Re: Wireless home LAN - WiFi vs Bluetooth?
On Wed, 31 Jul 2019 10:43:48 +0300
Reco <recoverym4n@enotuniq.net> wrote:
> Hi.
>
> On Tue, Jul 30, 2019 at 07:06:08PM -0400, Celejar wrote:
> > On Mon, 29 Jul 2019 13:57:25 +0300
> > Reco <recoverym4n@enotuniq.net> wrote:
> >
> > ...
> >
> > > WPA2's (that's your conventional WiFi standard) secure configuration is
> > > fiendishly difficult.
> >
> > I take your point, but "fiendishly difficult"? I think you're
> > exaggerating.
>
> WPA Enterprise. 802.1r. An "interesting" choice between CCMP and TKIP
> (yep, it's hardware dependent). De-authentication attacks. "Evil twin"
> attacks.
>
> I meant it when I wrote "fiendishly difficult".
I'm afraid that I'm missing your point. The context here was a home
user choosing between wifi and wired ethernet, and you are arguing that
configuring wifi securely is fiendishly difficult. Why are we talking
about WPA Enterprise, as opposed to PSK?
> > > You have beacon frames that are broadcasted without any encryption.
> >
> > True, but is there any evidence that this constitutes a security risk?
>
> Some people believe that hiding AP name gives them another layer of
> security. Beacon frames prove otherwise.
Certainly, but that has no bearing on the underlying question of
whether wifi can be configured to be tolerably secure in a reasonably
straightforward fashion by a home user.
> > > You have authentication frames that can be intercepted (so WPA
> > > passphrase can be bruteforced).
> >
> > Lots of things (such as TLS, ssh) can theoretically be brute forced -
> > the question is whether such brute forcing is sufficiently practical to
> > be a threat. I have seen nothing to indicate that properly configured
> > WPA2 can be realistically brute forced.
>
> For WPA2 it's not that hard really, assuming pre-shared key usage.
> Can be expensive (all those videocards and ASICs have their cost), but
> definitely doable.
I'd be interested in seeing some real-world studies, or simply just a
mathematical analysis of how much hardware would be necessary to crack
a good WPA2 password. I've seen lots of sites explaining how to use
hashcat with a GPU, and various real-world tests on lists of hashed
passwords (e.g., [1]), but can you provide a serious analysis of the
practical cost, in time or hardware, of cracking a real-world WPA setup?
> You have several encryption algorithms, but:
...
> > > b) You may have a hardware that lack support for a good ones.
> >
> > I suppose, but my impression is that most hardware from the last few
> > years is fine.
>
> Cheap smartphones and tablets. Whatever they put instead of a proper
This misses the point - we're comparing ethernet to wifi. Cheap
smartphones and tablets aren't usually going to support ethernet.
> WiFi in printers (yep, I'm looking at you, HP). Oh, D-Link and Linksys.
> There are *always* some exceptions to "newer is the better" rule.
D-Link and Linksys don't support WPA2-PSK with AES?
[1]
https://arstechnica.com/information-technology/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
Celejar
Reply to: