Exactly, John. When it becomes possible fit a computer that can crack WPA2 encryption in less than the lifespan of the average human into a drone, then we'll have something to worry about. As it is now, even a 340 million word vocabulary would be useless against my WiFi security.Originally Posted by n2ize
All the world’s a stage, but obviously the play is unrehearsed and everybody is ad-libbing his lines. Maybe that’s why it’s hard to tell if we’re living in a tragedy or a farce.
Please cite this.↓
[QUOTE=n2ize;364972]Right, maybe. But I am talkig about non-military apps.
"1) It is illegal and dangerous to fly drones over populated areas. Unless your target is in a sparsely populated area and close to a field where you can launch your drone and monitor its flight from the ground it won't be of much use and can land you in a heap of trouble. A relatively small rc plane or helicopter capable of carrying enough equipment can easily kill or maim a person if it were to go out of control."
With my smaller helicopters I can fit in through a smaller window. Nothing special here. Also, if there is any appreciable wind all bets are off.
probably not, but they are still quite noticeable once they start operating at low altitudes in close proximity to people. Electrics are quiet but as they get closer they are easily heard and draw attention.
Also, How small is small ? A 350 sized electric helicopter can inflict some nasty injury if it smacks someone head on. A 450-500 can kill a person. Quadcopters are somewhat safer. But any rc aircraft that can lift a few pounds of equipment can only be so small and only be so safe in a crowded area.
yeah, thats all well and good. But still, dangerous in a populated area. Esp without someone in control to compensate for the unexpected. Also illegal unless you are fortunate enough to have the proper permits which are not just issued to anyone.
If you need to get into the air to collect vast numbers of wifi locations and passwords you are either doing something illegal or, are a part of some spy program that is probably funded well enough to have access to full sized aircraft and/or a large budget for remote controlled gadgets. And even in the former case, most urban area are chock full of wifi signals and you can collect thousands of locations from the ground. But in most cases the cops know who they are targeting and can monitor that persons wifi or cell phone from the ground. No need to intercept everyones signals throughout an entire city. Furthermore it's easily thhwarted by not using wifi or a cell or cordless phone. Anyone who is doing something illegal and puts it out over a wifi or a cell phone is an idiot and deserves to get caught for being stupid.
True but then again, the need to send a drone up at night to spoof cellphones and collect wifi data for a any legitimate purpose is rare. Generally if law enforcement is targeting a particular individual or location they can intercept signals from the ground. No need to collect thousands of wifi signals.
Not too amazing. it sounds like nothing more than a brute force plain-text dictionary attack. easily thwarted by using random passwords of adequate length and/or a strong encryption method.
When that day comes it will also be a day of great interest to people in my field of interest and/or to computer engineers the world over. For that will be the day that we have either discovered a ,simple and quick means of factoring enormous numbers or else developed an ultra powerful supercomputer the likes of which we cannot built today,
I think where the problem comes in is that many people leave themselves wide open and vulnerable to attacks. Either they run their networks fully open with no authentication or encryption or, they use WEP in combination with some weak password that is easily "guessed".
I keep my 2 feet on the ground, and my head in the twilight zone.
http://www.shawnhogan.com/2006/08/how-to-crack-128-bit-wireless-networks.html
Um...
It shows that the strongest network is only as strong as the passwords being used. I generally try to use random charachter strings instead of words. harder to remember but harder for wordlist attackers.
I keep my 2 feet on the ground, and my head in the twilight zone.
Use RADIUS...
I would like a more detailed description of the underlying theory. Theoretically, using 128 bits there are 2^128 = 3.40x10^38 possible keys... an extremely huge number to brute-force your way through even with the fastest computers.
So, what I don;t understand is
1) Is he using a brute force attack and somehow getting very lucky ?
2) Is he exploiting a weakness in the algorithm itself ?
3) Is he simply doing a word list attack against the plaintext password.
4) I am missing something obvious.
From what I gather it seems to be the case 3. Somebody uses "Jane" (or something equally simple) as their password and within a very short time the computer guesses... "J a n e" and viola..
I keep my 2 feet on the ground, and my head in the twilight zone.
Rainbow tables: Pre-computed hashes of passphrases.
Okay, so it is still based on a "wordlist" (more or less) but the hashes are precomputed making the process faster (less computation). It still seems to me that a sufficiently random passphrase of sufficient length would make this hack difficult.
Last edited by n2ize; 08-09-2011 at 01:18 PM.
I keep my 2 feet on the ground, and my head in the twilight zone.
Depends on the rainbow table. There are some out there that are a couple of gigs in size, with precomputed hashes for everything from A to AAAAAAAAAAAAAAAAAAAA
Posting Permissions
Reply With Quote