On Wed, 31 Jul 2019 10:43:48 +0300 Reco <recovery...@enotuniq.net> wrote:
> Hi. > > On Tue, Jul 30, 2019 at 07:06:08PM -0400, Celejar wrote: > > On Mon, 29 Jul 2019 13:57:25 +0300 > > Reco <recovery...@enotuniq.net> wrote: > > > > ... > > > > > WPA2's (that's your conventional WiFi standard) secure configuration is > > > fiendishly difficult. > > > > I take your point, but "fiendishly difficult"? I think you're > > exaggerating. > > WPA Enterprise. 802.1r. An "interesting" choice between CCMP and TKIP > (yep, it's hardware dependent). De-authentication attacks. "Evil twin" > attacks. > > I meant it when I wrote "fiendishly difficult". I'm afraid that I'm missing your point. The context here was a home user choosing between wifi and wired ethernet, and you are arguing that configuring wifi securely is fiendishly difficult. Why are we talking about WPA Enterprise, as opposed to PSK? > > > You have beacon frames that are broadcasted without any encryption. > > > > True, but is there any evidence that this constitutes a security risk? > > Some people believe that hiding AP name gives them another layer of > security. Beacon frames prove otherwise. Certainly, but that has no bearing on the underlying question of whether wifi can be configured to be tolerably secure in a reasonably straightforward fashion by a home user. > > > You have authentication frames that can be intercepted (so WPA > > > passphrase can be bruteforced). > > > > Lots of things (such as TLS, ssh) can theoretically be brute forced - > > the question is whether such brute forcing is sufficiently practical to > > be a threat. I have seen nothing to indicate that properly configured > > WPA2 can be realistically brute forced. > > For WPA2 it's not that hard really, assuming pre-shared key usage. > Can be expensive (all those videocards and ASICs have their cost), but > definitely doable. I'd be interested in seeing some real-world studies, or simply just a mathematical analysis of how much hardware would be necessary to crack a good WPA2 password. I've seen lots of sites explaining how to use hashcat with a GPU, and various real-world tests on lists of hashed passwords (e.g., [1]), but can you provide a serious analysis of the practical cost, in time or hardware, of cracking a real-world WPA setup? > You have several encryption algorithms, but: ... > > > b) You may have a hardware that lack support for a good ones. > > > > I suppose, but my impression is that most hardware from the last few > > years is fine. > > Cheap smartphones and tablets. Whatever they put instead of a proper This misses the point - we're comparing ethernet to wifi. Cheap smartphones and tablets aren't usually going to support ethernet. > WiFi in printers (yep, I'm looking at you, HP). Oh, D-Link and Linksys. > There are *always* some exceptions to "newer is the better" rule. D-Link and Linksys don't support WPA2-PSK with AES? [1] https://arstechnica.com/information-technology/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ Celejar
