Calguns.net  

Home My iTrader Join the NRA Donate to CGSSA Sponsors CGN Google Search
CA Semiauto Ban(AW)ID Flowchart CA Handgun Ban ID Flowchart CA Shotgun Ban ID Flowchart
Go Back   Calguns.net > GENERAL DISCUSSION > Technology and Internet
Register FAQ Members List Calendar Mark Forums Read

Technology and Internet Emerging and current tech related issues. Internet, DRM, IP, and other technology related discussions.

Reply
 
Thread Tools Display Modes
  #1  
Old 08-17-2018, 2:05 PM
hermosabeach's Avatar
hermosabeach hermosabeach is offline
I need a LIFE!!
 
Join Date: Feb 2009
Posts: 11,902
iTrader: 7 / 100%
Cool WPA2- how to upgrade

Chatting with a nerd friend- one of those mathematics PhD types, he explained how WPA2 can be cracked in a few minutes


Does anyone know if any of the hardware companies is offering upgrades to WPA3 or the next gen or security?

https://null-byte.wonderhowto.com/ho...ck-ng-0148366/


https://github.com/brannondorsey/wifi-cracking


Have you upgraded your hardware or firmware?
__________________




“Science is like an inoculation against charlatans who would have you believe whatever it is they tell you.”
— Neil deGrasse Tyson

- If the Democrats thought for one seconds that Illegals were voting republican, You'd see the Border Wall from Space! - Abe Lincoln
Reply With Quote
  #2  
Old 08-17-2018, 2:36 PM
hermosabeach's Avatar
hermosabeach hermosabeach is offline
I need a LIFE!!
 
Join Date: Feb 2009
Posts: 11,902
iTrader: 7 / 100%
Default

I updated the firmware on my router... anyone concerned about this
__________________




“Science is like an inoculation against charlatans who would have you believe whatever it is they tell you.”
— Neil deGrasse Tyson

- If the Democrats thought for one seconds that Illegals were voting republican, You'd see the Border Wall from Space! - Abe Lincoln
Reply With Quote
  #3  
Old 08-17-2018, 4:59 PM
Robotron2k84 Robotron2k84 is offline
Member
 
Join Date: Sep 2017
Posts: 483
iTrader: 1 / 100%
Default

It will depend on how WPA2 was implemented on your router. In some cases it's part of the WiFi chipset and others do the handshaking in software via an EAP module and supplicant.

Firmware updates could potentially disable the hardware WPA2 support and supply an EAP module in software to do the authentication, and it will depend on the relative performance of the router's CPU if this is feasible.

On the client side, most OSs implement WPAx as a software supplicant, so an upgrade or patch will enable WPA3.

Getting away from pre-shared keys is what this is all about. WPAx Enterprise already does this with external authentication, and why it's still less vulnerable.
Reply With Quote
  #4  
Old 08-18-2018, 10:53 AM
hermosabeach's Avatar
hermosabeach hermosabeach is offline
I need a LIFE!!
 
Join Date: Feb 2009
Posts: 11,902
iTrader: 7 / 100%
Default

Ok
So it sounds like there is not a need to rush and look for a WPA3 router yet
__________________




“Science is like an inoculation against charlatans who would have you believe whatever it is they tell you.”
— Neil deGrasse Tyson

- If the Democrats thought for one seconds that Illegals were voting republican, You'd see the Border Wall from Space! - Abe Lincoln
Reply With Quote
  #5  
Old 08-18-2018, 3:17 PM
Robotron2k84 Robotron2k84 is offline
Member
 
Join Date: Sep 2017
Posts: 483
iTrader: 1 / 100%
Default

Meh. Your next upgrade in router hardware should come with it. There are really only two differences that will matter to most people in WPA3: per connection TLS with separate keys (and why CPU is a factor on the router), and new NatSec approved (trollolol, hello NSA) cipher suite. The handshaking of WPA3 will be slightly more robust, but only equal to EAP-TLS on WPA2 Enterprise.

If you want to keep WPA2 for a bit longer, look into setting up Enterprise Auth. It's a bit more involved, and requires a RADIUS server running somewhere, but it's rather straightforward and once set up is pretty easily managed.

EAP-TTLS, PEAP and MSCHAP-V2 don't require client certs, but the latter two are weak and the former requires a device profile on Apple hardware to utilize 802.1x over WiFi.
Reply With Quote
  #6  
Old 08-18-2018, 3:35 PM
Fizz's Avatar
Fizz Fizz is online now
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,075
iTrader: 13 / 100%
Default

WPA2 isn't easily broken at all.

The problem with WPA2 is weak passwords and single pre-shared keys. The weak passwords can be broken with a dictionary or brute force attack after capturing the handshake(s). However, if your password isn't part of dictionary/brute force sequence it won't be broken.

The common way to break WPA2 is to social engineer it (ask an employee for the password, etc.) or access points with a small keyspace/weak passwords. For example, ATT used to give every customer a 2WIRE router with SSID 2WIRE### and a 10 digit numeric password. These could be broken easily. I know, because I had passwords for every 2WIRE### network in my neighborhood within a week doing the processing on an extra computer. People used to love setting passwords to phone numbers, bad idea. This keyspace effectively limits the password to 7 digit numeric (per area code in a region).

Another way is to retrieve a password from a device, either via malicious software, stealing the hardware and finding a file that has it, pulling it from the saved network list, etc. Other vulnerabilities include WPS implementations.

