Good Sam Community

Thank you for the information. Unfortunately I cannot tether a device to my smart phone so bluetooth vs. wifi is irrelevant.

I think you are unsure of the actual definition of vitriol:

A. Abusive or venomous language used to express blame or censure or bitter deep-seated ill will.
B. Subject to bitter verbal abuse.

Vitriol goes way beyond contempt or disdain.

These are the definitions of which I am aware, consider accurate. There was no vitriol in this thread.

And I would be very interested in this instance of a 19 character WPA2 password being hacked in 5 hours. Could you please include a link, as I would be interested in the details.

Why would you doubt that very many home users have 20 character passwords? I doubt very much that I am that much off the norm.

In an earlier reply to some posts on this thread I used the word vitriol. A couple of synonyms are disdain and contempt. Subsequently some posters have stated they did not detect any vitriol. Perhaps you missed this post by a senior member, "I do hope you are aware that on its face, this question is like asking which is faster, a car or a speedboat. Since they do not exactly go the same place, relative speed is kinda useless information.

In that same vein, the headline of this thread makes as much sense as comparing a fish, a bicycle, and a shingle roof."

This quoted post added no useful or edifying information to the thread and by it's wording and tone showed contempt and disdain towards the 2 people it was directed at.

That said my only purpose in the initial post was to provide some information that could possibly save some people $20 or more per month who may be needless shelling out to cell phone providers for Wifi devices they do not need. These devices are up to $149 to purchase and free for a 2 year contract.

If you are living somewhere this side of the 20th century you probably are paying for the use of a phone that will give you the same connectivity at no additional charge beyond already pay them for data usage. That you can access the internet directly from your phone or use the provided hotspot to connect via USB, Bluetooth, or WiFi.

I realize that most of us are not hot targets for hackers. For every organized Russian, Chinese, North Korean, attack on corporations and governments there probably a countless bored teens and preteens who have used there monthly data alotment looking for a way to get back online. Of the six WiFi connections I can see from just my laptop right now 2 have no barriers. I doubt if very many home users have 20 character passwords.

As GordonThree and rwbradley have pointed out WiFi is easily intercepted so why take a chance. To paraphrase rwbradley why set your self up to be low hanging fruit if there are other altenatives. Incidentally, according to one internet source an intricate 19 character WAP2 password was hacked in 5 hours.

LittleBill wrote:

fj12ryder wrote:
Yeah, there's a lot of "proof of concept" that is demonstrated, but a lot of the exploits require certain steps be performed before it actually works. Yeah, it works in the lab, but not so much in the wild.

I'm not saying that WPA2 can't be broken, but I am saying that it isn't trivial.

folks, you can crack WPA2 in almost the exact same ways as WEP was cracked with the same tools. the difference is it takes considerably longer to do, not harder just longer. the downside is, once have you have th handshake, you can go somewhere else to brute force it. with WEP the standard attack required being in range of the AP.

you don't need a lab at all. i have cracked my WPA2 password using the same tools i used to crack my WEP password back in the day. this is why they tell you to use a good password.

If you claim to have cracked WPA, you might take that to Def Con and report how you did it, because the smartest hackers in the world haven't figured it out yet. WEP and WPA anything are two completely animals and the tools are also completely different. WEP can be discovered with Wire Shark, not so with WPA because
there are no "tools" to decrypt it. It hasn't been done.

LittleBill wrote:

fj12ryder wrote:
Yeah, there's a lot of "proof of concept" that is demonstrated, but a lot of the exploits require certain steps be performed before it actually works. Yeah, it works in the lab, but not so much in the wild.

I'm not saying that WPA2 can't be broken, but I am saying that it isn't trivial.

folks, you can crack WPA2 in almost the exact same ways as WEP was cracked with the same tools. the difference is it takes considerably longer to do, not harder just longer. the downside is, once have you have th handshake, you can go somewhere else to brute force it. with WEP the standard attack required being in range of the AP.

you don't need a lab at all. i have cracked my WPA2 password using the same tools i used to crack my WEP password back in the day. this is why they tell you to use a good password.

Longer as in hours, days, weeks, years? Possible, but is it actually doable with a long, 20 digits long, password?

Hackers Steal up to $1 billion from Banks

I am moderately techie, so am only moderately knowledgeable about how easy it is to hack anything. Having prefaced with that, read the above news story about banks worldwide being hacked for up to $1 billion. What we see in this case as in other cases in recent years -- Target, etc etc -- no bank or company wants to admit to their clients/customers, or the media, that they have been hacked.

On the personal level, I suspect many folks don't want to admit to anyone that they have been hacked / scammed.

So apparently there is a lot more hackin' goin' on than we ever hear about ...

fj12ryder wrote:
Yeah, there's a lot of "proof of concept" that is demonstrated, but a lot of the exploits require certain steps be performed before it actually works. Yeah, it works in the lab, but not so much in the wild.

I'm not saying that WPA2 can't be broken, but I am saying that it isn't trivial.

folks, you can crack WPA2 in almost the exact same ways as WEP was cracked with the same tools. the difference is it takes considerably longer to do, not harder just longer. the downside is, once have you have th handshake, you can go somewhere else to brute force it. with WEP the standard attack required being in range of the AP.

you don't need a lab at all. i have cracked my WPA2 password using the same tools i used to crack my WEP password back in the day. this is why they tell you to use a good password.

Yeah, there's a lot of "proof of concept" that is demonstrated, but a lot of the exploits require certain steps be performed before it actually works. Yeah, it works in the lab, but not so much in the wild.

I'm not saying that WPA2 can't be broken, but I am saying that it isn't trivial.

fj12ryder wrote:
"Not exactly a cover-up, but more "security through obscurity" - the fact WPA/WPA2 is broken is just not widely advertised." WPA yes, WPA2 not yet.

Personally, I think if it were easily broken it would be all over the net, just because someone is determined to tell people. If it came out on a RV forum, I would think it'd be common knowledge on any network forum. I guess I'll wait for official word on the vulnerability of WPA2.

Its not.. This was a big deal at DefCon a few years ago, and once you watch and get into what happened, it was written only for Mac, and if I remember, they also installed spyware to mine for it and report back. Just as easy, maybe more so on the PC, except the PC has been so vulnerable that most windows machines are running spyware. Not so with the Mac, but it's coming. Until I actually watch someone capture, decode, and read it back to me, I ain't buying that it's broke.

"Not exactly a cover-up, but more "security through obscurity" - the fact WPA/WPA2 is broken is just not widely advertised." WPA yes, WPA2 not yet.

Personally, I think if it were easily broken it would be all over the net, just because someone is determined to tell people. If it came out on a RV forum, I would think it'd be common knowledge on any network forum. I guess I'll wait for official word on the vulnerability of WPA2.

fj12ryder wrote:
Gosh, if it is so easy how does anything stay secure? Maybe it isn't quite as easy as it is purported to be. You'd think there would be security breaches every day in every sector, but it doesn't seem to be happening.

Oh, oh, don't tell me: it's a coverup.

Not exactly a cover-up, but more "security through obscurity" - the fact WPA/WPA2 is broken is just not widely advertised.

obscurity continues - even though breaking WPA/WPA2 is trival, not many folks know how to do it, or don't have reason to do it. Just because I can doesn't mean I do, especially when camping - my computer stays off most of the time... I'm camping to take a break from technology, not work on exploiting it.

Most corporate deployments use WPA to keep casual users off the network, but also use smart cards or crypto certificates for additional authentication. you connect to outside wlan with wpa, and then connect to the inside vlan with x509 or some other certificate exchange.

Gosh, if it is so easy how does anything stay secure? Maybe it isn't quite as easy as it is purported to be. You'd think there would be security breaches every day in every sector, but it doesn't seem to be happening.

Oh, oh, don't tell me: it's a coverup.

rwbradley wrote:

SCVJeff wrote:

fj12ryder wrote:
"Some enterprising entrepreneurs have already run all the password combinations and filed those results into a nice easy searchable database."

Seriously? You do realize that a 20 digit password, which is what I use, has trillions of combinations. And they have that in "a nice easy searchable database". Man, that must be some database.

x2-10
The misinformation in this thread is amazing.
If someone is interesting in attempting to get into my home router or myfi, PM me and I'll send you the 1st 10 characters, maybe 20. You will be no further along in two years than starting from scratch.

Ah shucks, maybe its on the "list"...

You are right, there is a lot of misinformation. Hacking passwords is so 10 years ago. So you can go grab a 50GB torrent and run a password hash thru the rainbow tables. It may or may not work depending on the encryption, sometimes in minutes sometimes in years. Hiding in an Onion network is so 5 years ago. Onion networks are only secure on the inside, the entry point and exit point are not, it is also easy to hack the device before the data enters the Onion, put up fake relay servers, apps also leak data while in the Onion all the time. How do you think they got the owner of Silk Road. If I wanted into someone's computer, router, MIFI, phone etc. I would not try to hack the password. Nearly anyone is vulnerable, and don't let them tell you otherwise. It is simple to steal session cookies and Kerberos tokens to impersonate someone else with no password required. It is also really easy to use a known exploit (or even one the hardware manufacturers don't know about yet) to trick the router, computer, server etc. to give you administrative rights, no password required. How do you think Evernote, PlayStation network, Sony Pictures, Home Depot, Target etc. got hacked. They did not get into these networks by hacking someone's password! Strong passwords help, but do not be fooled into thinking you are too secure to be hacked, look at it on a scale, you are more or less secure than the next guy but we are all vulnerable.

Too funny! I guess if you use enough buzzwords you'll fool everyone. That is "so 10 years ago". 🙂