Well, it seems as though I will not have to crack AES by itself, eh? :) On 31 July 2012 15:59, <[email protected]> wrote:
> :) WPA2 is based on AES, but with the ability to evolve in case weaknesses > in the algorithm are found. AES by itself is still strong and i don't > think you can crack it. The implementation of AES in different gadgets is > where the exploits come in. Also issues to do with using key lengths > longer than "the gov't" can crack make it weak, i think. > > > > Um, no. This thread is about WPA2E, right? I quote: > > > > ChapCrack can take captured network traffic that contains a MS-CHAPv2 > >> network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the > >> handshake's security to a single DES (Data Encryption Standard) key. > > > > > > On 31 July 2012 15:40, <[email protected]> wrote: > > > >> Well, there seems to be a mix up here: we are discussing AES (Rijndael) > >> not DES :) > >> > >> > >> > Of course brute force will work. DES is fairly non-intensive, as far > >> as > >> > encryptions go. Moreover, using FPGAs to build dedicated DES cracking > >> > machines is both feasible and relatively cheap. And, it has been done. > >> The > >> > latest iteration of the COPACOBANA does its business in the span of > >> one > >> > single day. This machine was built in 2006 and cost $10000 at the > >> time. I > >> > would not be surprised if the cost today would be less than one tenth > >> of > >> > that. Moreover, the maximum WPA key length is 64 characters, which is > >> > pathetic, especially when restricted to the ASCII keymap. > >> > > >> > There already exists cloud services for DES cracking :) and it's not > >> that > >> > expensive, either. I don't think trusting the cloud service in > >> question > >> is > >> > much of an issue: a key is useless unless you know where it fits. > >> Also, > >> if > >> > you submit a DES key, chances are you are the attacker and that you > >> > couldn't care less about any breaches in security your adversary might > >> > experience ;) > >> > > >> > On 31 July 2012 14:03, <[email protected]> wrote: > >> > > >> >> :) Brute Force using that approach will never work; you could try > >> >> exploiting weaknesses in mathematical implementations of the > >> algorithm > >> >> by > >> >> programmers and mathematical weaknesses in the hardware. > >> >> > >> >> The cloud is a good thing , and makes business sense (though it may > >> not > >> >> be > >> >> so, with the Patent Department): imagine how many under utilized > >> servers > >> >> out there yet they pay licenses, support fees, admin personnel, > >> utility > >> >> bills, etc (on some OSs, just running one server machine as an > >> >> authentication server, can give you authentication capability for > >> more > >> >> than 25,000 users; now imagine how many under utilized database > >> servers, > >> >> email servers, etc out there). A cloud solution lowers your TCO and > >> >> gives > >> >> you better ROI. :) > >> >> > >> >> Of course, the IT department is not impressed by the above, because > >> they > >> >> need to access the hardware (and also want to control the IT budget), > >> >> besides they don't trust the guys in the cloud, yet they are the same > >> >> guys > >> >> who trust facebook, google, the ISPs, the Telcos, the banks, etc :) > >> >> > >> >> > >> >> > >> >> > Well, I would of course use a cloud service for that :P either > >> that, > >> >> or > >> >> > one > >> >> > of the clusters at our university. > >> >> > > >> >> > On 31 July 2012 13:30, <[email protected]> > >> wrote: > >> >> > > >> >> >> :) Ah, cracking AES 256 and "higher", don't think you have those > >> >> >> resources; probably thats for departments with serious scary > >> budget > >> >> >> figures. > >> >> >> > >> >> >> Well, for the case of WEP, when a paper detailing its weaknesses > >> was > >> >> >> submitted to the internet community, they brushed it off saying > >> what > >> >> it > >> >> >> detailed was only theoretical and could never occur in practice, > >> yet > >> >> >> when > >> >> >> WEP was finally broken; the media reported it as an off the shelf > >> >> hack > >> >> >> activity. :) > >> >> >> > >> >> >> > >> >> >> > Well, hum. :P > >> >> >> > > >> >> >> > I wonder how long it'll take until all the WPA2 Enterprise > >> networks > >> >> >> have > >> >> >> > been secured. Why do I have to be in the middle of > >> twenty-years-ago > >> >> >> state > >> >> >> > * > >> >> >> > now*? I want to be home and do some rampant WPA2E cracking! > >> >> >> > > >> >> >> > On 31 July 2012 12:52, <[email protected]> > >> >> wrote: > >> >> >> > > >> >> >> >> Does your MS interpretation sound like > >> >> >> >> the x-400 e mail format or the seven layer OSI standard? :) > >> >> >> >> > >> >> >> >> > >> >> >> >> > What do you mean "despite"? :P I've regularly been using my > >> own > >> >> VPN > >> >> >> >> since > >> >> >> >> > 2007 when I had to start using a PPTP connection regularly. > >> "MS" > >> >> >> >> > translates > >> >> >> >> > to "closed, flawed, and eventually defeated" in my book. > >> >> >> >> > > >> >> >> >> > On 31 July 2012 12:27, <[email protected] > > > >> >> >> wrote: > >> >> >> >> > > >> >> >> >> >> :) But PPTP has always had its issues despite its being from > >> >> MS, > >> >> >> L2F > >> >> >> >> >> from > >> >> >> >> >> the other vendor, the same case, L2TP an attempt to combine > >> the > >> >> >> above > >> >> >> >> >> two > >> >> >> >> >> also is good when run with IPSec doing the encryption, yet > >> >> IPSec > >> >> >> also > >> >> >> >> >> has > >> >> >> >> >> its own issues. > >> >> >> >> >> > >> >> >> >> >> Maybe SSL can do, save for its reliance on the PKI..... and > >> >> some > >> >> >> >> >> restrictions on key usage... > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > Well, at least PPTP with MS-CHAPv2 authentication is. > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> > >> >> >> >> > >> >> >> > >> >> > >> > http://www.cso.com.au/article/432039/tools_released_defcon_can_crack_widely_used_pptp_encryption_under_day/ > >> >> >> >> >> > > >> >> >> >> >> > I can't say I'm very surprised. I've always done all my > >> >> business > >> >> >> >> >> through > >> >> >> >> >> a > >> >> >> >> >> > (better) VPN when on such a network, simply because the > >> "MS" > >> >> in > >> >> >> >> >> > "MS-CHAPv2" > >> >> >> >> >> > always made me nervous. > >> >> >> >> >> > _______________________________________________ > >> >> >> >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> >> > > >> >> >> >> >> > Send messages to this mailing list by addressing e-mails > >> to: > >> >> >> >> >> > [email protected] > >> >> >> >> >> > Mailing list archives: > >> >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> >> > Mailing list settings: > http://kym.net/mailman/listinfo/lug > >> >> >> >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> >> > > >> >> >> >> >> > The Uganda LUG mailing list is generously hosted by > >> INFOCOM: > >> >> >> >> >> > http://www.infocom.co.ug/ > >> >> >> >> >> > > >> >> >> >> >> > The above comments and data are owned by whoever posted > >> them > >> >> >> >> >> (including > >> >> >> >> >> > attachments if any). The mailing list host is not > >> responsible > >> >> >> for > >> >> >> >> them > >> >> >> >> >> in > >> >> >> >> >> > any way. > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> _______________________________________________ > >> >> >> >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> >> > >> >> >> >> >> Send messages to this mailing list by addressing e-mails to: > >> >> >> >> >> [email protected] > >> >> >> >> >> Mailing list archives: > >> >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> >> > >> >> >> >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> >> >> http://www.infocom.co.ug/ > >> >> >> >> >> > >> >> >> >> >> The above comments and data are owned by whoever posted them > >> >> >> >> (including > >> >> >> >> >> attachments if any). The mailing list host is not > >> responsible > >> >> for > >> >> >> >> them > >> >> >> >> >> in > >> >> >> >> >> any way. > >> >> >> >> >> > >> >> >> >> > _______________________________________________ > >> >> >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> > > >> >> >> >> > Send messages to this mailing list by addressing e-mails to: > >> >> >> >> > [email protected] > >> >> >> >> > Mailing list archives: > >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> > > >> >> >> >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> >> > http://www.infocom.co.ug/ > >> >> >> >> > > >> >> >> >> > The above comments and data are owned by whoever posted them > >> >> >> >> (including > >> >> >> >> > attachments if any). The mailing list host is not responsible > >> >> for > >> >> >> them > >> >> >> >> in > >> >> >> >> > any way. > >> >> >> >> > >> >> >> >> > >> >> >> >> _______________________________________________ > >> >> >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> > >> >> >> >> Send messages to this mailing list by addressing e-mails to: > >> >> >> >> [email protected] > >> >> >> >> Mailing list archives: > >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> > >> >> >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> >> http://www.infocom.co.ug/ > >> >> >> >> > >> >> >> >> The above comments and data are owned by whoever posted them > >> >> >> (including > >> >> >> >> attachments if any). The mailing list host is not responsible > >> for > >> >> >> them > >> >> >> >> in > >> >> >> >> any way. > >> >> >> >> > >> >> >> > _______________________________________________ > >> >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> >> > > >> >> >> > Send messages to this mailing list by addressing e-mails to: > >> >> >> > [email protected] > >> >> >> > Mailing list archives: > >> http://www.mail-archive.com/[email protected]/ > >> >> >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> > > >> >> >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> > http://www.infocom.co.ug/ > >> >> >> > > >> >> >> > The above comments and data are owned by whoever posted them > >> >> >> (including > >> >> >> > attachments if any). The mailing list host is not responsible > >> for > >> >> them > >> >> >> in > >> >> >> > any way. > >> >> >> > >> >> >> > >> >> >> _______________________________________________ > >> >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> >> > >> >> >> Send messages to this mailing list by addressing e-mails to: > >> >> >> [email protected] > >> >> >> Mailing list archives: > >> http://www.mail-archive.com/[email protected]/ > >> >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> > >> >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> http://www.infocom.co.ug/ > >> >> >> > >> >> >> The above comments and data are owned by whoever posted them > >> >> (including > >> >> >> attachments if any). The mailing list host is not responsible for > >> >> them > >> >> >> in > >> >> >> any way. > >> >> >> > >> >> > _______________________________________________ > >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> > > >> >> > Send messages to this mailing list by addressing e-mails to: > >> >> > [email protected] > >> >> > Mailing list archives: > http://www.mail-archive.com/[email protected]/ > >> >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> > > >> >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> > http://www.infocom.co.ug/ > >> >> > > >> >> > The above comments and data are owned by whoever posted them > >> >> (including > >> >> > attachments if any). The mailing list host is not responsible for > >> them > >> >> in > >> >> > any way. > >> >> > >> >> > >> >> _______________________________________________ > >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> > >> >> Send messages to this mailing list by addressing e-mails to: > >> >> [email protected] > >> >> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> > >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> http://www.infocom.co.ug/ > >> >> > >> >> The above comments and data are owned by whoever posted them > >> (including > >> >> attachments if any). The mailing list host is not responsible for > >> them > >> >> in > >> >> any way. > >> >> > >> > _______________________________________________ > >> > The Uganda Linux User Group: http://linux.or.ug > >> > > >> > Send messages to this mailing list by addressing e-mails to: > >> > [email protected] > >> > Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> > To unsubscribe: http://kym.net/mailman/options/lug > >> > > >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> > http://www.infocom.co.ug/ > >> > > >> > The above comments and data are owned by whoever posted them > >> (including > >> > attachments if any). The mailing list host is not responsible for them > >> in > >> > any way. > >> > >> > >> _______________________________________________ > >> The Uganda Linux User Group: http://linux.or.ug > >> > >> Send messages to this mailing list by addressing e-mails to: > >> [email protected] > >> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> To unsubscribe: http://kym.net/mailman/options/lug > >> > >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> http://www.infocom.co.ug/ > >> > >> The above comments and data are owned by whoever posted them (including > >> attachments if any). The mailing list host is not responsible for them > >> in > >> any way. > >> > > _______________________________________________ > > The Uganda Linux User Group: http://linux.or.ug > > > > Send messages to this mailing list by addressing e-mails to: > > [email protected] > > Mailing list archives: http://www.mail-archive.com/[email protected]/ > > Mailing list settings: http://kym.net/mailman/listinfo/lug > > To unsubscribe: http://kym.net/mailman/options/lug > > > > The Uganda LUG mailing list is generously hosted by INFOCOM: > > http://www.infocom.co.ug/ > > > > The above comments and data are owned by whoever posted them (including > > attachments if any). The mailing list host is not responsible for them in > > any way. > > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. >
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
