Page 2 of 2
Re: Time to change that default WiFi password
Posted:
Sun Oct 02, 2016 10:52 am
by Fogdude
Yes, the Evil Twin is a tough one. I wouldn't fall for the password phish, but if the Evil Twin gets in...
That's why I use hard wired access at home. I even have guests who bring their computers use a hard wire, rather than wireless. Phones & tablets are the only exceptions, which do leave the opening.
Re: Time to change that default WiFi password
Posted:
Wed Oct 05, 2016 12:25 pm
by Pip
Hard wired with wireless turned off is the obvious safest route Foggy but, in the real world there's more and more wireless devices that people are using. Mobile phones, apps on mobile phone to connect to devices in home while you are away etc.
Wireless connectivity is what people expect now most aren't aware of how vulnerable that "ease of use" can leave them - until something happens. Then they blame anyone but themselves. Hey-Ho that's the world today, it's always someone else's fault. "Where there's blame there's a claim". So sad a reflection on society.
Anyhow, I couldn't get back to this thread earlier as promised as the old congestion issues kicked in over the weekend and when I could I was limited due to other commitments I have.
I've to nip out for about 4 hrs then I have a little project to do for our Little Owlet and then I will finally post what I promised. Althogh with you it's like teaching your grandmother to suck eggs!
Re: Time to change that default WiFi password
Posted:
Wed Oct 05, 2016 12:52 pm
by Fogdude
Hey, I'm always up for a refresher course.!
Re: Time to change that default WiFi password
Posted:
Thu Oct 27, 2016 4:47 pm
by Pip
Being busy with other things ATT I never got around to finishing this thread but here we go.
First I'll show you this standard crack time with default passwords from a site that offers to do it for you (at a small cost) as long as you supply the handshake .cap file. For obvious reasons thae screenshot doesn't show which site.
- Crack Time.png (17.93 KiB) Viewed 9356 times
As you can see the list is not exhaustive but should certainly open your eyes. The reason it is so quick not is not just new generation CPU's and GPU's but Hashcat (I mentioned earlier in the thread) has now been unified. At one time you either used Hashcat and your CPU or OCLHashcat and your GPU, with the new Hashcat you now can use use both at the same time and syncronised!
I won't go into any further detail on that as it's unnecessary, you already get the idea. So now how to secure your WiFi password.
Let's look at the standard for router passwords. By default most (not all) router producer ships with their standard format of either 8 lower case/uppercase/numeric or a combination of them. This is merely for ease of production.
The router though can have it's password changed with anything from 8-64 of the above plus special characters (punctuation,space,@ etc).
So, how do we make it harder for the cracker to get the password? Simple we just increase the time it would take. So, how do we do that?
First what you have to understand is that a hacker won't spend as much time trying to hack a residential connection as they would a business one, it's just not worth it. They would spend more time on the business/corporate one for different reasons.
A lot of so called "experts" say use a passphrase. I agree to an extent but even that can be cracked quicky using a mask dictionary attack in Hashcat (I'm not going into detail on that) but the cure is on the same lines. What you have to do is fool the dictionary attack which uses spaces as well as words.
Consider this passphrase, I love strawberries that's a password of 15 including spaces. Won't take long with a dictionary attack with a mask . So how can we change it to make it harder. How about 1 l0v3 5tr@wB3rr135 all of a sudden the dictionary attack won't work without rules to be applied to substitute numbers and special case for letters.
Now imagine a passphrase of 30+ using the above format (or any you choose which you can remember). Unless you succumb to social engineering they won't have the time nor inclination to target you any more. It's as simple as that.
Re: Time to change that default WiFi password
Posted:
Thu Oct 27, 2016 7:00 pm
by chouette
That's a frigging long password to remember with all these combinations, lol
Re: Time to change that default WiFi password
Posted:
Thu Oct 27, 2016 7:20 pm
by Pip
You don't need to use all those combinations. Just use a phrase and change whichever characters you wish as long as it is at least 2.
Re: Time to change that default WiFi password
Posted:
Sat Nov 26, 2016 8:11 am
by Pip
UPDATEAs I said earlier I'm involved on the ethical side of things in a small way.
We are are presently testing a platform that currently (not at full speed) can make 1.700.000 guesses at any password per second!
That would mean that a standard 8 letter (same case) ISP router password would only take a maximum of 36 hrs to find.
Just saying. A ray of hope for you though, a passwrord made up of 10 letters including 1 capital letter and 1 number would at a rate of 10.000.000 guesses per second take 256 days to crack. Who's going to bother with poor old you at that rate?
Re: Time to change that default WiFi password
Posted:
Mon Nov 28, 2016 7:55 am
by chouette
I'm thinking not many would bother, lol
Re: Time to change that default WiFi password
Posted:
Mon Jan 09, 2017 8:32 pm
by Pip