Don't freak out too much about WPA2-PSK by itself. If you start giving it to guests that come over, etc. or you lose assets that have that information stored, then change it.

Yes, RADIUS is the better way to go. This is my required route for business clients. For home, WPA2-PSK is OK as long as you understand how it can be broken.
Reply With Quote
  #7  
Old 08-19-2018, 4:48 AM
Dragunov's Avatar
Dragunov Dragunov is offline
Senior Member
 
Join Date: Dec 2008
Location: TEXAS and FREEDOM!!
Posts: 1,355
iTrader: 0 / 0%
Default

Quote:
Originally Posted by hermosabeach View Post
Chatting with a nerd friend- one of those mathematics PhD types, he explained how WPA2 can be cracked in a few minutes


Does anyone know if any of the hardware companies is offering upgrades to WPA3 or the next gen or security?

https://null-byte.wonderhowto.com/ho...ck-ng-0148366/


https://github.com/brannondorsey/wifi-cracking


Have you upgraded your hardware or firmware?
It doesn't matter. One of the things we taught in 25/u, and 25/b, was just how unsecure WiFi/Routers in general are. Anyone with a Linux box, can hack any home router/WiFi in under a minute. Regardless of the security measures taken.

Keep your AV, Anti-Malware, Firewall, and firmware up to date, surf with common sense. Best you can do.
Reply With Quote
  #8  
Old 08-19-2018, 11:12 AM
Robotron2k84 Robotron2k84 is offline
Member
 
Join Date: Sep 2017
Posts: 483
iTrader: 1 / 100%
Default

^ And this is why, even with the strongest EAP policy and client certs on token cards, that layer 4-7 traffic is still encrypted. WiFi encryption is chaining-block cipher, which offers no forward security, and captured packets can be later decrypted if the key is cracked.
Reply With Quote
  #9  
Old 08-19-2018, 1:13 PM
guhuna's Avatar
guhuna guhuna is offline
Junior Member
 
Join Date: Mar 2015
Location: Room #9 M.D.F
Posts: 73
iTrader: 0 / 0%
Default

To be honest, WPA3 is not something I'd worry about at the moment. WPA2 isn't as easy to crack as some article make it out to be. It isn't as easy as running a linux distro and hitting the enter key, now WEP and WPS on the other hand. LOL.
Reply With Quote
  #10  
Old 08-19-2018, 6:50 PM
MrBlazito's Avatar
MrBlazito MrBlazito is offline
Senior Member
 
Join Date: May 2011
Location: SoCal
Posts: 770
iTrader: 0 / 0%
Default

Quote:
Originally Posted by Fizz View Post
WPA2 isn't easily broken at all.

The problem with WPA2 is weak passwords and single pre-shared keys. The weak passwords can be broken with a dictionary or brute force attack after capturing the handshake(s). However, if your password isn't part of dictionary/brute force sequence it won't be broken.

The common way to break WPA2 is to social engineer it (ask an employee for the password, etc.) or access points with a small keyspace/weak passwords. For example, ATT used to give every customer a 2WIRE router with SSID 2WIRE### and a 10 digit numeric password. These could be broken easily. I know, because I had passwords for every 2WIRE### network in my neighborhood within a week doing the processing on an extra computer. People used to love setting passwords to phone numbers, bad idea. This keyspace effectively limits the password to 7 digit numeric (per area code in a region).

Another way is to retrieve a password from a device, either via malicious software, stealing the hardware and finding a file that has it, pulling it from the saved network list, etc. Other vulnerabilities include WPS implementations.

Don't freak out too much about WPA2-PSK by itself. If you start giving it to guests that come over, etc. or you lose assets that have that information stored, then change it.

Yes, RADIUS is the better way to go. This is my required route for business clients. For home, WPA2-PSK is OK as long as you understand how it can be broken.

WPS pin cracking will reveal your WPA2 password no matter how complex it is. Fortunately most newer modems/routers will just timeout after 5-10 attempts and WPS will get locked until the modem/router is rebooted.
__________________

Last edited by MrBlazito; 08-19-2018 at 6:58 PM..
Reply With Quote
  #11  
Old 08-19-2018, 7:11 PM
Fizz's Avatar
Fizz Fizz is online now
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,075
iTrader: 13 / 100%
Default

Quote:
Originally Posted by MrBlazito View Post
WPS pin cracking will reveal your WPA2 password no matter how complex it is. Fortunately most newer modems/routers will just timeout after 5-10 attempts and WPS will get locked until the modem/router is rebooted.
SBS-class and higher equipment never implements WPS. I did mention WPS as a vector in my post.

Yes, there was the reaver attack for WPS, you should apply a patch or upgrade your device if it's Reaver vulnerable. Not all APs allow you to disable WPS fully but you should if you can.

WPS and WPA2 are distinct technologies and not specifically a problem with WPA2.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -8. The time now is 7:00 PM.




Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Proudly hosted by GeoVario the Premier 2A host.
Calguns.net, the 'Calguns' name and all associated variants and logos are ® Trademark and © Copyright 2002-2018, Calguns.net an Incorporated Company All Rights Reserved.
Calguns.net and The Calguns Foundation have no affiliation and are in no way related to each other.
All opinions, statements and remarks made by Calguns.net on this web site and elsewhere are solely attributable to Calguns.net.