The studies continue! This has been a busy week, so I only got to cover the theory and practice behind cracking WiFi passwords – WEP, WPA, and WPA2.
WEP cracking is fairly straightforward. Since each transmission contains the key that ultimately has to be cracked, it’s just a matter of gathering enough packets to analyse. Both gathering the packets and cracking they key is done with packages pre-installed in Kali. The cool thing was speeding up the gathering of packets with ARP replay – forcing more authentication packets without the device owners necessarily noticing.
WPA cracking of course is far more complex. The course covers the exploitation of the WPS feature, a far simpler backdoor into a WPA network, but even around here WPS seems to be disabled by default or push-button-only.
For actual WPA cracking, I suppose it’s a testament to its level of security that the recommended attack is still a brute force dictionary attack. It was interesting to see what sort of ready libraries are available for download for testing – compilations of the top 10,000 passwords, actual dictionaries for different languages, and so on.
From my previous life in the corporate world, I have heard most of the horror stories of password policies. This class is the reason why we keep hearing the same ones – “why is the password to the server with our expensive custom software ‘password1’?” A justification for borderline paranoia regarding information security in the modern world is the “password on a post-it note on the monitor” and social engineering. You might have strong passwords and encryption, but those you communicate with may not. So you want to collect data? Carry a clipboard and go anywhere.
I enjoyed the discussions of cryptography and password policies in Neal Stephenson’s Cryptonomicon. And still, at times I feel like D. M. Shaftoe’s character, too paranoid to use cryptography as all, since if something is worth keeping secret, it shouldn’t be shared digitally at all.
My secrets are safe, though. Notebooks, illegible handwriting, and fluency in obscure languages.