a continuous or drive-by basis.

The only reason I even have a password is on my router is that it crashes more often under traffic if I leave it open. I intentionally made the password easy to guess.

What is the command for aircrack-ng to generate the pcap file with the handshake?

(For those curious mac users, you can simply type "brew install aircrack-ng")

That will install 'aircrack-ng', which can crack WEP ivs packets or a WPA/2 handshake.

You will need airodump-ng to actually capture the handshake. I don't think the entire aircrack suite has been ported in homebrew.

Note that (I think) Apple typically uses Broadcomm wireless chips, which are not the best choice for this sort of thing.

So far I have been using Macstumbler in passive mode, but it takes a long time. So far I have only hacked my own test 12345 password

Many modern MacBooks use atheros chips, which work perfectly.

That is why a passphrase is so important. No longer it is a dictionary word, now it is multiple dictionary words together.

Was it correct battery horse staple or battery horse correct staple?

I use passphrases almost exclusively. The key is picking words at random - phrases are easy to guess, though sometimes I pick them because, to me, they're easy to remember.

"Areyouopposingshadowmoon?" is an incredibly secure password, and it's very likely that no one would ever 'guess' that phrase, but it's also highly easy to remember (because 1997 engrained it into my head).

I use things I remember from movies/books. Stuff that has always stuck in my head to the point that there is no way for me to forget it.

So what do I run now instead of Kismac, since it doesn't support anything > 10.7.2? Aircrack with some GUI frontend?

A Linux distro.

Don't get me wrong, this isn't an anti-apple rant: I've myself tried to my Macbook laptop to learn aircrack and finally desisted. The most important tools, airodump and aireplay, don't work in Mac, even if you have an injection-capable card.

Your best option is try with Linux either in your Mac (I think Backtrack has a Live CD so you don't have to install anything) or in a non-Apple PC.

& A simple remedy for staying on your mac is to use a wireless dongle (USB) that supports packet injection. It's extremely simple to set up in backtrack.

Or just use a virtual machine instead of running off the live cd.

Am I the only one that's bothered by seeing that red dotted underline for ANonce, SNonce and Ack?

No, you would think an editor would notice that kind of thing.

This is very interesting read.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact