[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wireless home LAN - WiFi vs Bluetooth?



On Thu, 1 Aug 2019 09:32:32 +0300
Reco <recoverym4n@enotuniq.net> wrote:

> On Wed, Jul 31, 2019 at 10:30:05PM -0400, Celejar wrote:
> > > > > > > You have authentication frames that can be intercepted (so WPA
> > > > > > > passphrase can be bruteforced).
> > > > > > 
> > > > > > Lots of things (such as TLS, ssh) can theoretically be brute forced -
> > > > > > the question is whether such brute forcing is sufficiently practical to
> > > > > > be a threat. I have seen nothing to indicate that properly configured
> > > > > > WPA2 can be realistically brute forced.
> > > > > 
> > > > > For WPA2 it's not that hard really, assuming pre-shared key usage.
> > > > > Can be expensive (all those videocards and ASICs have their cost), but
> > > > > definitely doable.
> > > > 
> > > > I'd be interested in seeing some real-world studies, or simply just a
> > > > mathematical analysis of how much hardware would be necessary to crack
> > > > a good WPA2 password. I've seen lots of sites explaining how to use
> > > > hashcat with a GPU, and various real-world tests on lists of hashed
> > > > passwords (e.g., [1]), but can you provide a serious analysis of the
> > > > practical cost, in time or hardware, of cracking a real-world WPA setup?
> > > 
> > > Cost - Amazon will take 11c per hour for that VM that comes with NVIDIA
> > > Tesla videocard.
> > > Said hour is more than enough to bruteforce 8 character WPA passphrase
> > > with hashcat.
> > 
> > Yes, and who said anything about using 8 character passphrase? How
> > about the cost of cracking a 16 character passphrase? Or a 60 character
> > one?
> 
> Each extra character in WPA passphrase adds roughly two orders of
> magnitude to the bruteforce time.
> So you cheat. Dictionary attacks, Markov chain attacks, assumptions on
> the characters used in passwords - all that really lowers bruteforce
> time.

But none of that will help if the passphrase is properly (randomly)
chosen.

Celejar


Reply to: