[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wireless home LAN - WiFi vs Bluetooth?

On Wed, 31 Jul 2019 10:43:48 +0300
Reco <recoverym4n@enotuniq.net> wrote:

> 	Hi.
> 
> On Tue, Jul 30, 2019 at 07:06:08PM -0400, Celejar wrote:
> > On Mon, 29 Jul 2019 13:57:25 +0300
> > Reco <recoverym4n@enotuniq.net> wrote:
> > 
> > ...
> > 
> > > WPA2's (that's your conventional WiFi standard) secure configuration is
> > > fiendishly difficult. 
> > 
> > I take your point, but "fiendishly difficult"? I think you're
> > exaggerating.
> 
> WPA Enterprise. 802.1r. An "interesting" choice between CCMP and TKIP
> (yep, it's hardware dependent). De-authentication attacks. "Evil twin"
> attacks.
> 
> I meant it when I wrote "fiendishly difficult".

I'm afraid that I'm missing your point. The context here was a home
user choosing between wifi and wired ethernet, and you are arguing that
configuring wifi securely is fiendishly difficult. Why are we talking
about WPA Enterprise, as opposed to PSK?

> > > You have beacon frames that are broadcasted without any encryption.
> > 
> > True, but is there any evidence that this constitutes a security risk?
> 
> Some people believe that hiding AP name gives them another layer of
> security. Beacon frames prove otherwise.

Certainly, but that has no bearing on the underlying question of
whether wifi can be configured to be tolerably secure in a reasonably
straightforward fashion by a home user.

> > > You have authentication frames that can be intercepted (so WPA
> > > passphrase can be bruteforced).
> > 
> > Lots of things (such as TLS, ssh) can theoretically be brute forced -
> > the question is whether such brute forcing is sufficiently practical to
> > be a threat. I have seen nothing to indicate that properly configured
> > WPA2 can be realistically brute forced.
> 
> For WPA2 it's not that hard really, assuming pre-shared key usage.
> Can be expensive (all those videocards and ASICs have their cost), but
> definitely doable.

I'd be interested in seeing some real-world studies, or simply just a
mathematical analysis of how much hardware would be necessary to crack
a good WPA2 password. I've seen lots of sites explaining how to use
hashcat with a GPU, and various real-world tests on lists of hashed
passwords (e.g., [1]), but can you provide a serious analysis of the
practical cost, in time or hardware, of cracking a real-world WPA setup?

> You have several encryption algorithms, but:

...

> > > b) You may have a hardware that lack support for a good ones.
> > 
> > I suppose, but my impression is that most hardware from the last few
> > years is fine.
> 
> Cheap smartphones and tablets. Whatever they put instead of a proper

This misses the point - we're comparing ethernet to wifi. Cheap
smartphones and tablets aren't usually going to support ethernet.

> WiFi in printers (yep, I'm looking at you, HP). Oh, D-Link and Linksys.
> There are *always* some exceptions to "newer is the better" rule.

D-Link and Linksys don't support WPA2-PSK with AES?

[1]
https://arstechnica.com/information-technology/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

Celejar
Reply to: