Um, no. This thread is about WPA2E, right? I quote: ChapCrack can take captured network traffic that contains a MS-CHAPv2 > network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the > handshake's security to a single DES (Data Encryption Standard) key.
On 31 July 2012 15:40, <[email protected]> wrote: > Well, there seems to be a mix up here: we are discussing AES (Rijndael) > not DES :) > > > > Of course brute force will work. DES is fairly non-intensive, as far as > > encryptions go. Moreover, using FPGAs to build dedicated DES cracking > > machines is both feasible and relatively cheap. And, it has been done. > The > > latest iteration of the COPACOBANA does its business in the span of one > > single day. This machine was built in 2006 and cost $10000 at the time. I > > would not be surprised if the cost today would be less than one tenth of > > that. Moreover, the maximum WPA key length is 64 characters, which is > > pathetic, especially when restricted to the ASCII keymap. > > > > There already exists cloud services for DES cracking :) and it's not that > > expensive, either. I don't think trusting the cloud service in question > is > > much of an issue: a key is useless unless you know where it fits. Also, > if > > you submit a DES key, chances are you are the attacker and that you > > couldn't care less about any breaches in security your adversary might > > experience ;) > > > > On 31 July 2012 14:03, <[email protected]> wrote: > > > >> :) Brute Force using that approach will never work; you could try > >> exploiting weaknesses in mathematical implementations of the algorithm > >> by > >> programmers and mathematical weaknesses in the hardware. > >> > >> The cloud is a good thing , and makes business sense (though it may not > >> be > >> so, with the Patent Department): imagine how many under utilized servers > >> out there yet they pay licenses, support fees, admin personnel, utility > >> bills, etc (on some OSs, just running one server machine as an > >> authentication server, can give you authentication capability for more > >> than 25,000 users; now imagine how many under utilized database servers, > >> email servers, etc out there). A cloud solution lowers your TCO and > >> gives > >> you better ROI. :) > >> > >> Of course, the IT department is not impressed by the above, because they > >> need to access the hardware (and also want to control the IT budget), > >> besides they don't trust the guys in the cloud, yet they are the same > >> guys > >> who trust facebook, google, the ISPs, the Telcos, the banks, etc :) > >> > >> > >> > >> > Well, I would of course use a cloud service for that :P either that, > >> or > >> > one > >> > of the clusters at our university. > >> > > >> > On 31 July 2012 13:30, <[email protected]> wrote: > >> > > >> >> :) Ah, cracking AES 256 and "higher", don't think you have those > >> >> resources; probably thats for departments with serious scary budget > >> >> figures. > >> >> > >> >> Well, for the case of WEP, when a paper detailing its weaknesses was > >> >> submitted to the internet community, they brushed it off saying what > >> it > >> >> detailed was only theoretical and could never occur in practice, yet > >> >> when > >> >> WEP was finally broken; the media reported it as an off the shelf > >> hack > >> >> activity. :) > >> >> > >> >> > >> >> > Well, hum. :P > >> >> > > >> >> > I wonder how long it'll take until all the WPA2 Enterprise networks > >> >> have > >> >> > been secured. Why do I have to be in the middle of twenty-years-ago > >> >> state > >> >> > * > >> >> > now*? I want to be home and do some rampant WPA2E cracking! > >> >> > > >> >> > On 31 July 2012 12:52, <[email protected]> > >> wrote: > >> >> > > >> >> >> Does your MS interpretation sound like > >> >> >> the x-400 e mail format or the seven layer OSI standard? :) > >> >> >> > >> >> >> > >> >> >> > What do you mean "despite"? :P I've regularly been using my own > >> VPN > >> >> >> since > >> >> >> > 2007 when I had to start using a PPTP connection regularly. "MS" > >> >> >> > translates > >> >> >> > to "closed, flawed, and eventually defeated" in my book. > >> >> >> > > >> >> >> > On 31 July 2012 12:27, <[email protected]> > >> >> wrote: > >> >> >> > > >> >> >> >> :) But PPTP has always had its issues despite its being from > >> MS, > >> >> L2F > >> >> >> >> from > >> >> >> >> the other vendor, the same case, L2TP an attempt to combine the > >> >> above > >> >> >> >> two > >> >> >> >> also is good when run with IPSec doing the encryption, yet > >> IPSec > >> >> also > >> >> >> >> has > >> >> >> >> its own issues. > >> >> >> >> > >> >> >> >> Maybe SSL can do, save for its reliance on the PKI..... and > >> some > >> >> >> >> restrictions on key usage... > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > Well, at least PPTP with MS-CHAPv2 authentication is. > >> >> >> >> > > >> >> >> >> > > >> >> >> >> > >> >> >> > >> >> > >> > http://www.cso.com.au/article/432039/tools_released_defcon_can_crack_widely_used_pptp_encryption_under_day/ > >> >> >> >> > > >> >> >> >> > I can't say I'm very surprised. I've always done all my > >> business > >> >> >> >> through > >> >> >> >> a > >> >> >> >> > (better) VPN when on such a network, simply because the "MS" > >> in > >> >> >> >> > "MS-CHAPv2" > >> >> >> >> > always made me nervous. > >> >> >> >> > _______________________________________________ > >> >> >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> > > >> >> >> >> > Send messages to this mailing list by addressing e-mails to: > >> >> >> >> > [email protected] > >> >> >> >> > Mailing list archives: > >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> > > >> >> >> >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> >> > http://www.infocom.co.ug/ > >> >> >> >> > > >> >> >> >> > The above comments and data are owned by whoever posted them > >> >> >> >> (including > >> >> >> >> > attachments if any). The mailing list host is not responsible > >> >> for > >> >> >> them > >> >> >> >> in > >> >> >> >> > any way. > >> >> >> >> > >> >> >> >> > >> >> >> >> _______________________________________________ > >> >> >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> > >> >> >> >> Send messages to this mailing list by addressing e-mails to: > >> >> >> >> [email protected] > >> >> >> >> Mailing list archives: > >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> > >> >> >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> >> http://www.infocom.co.ug/ > >> >> >> >> > >> >> >> >> The above comments and data are owned by whoever posted them > >> >> >> (including > >> >> >> >> attachments if any). The mailing list host is not responsible > >> for > >> >> >> them > >> >> >> >> in > >> >> >> >> any way. > >> >> >> >> > >> >> >> > _______________________________________________ > >> >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> >> > > >> >> >> > Send messages to this mailing list by addressing e-mails to: > >> >> >> > [email protected] > >> >> >> > Mailing list archives: > >> http://www.mail-archive.com/[email protected]/ > >> >> >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> > > >> >> >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> > http://www.infocom.co.ug/ > >> >> >> > > >> >> >> > The above comments and data are owned by whoever posted them > >> >> >> (including > >> >> >> > attachments if any). The mailing list host is not responsible > >> for > >> >> them > >> >> >> in > >> >> >> > any way. > >> >> >> > >> >> >> > >> >> >> _______________________________________________ > >> >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> >> > >> >> >> Send messages to this mailing list by addressing e-mails to: > >> >> >> [email protected] > >> >> >> Mailing list archives: > >> http://www.mail-archive.com/[email protected]/ > >> >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> > >> >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> http://www.infocom.co.ug/ > >> >> >> > >> >> >> The above comments and data are owned by whoever posted them > >> >> (including > >> >> >> attachments if any). The mailing list host is not responsible for > >> >> them > >> >> >> in > >> >> >> any way. > >> >> >> > >> >> > _______________________________________________ > >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> > > >> >> > Send messages to this mailing list by addressing e-mails to: > >> >> > [email protected] > >> >> > Mailing list archives: > http://www.mail-archive.com/[email protected]/ > >> >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> > > >> >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> > http://www.infocom.co.ug/ > >> >> > > >> >> > The above comments and data are owned by whoever posted them > >> >> (including > >> >> > attachments if any). The mailing list host is not responsible for > >> them > >> >> in > >> >> > any way. > >> >> > >> >> > >> >> _______________________________________________ > >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> > >> >> Send messages to this mailing list by addressing e-mails to: > >> >> [email protected] > >> >> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> > >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> http://www.infocom.co.ug/ > >> >> > >> >> The above comments and data are owned by whoever posted them > >> (including > >> >> attachments if any). The mailing list host is not responsible for > >> them > >> >> in > >> >> any way. > >> >> > >> > _______________________________________________ > >> > The Uganda Linux User Group: http://linux.or.ug > >> > > >> > Send messages to this mailing list by addressing e-mails to: > >> > [email protected] > >> > Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> > To unsubscribe: http://kym.net/mailman/options/lug > >> > > >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> > http://www.infocom.co.ug/ > >> > > >> > The above comments and data are owned by whoever posted them > >> (including > >> > attachments if any). The mailing list host is not responsible for them > >> in > >> > any way. > >> > >> > >> _______________________________________________ > >> The Uganda Linux User Group: http://linux.or.ug > >> > >> Send messages to this mailing list by addressing e-mails to: > >> [email protected] > >> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> To unsubscribe: http://kym.net/mailman/options/lug > >> > >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> http://www.infocom.co.ug/ > >> > >> The above comments and data are owned by whoever posted them (including > >> attachments if any). The mailing list host is not responsible for them > >> in > >> any way. > >> > > _______________________________________________ > > The Uganda Linux User Group: http://linux.or.ug > > > > Send messages to this mailing list by addressing e-mails to: > > [email protected] > > Mailing list archives: http://www.mail-archive.com/[email protected]/ > > Mailing list settings: http://kym.net/mailman/listinfo/lug > > To unsubscribe: http://kym.net/mailman/options/lug > > > > The Uganda LUG mailing list is generously hosted by INFOCOM: > > http://www.infocom.co.ug/ > > > > The above comments and data are owned by whoever posted them (including > > attachments if any). The mailing list host is not responsible for them in > > any way. > > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. >
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
