And we all know how much corporate costumes like to cut corners in all departments they find foreign and incomprehensible. :)
On 31 July 2012 16:11, <[email protected]> wrote: > Probably not so as far as security is concerned in low end markets, but in > high end markets, the implementations can get really strict. :) > > > > > Well, it seems as though I will not have to crack AES by itself, eh? :) > > > > On 31 July 2012 15:59, <[email protected]> wrote: > > > >> :) WPA2 is based on AES, but with the ability to evolve in case > >> weaknesses > >> in the algorithm are found. AES by itself is still strong and i don't > >> think you can crack it. The implementation of AES in different gadgets > >> is > >> where the exploits come in. Also issues to do with using key lengths > >> longer than "the gov't" can crack make it weak, i think. > >> > >> > >> > Um, no. This thread is about WPA2E, right? I quote: > >> > > >> > ChapCrack can take captured network traffic that contains a MS-CHAPv2 > >> >> network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce > >> the > >> >> handshake's security to a single DES (Data Encryption Standard) key. > >> > > >> > > >> > On 31 July 2012 15:40, <[email protected]> wrote: > >> > > >> >> Well, there seems to be a mix up here: we are discussing AES > >> (Rijndael) > >> >> not DES :) > >> >> > >> >> > >> >> > Of course brute force will work. DES is fairly non-intensive, as > >> far > >> >> as > >> >> > encryptions go. Moreover, using FPGAs to build dedicated DES > >> cracking > >> >> > machines is both feasible and relatively cheap. And, it has been > >> done. > >> >> The > >> >> > latest iteration of the COPACOBANA does its business in the span of > >> >> one > >> >> > single day. This machine was built in 2006 and cost $10000 at the > >> >> time. I > >> >> > would not be surprised if the cost today would be less than one > >> tenth > >> >> of > >> >> > that. Moreover, the maximum WPA key length is 64 characters, which > >> is > >> >> > pathetic, especially when restricted to the ASCII keymap. > >> >> > > >> >> > There already exists cloud services for DES cracking :) and it's > >> not > >> >> that > >> >> > expensive, either. I don't think trusting the cloud service in > >> >> question > >> >> is > >> >> > much of an issue: a key is useless unless you know where it fits. > >> >> Also, > >> >> if > >> >> > you submit a DES key, chances are you are the attacker and that you > >> >> > couldn't care less about any breaches in security your adversary > >> might > >> >> > experience ;) > >> >> > > >> >> > On 31 July 2012 14:03, <[email protected]> > >> wrote: > >> >> > > >> >> >> :) Brute Force using that approach will never work; you could try > >> >> >> exploiting weaknesses in mathematical implementations of the > >> >> algorithm > >> >> >> by > >> >> >> programmers and mathematical weaknesses in the hardware. > >> >> >> > >> >> >> The cloud is a good thing , and makes business sense (though it > >> may > >> >> not > >> >> >> be > >> >> >> so, with the Patent Department): imagine how many under utilized > >> >> servers > >> >> >> out there yet they pay licenses, support fees, admin personnel, > >> >> utility > >> >> >> bills, etc (on some OSs, just running one server machine as an > >> >> >> authentication server, can give you authentication capability for > >> >> more > >> >> >> than 25,000 users; now imagine how many under utilized database > >> >> servers, > >> >> >> email servers, etc out there). A cloud solution lowers your TCO > >> and > >> >> >> gives > >> >> >> you better ROI. :) > >> >> >> > >> >> >> Of course, the IT department is not impressed by the above, > >> because > >> >> they > >> >> >> need to access the hardware (and also want to control the IT > >> budget), > >> >> >> besides they don't trust the guys in the cloud, yet they are the > >> same > >> >> >> guys > >> >> >> who trust facebook, google, the ISPs, the Telcos, the banks, etc > >> :) > >> >> >> > >> >> >> > >> >> >> > >> >> >> > Well, I would of course use a cloud service for that :P either > >> >> that, > >> >> >> or > >> >> >> > one > >> >> >> > of the clusters at our university. > >> >> >> > > >> >> >> > On 31 July 2012 13:30, <[email protected]> > >> >> wrote: > >> >> >> > > >> >> >> >> :) Ah, cracking AES 256 and "higher", don't think you have > >> those > >> >> >> >> resources; probably thats for