[GTALUG] Suggestions for stopping occasional spurious use of commercial wi-fi

Sun Sep 16 14:57:44 EDT 2018

On 09/16/2018 02:42 PM, Don Tai wrote:
> I am assuming that on the Rogers router you are already using WPA2 and
> that someone has cracked it using a tool like AirCrack-NG (Kali dist
> or download). Physical barriers to limit signal strength will not
> alone protect you. There are numerous tutorials out there on how to
> use Aircrack-NG.

>From the FAQ:

"How can I crack a WPA-PSK network ?

You must sniff until a handshake takes place between a wireless client
and the access point. To force the client to reauthenticate, you can
start a deauth attack with aireplay-ng. Also, a good dictionary is
required."

By avoiding passwords found in the dictionary, you're much less
vulnerable.  A random 63 character string does that.  Here's a sample:

>GZcfs^7w\D$JKE8XZJ(bw#.&'(||c>tt@;yt[]gQ$<s~Xoc7}A9cQ`KhFbHM}:

Try finding that in a dictionary.

And also:

Will WPA be cracked in the future ?

It's extremely unlikely that WPA will be cracked just like WEP was.

The major problem with WEP is that the shared key is appended to the IV;
the result is directly used to feed RC4. This overly simple construction
is prone to a statistical attack, since the first ciphertext bytes are
strongly correlated with the shared key (see Andrew Roos' paper). There
are basically two counter-measures against this attack:

    Mix the IV and the shared key using a hash function or
    Discard the first 256 bytes of RC4's output.

There has been some disinformation in the news about the “flaws” of TKIP:

For now, TKIP is reasonably secure but it is also living on borrowed
time since it still relies on the same RC4 algorithm that WEP relied on.

Actually, TKIP (WPA1) is not vulnerable: for each packet, the 48-bit IV
is mixed with the 128-bit pairwise temporal key to create a 104-bit RC4
key, so there's no statistical correlation at all. Furthermore, WPA
provides counter-measures against active attacks (traffic reinjection),
includes a stronger message integrity code (michael), and has a very
robust authentication protocol (the 4-way handshake). The only
vulnerability so far is a dictionary attack, which fails if the
passphrase is robust enough.

WPA2 (aka 802.11i) is exactly the same as WPA1, except that CCMP (AES in
counter mode) is used instead of RC4 and HMAC-SHA1 is used instead of
HMAC-MD5 for the EAPOL MIC. Bottom line, WPA2 is a bit better than WPA1,
but neither are going to be cracked in the near future.

https://www.aircrack-ng.org/doku.php?id=faq