.jpg)
WEP encryption, sounds fun just using the word "encryption" right? You're safe and secure now, no-one can mess with you right? If I were to say no, that would scare you a little right? But you still have to be at least a little safe, even if someone wanted in it would take them days to get in right?
It doesn't even take 10 minutes to get in. Its kind of pandemic that this encryption still exists, and its widely used, that generic wireless router you got from Verizon, AT&T, or Comcast 10 years ago doesn't meet modern security standards, and they don't update them for you, you have to request a new one.
Let me return to yesterdays post about wardriving. On my way home from work and running a few errands I found 700 wireless transmitting devices, most of my drive isn't in residential areas and I saw WEP EVERYWHERE!!! So I decided that I'd wipe the data and just from my computer chair, right here as I type this up, see what the state of our wireless is within whatever range I am capable of grabbing from a stand still. Here are the results.
.png)
No WiFi For You and SquishyMonkey are mine, both WPA2, hence the reason they are the most powerful. and yes 3QR6D is mine as well, generic router from Verizon. Can't see what I'm doing though, I like to keep that secret, and my land lord owns the router so... not going to stir up and troubles. But just within ear shot I have TP6E8, 36HZ2, Sawyer, and MGUL1 all WEP encryption. These people are at serious risk if anyone decided to hack them. I haven't explained why this is bad yet though, so here goes.
With WPA2 encryption uses a 128 bit encryption key.
Where as WEP has a 40 bit encryption key.
Whats the big difference between 128 bits and 40 bits right? HUGE difference. As I said in the password setting post, length is the most important thing you can do. So make sure your password is strong and secure on this, we can still run brute force and dictionary attacks on these, so if you chose the password of "password" neither of these is secure, but we want to make sure you choose WPA2 over everything.
So what's the big deal about bits? If we use a 40 bit encryption key, the number of potential keys to unlock your network is 1,099,511,627,776. Just look at that number, there is no way a human can guess that many possible keys right? That's not the point, we need to take the human element out of most of our assumptions about security, humans don't do the hard work, our tools do. This means you can run to the store and buy a computer capable of processing 4,000,000,000 keys A SECOND!!! That means I can guess all 1,099,511,627,776 possible keys in 274.877 seconds. That's under 5 minutes.
Even if your password would take 17 septendecillion years to guess because you chose a cool combination of words, using WEP leaves the key in the lock for a hacker to just turn and open. And you better hope you only use that password for your WiFi because the hacker now has it, and when he gets in, he can use sniffers and scanners to do what he wants. (sniffers and scanners will be for another day).
Is WPA2 really that much more secure? Is 128 bits going to add that much more time? The answer is a simple... yes. Each additional bit, doubles the amount of time required to get the key. It all functions on a 2^X structure. Lets see how many keys you can have with WPA2 but using 2^128.
3.40282366909384634633760743177e+38 keys or in short it would take 165,946,066,889,502,605,855,656 years to guess. Almost 166 sextillion years. In terms of trying to crack a WiFi using WPA2... its probably easier to just run a brute for or dictionary attack list on your password... the number is probably smaller to break open.
As for the tools for WiFi cracking, one of the more popular ones is known as AirCrack-NG, I'll write an article on this later. Lesson of the day, use WPA2, don't be dumb and use WEP, people like me can get in pretty darn easily. Returning to an earlier point, my name is Ryan Jones, I would say I'm a hacker, but I'm not doing any black hat work so don't worry about me trying to steal your credit card info. This post is strictly for informative purposes, don't use WEP. Until next time, be safe my goblins.
Blogger Comment
Facebook Comment