departments with serious scary > >> >> budget > >> >> >> >> figures. > >> >> >> >> > >> >> >> >> Well, for the case of WEP, when a paper detailing its > >> weaknesses > >> >> was > >> >> >> >> submitted to the internet community, they brushed it off saying > >> >> what > >> >> >> it > >> >> >> >> detailed was only theoretical and could never occur in > >> practice, > >> >> yet > >> >> >> >> when > >> >> >> >> WEP was finally broken; the media reported it as an off the > >> shelf > >> >> >> hack > >> >> >> >> activity. :) > >> >> >> >> > >> >> >> >> > >> >> >> >> > Well, hum. :P > >> >> >> >> > > >> >> >> >> > I wonder how long it'll take until all the WPA2 Enterprise > >> >> networks > >> >> >> >> have > >> >> >> >> > been secured. Why do I have to be in the middle of > >> >> twenty-years-ago > >> >> >> >> state > >> >> >> >> > * > >> >> >> >> > now*? I want to be home and do some rampant WPA2E cracking! > >> >> >> >> > > >> >> >> >> > On 31 July 2012 12:52, <[email protected] > > > >> >> >> wrote: > >> >> >> >> > > >> >> >> >> >> Does your MS interpretation sound like > >> >> >> >> >> the x-400 e mail format or the seven layer OSI standard? :) > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > What do you mean "despite"? :P I've regularly been using > >> my > >> >> own > >> >> >> VPN > >> >> >> >> >> since > >> >> >> >> >> > 2007 when I had to start using a PPTP connection > >> regularly. > >> >> "MS" > >> >> >> >> >> > translates > >> >> >> >> >> > to "closed, flawed, and eventually defeated" in my book. > >> >> >> >> >> > > >> >> >> >> >> > On 31 July 2012 12:27, > >> <[email protected] > >> > > >> >> >> >> wrote: > >> >> >> >> >> > > >> >> >> >> >> >> :) But PPTP has always had its issues despite its being > >> from > >> >> >> MS, > >> >> >> >> L2F > >> >> >> >> >> >> from > >> >> >> >> >> >> the other vendor, the same case, L2TP an attempt to > >> combine > >> >> the > >> >> >> >> above > >> >> >> >> >> >> two > >> >> >> >> >> >> also is good when run with IPSec doing the encryption, > >> yet > >> >> >> IPSec > >> >> >> >> also > >> >> >> >> >> >> has > >> >> >> >> >> >> its own issues. > >> >> >> >> >> >> > >> >> >> >> >> >> Maybe SSL can do, save for its reliance on the PKI..... > >> and > >> >> >> some > >> >> >> >> >> >> restrictions on key usage... > >> >> >> >> >> >> > >> >> >> >> >> >> > >> >> >> >> >> >> > >> >> >> >> >> >> > Well, at least PPTP with MS-CHAPv2 authentication is. > >> >> >> >> >> >> > > >> >> >> >> >> >> > > >> >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> > >> >> >> > >> >> > >> > http://www.cso.com.au/article/432039/tools_released_defcon_can_crack_widely_used_pptp_encryption_under_day/ > >> >> >> >> >> >> > > >> >> >> >> >> >> > I can't say I'm very surprised. I've always done all my > >> >> >> business > >> >> >> >> >> >> through > >> >> >> >> >> >> a > >> >> >> >> >> >> > (better) VPN when on such a network, simply because the > >> >> "MS" > >> >> >> in > >> >> >> >> >> >> > "MS-CHAPv2" > >> >> >> >> >> >> > always made me nervous. > >> >> >> >> >> >> > _______________________________________________ > >> >> >> >> >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> >> >> > > >> >> >> >> >> >> > Send messages to this mailing list by addressing > >> e-mails > >> >> to: > >> >> >> >> >> >> > [email protected] > >> >> >> >> >> >> > Mailing list archives: > >> >> >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> >> >> > Mailing list settings: > >> http://kym.net/mailman/listinfo/lug > >> >> >> >> >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> >> >> > > >> >> >> >> >> >> > The Uganda LUG mailing list is generously hosted by > >> >> INFOCOM: > >> >> >> >> >> >> > http://www.infocom.co.ug/ > >> >> >> >> >> >> > > >> >> >> >> >> >> > The above comments and data are owned by whoever posted > >> >> them > >> >> >> >> >> >> (including > >> >> >> >> >> >> > attachments if any). The mailing list host is not > >> >> responsible > >> >> >> >> for > >> >> >> >> >> them > >> >> >> >> >> >> in > >> >> >> >> >> >> > any way. > >> >> >> >> >> >> > >> >> >> >> >> >> > >> >> >> >> >> >> _______________________________________________ > >> >> >> >> >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> >> >> > >> >> >> >> >> >> Send messages to this mailing list by addressing e-mails > >> to: > >> >> >> >> >> >> [email protected] > >> >> >> >> >> >> Mailing list archives: > >> >> >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> >> >> Mailing list settings: > >> http://kym.net/mailman/listinfo/lug > >> >> >> >> >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> >> >> > >> >> >> >> >> >> The Uganda LUG mailing list is generously hosted by > >> INFOCOM: > >> >> >> >> >> >> http://www.infocom.co.ug/ > >> >> >> >> >> >> > >> >> >> >> >> >> The above comments and data are owned by whoever posted > >> them > >> >> >> >> >> (including > >> >> >> >> >> >> attachments if any). The mailing list host is not > >> >> responsible > >> >> >> for > >> >> >> >> >> them > >> >> >> >> >> >> in > >> >> >> >> >> >> any way. > >> >> >> >> >> >> > >> >> >> >> >> > _______________________________________________ > >> >> >> >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> >> > > >> >> >> >> >> > Send messages to this mailing list by addressing e-mails > >> to: > >> >> >> >> >> > [email protected] > >> >> >> >> >> > Mailing list archives: > >> >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> >> > Mailing list settings: > http://kym.net/mailman/listinfo/lug > >> >> >> >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> >> > > >> >> >> >> >> > The Uganda LUG mailing list is generously hosted by > >> INFOCOM: > >> >> >> >> >> > http://www.infocom.co.ug/ > >> >> >> >> >> > > >> >> >> >> >> > The above comments and data are owned by whoever posted > >> them > >> >> >> >> >> (including > >> >> >> >> >> > attachments if any). The mailing list host is not > >> responsible > >> >> >> for > >> >> >> >> them > >> >> >> >> >> in > >> >> >> >> >> > any way. > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> _______________________________________________ > >> >> >> >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> >> > >> >> >> >> >> Send messages to this mailing list by addressing e-mails to: > >> >> >> >> >> [email protected] > >> >> >> >> >> Mailing list archives: > >> >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> >> > >> >> >> >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> >> >> http://www.infocom.co.ug/ > >> >> >> >> >> > >> >> >> >> >> The above comments and data are owned by whoever posted them > >> >> >> >> (including > >> >> >> >> >> attachments if any). The mailing list host is not > >> responsible > >> >> for > >> >> >> >> them > >> >> >> >> >> in > >> >> >> >> >> any way. > >> >> >> >> >> > >> >> >> >> > _______________________________________________ > >> >> >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> > > >> >> >> >> > Send messages to this mailing list by addressing e-mails to: > >> >> >> >> > [email protected] > >> >> >> >> > Mailing list archives: > >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> > > >> >> >> >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> >> > http://www.infocom.co.ug/ > >> >> >> >> > > >> >> >> >> > The above comments and data are owned by whoever posted them > >> >> >> >> (including > >> >> >> >> > attachments if any). The mailing list host is not responsible > >> >> for > >> >> >> them > >> >> >> >> in > >> >> >> >> > any way. > >> >> >> >> > >> >> >> >> > >> >> >> >> _______________________________________________ > >> >> >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> >> >> > >> >> >> >> Send messages to this mailing list by addressing e-mails to: > >> >> >> >> [email protected] > >> >> >> >> Mailing list archives: > >> >> http://www.mail-archive.com/[email protected]/ > >> >> >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> >> > >> >> >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> >> http://www.infocom.co.ug/ > >> >> >> >> > >> >> >> >> The above comments and data are owned by whoever posted them > >> >> >> (including > >> >> >> >> attachments if any). The mailing list host is not responsible > >> for > >> >> >> them > >> >> >> >> in > >> >> >> >> any way. > >> >> >> >> > >> >> >> > _______________________________________________ > >> >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> >> > > >> >> >> > Send messages to this mailing list by addressing e-mails to: > >> >> >> > [email protected] > >> >> >> > Mailing list archives: > >> http://www.mail-archive.com/[email protected]/ > >> >> >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> > > >> >> >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> > http://www.infocom.co.ug/ > >> >> >> > > >> >> >> > The above comments and data are owned by whoever posted them > >> >> >> (including > >> >> >> > attachments if any). The mailing list host is not responsible > >> for > >> >> them > >> >> >> in > >> >> >> > any way. > >> >> >> > >> >> >> > >> >> >> _______________________________________________ > >> >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> >> > >> >> >> Send messages to this mailing list by addressing e-mails to: > >> >> >> [email protected] > >> >> >> Mailing list archives: > >> http://www.mail-archive.com/[email protected]/ > >> >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> >> > >> >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> >> http://www.infocom.co.ug/ > >> >> >> > >> >> >> The above comments and data are owned by whoever posted them > >> >> (including > >> >> >> attachments if any). The mailing list host is not responsible for > >> >> them > >> >> >> in > >> >> >> any way. > >> >> >> > >> >> > _______________________________________________ > >> >> > The Uganda Linux User Group: http://linux.or.ug > >> >> > > >> >> > Send messages to this mailing list by addressing e-mails to: > >> >> > [email protected] > >> >> > Mailing list archives: > http://www.mail-archive.com/[email protected]/ > >> >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> > To unsubscribe: http://kym.net/mailman/options/lug > >> >> > > >> >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> > http://www.infocom.co.ug/ > >> >> > > >> >> > The above comments and data are owned by whoever posted them > >> >> (including > >> >> > attachments if any). The mailing list host is not responsible for > >> them > >> >> in > >> >> > any way. > >> >> > >> >> > >> >> _______________________________________________ > >> >> The Uganda Linux User Group: http://linux.or.ug > >> >> > >> >> Send messages to this mailing list by addressing e-mails to: > >> >> [email protected] > >> >> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> >> To unsubscribe: http://kym.net/mailman/options/lug > >> >> > >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> >> http://www.infocom.co.ug/ > >> >> > >> >> The above comments and data are owned by whoever posted them > >> (including > >> >> attachments if any). The mailing list host is not responsible for > >> them > >> >> in > >> >> any way. > >> >> > >> > _______________________________________________ > >> > The Uganda Linux User Group: http://linux.or.ug > >> > > >> > Send messages to this mailing list by addressing e-mails to: > >> > [email protected] > >> > Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> > Mailing list settings: http://kym.net/mailman/listinfo/lug > >> > To unsubscribe: http://kym.net/mailman/options/lug > >> > > >> > The Uganda LUG mailing list is generously hosted by INFOCOM: > >> > http://www.infocom.co.ug/ > >> > > >> > The above comments and data are owned by whoever posted them > >> (including > >> > attachments if any). The mailing list host is not responsible for them > >> in > >> > any way. > >> > >> > >> _______________________________________________ > >> The Uganda Linux User Group: http://linux.or.ug > >> > >> Send messages to this mailing list by addressing e-mails to: > >> [email protected] > >> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> To unsubscribe: http://kym.net/mailman/options/lug > >> > >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> http://www.infocom.co.ug/ > >> > >> The above comments and data are owned by whoever posted them (including > >> attachments if any). The mailing list host is not responsible for them > >> in > >> any way. > >> > > _______________________________________________ > > The Uganda Linux User Group: http://linux.or.ug > > > > Send messages to this mailing list by addressing e-mails to: > > [email protected] > > Mailing list archives: http://www.mail-archive.com/[email protected]/ > > Mailing list settings: http://kym.net/mailman/listinfo/lug > > To unsubscribe: http://kym.net/mailman/options/lug > > > > The Uganda LUG mailing list is generously hosted by INFOCOM: > > http://www.infocom.co.ug/ > > > > The above comments and data are owned by whoever posted them (including > > attachments if any). The mailing list host is not responsible for them in > > any way. > > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. >
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
