LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-15-2012, 02:29 PM   #1
wh33t
Member
 
Registered: Oct 2003
Location: Canada
Distribution: Ubuntu Server LTS 14.04.1
Posts: 472

Rep: Reputation: 34
What is reaver telling me?


Hey LQ,

Some of my friends at University were telling me that wifi security is a joke these days. I wanted to put their opinion to the test and I've been reading up on reaver and it's brute forcing capabilities.

So far I'm 0.9% into cracking the password on my Wifi-hotspot on my Android phone and I keep seeing reaver report that it's trying "pin" numbers.

Mainly I'm just curious how does reaver know it's 0.9% done it's job and what the hell is a pin number. I've never heard of a "pin" number associated with anything computer related.
 
Old 10-15-2012, 03:40 PM   #2
ReaperX7
Senior Member
 
Registered: Jul 2011
Location: California
Distribution: LFS-7.6, Slackware 14.1, FreeBSD 10.1
Posts: 3,849
Blog Entries: 15

Rep: Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188
You may wish to re-read the LQ rules about discussing hacking and other illegal activities. From knowledge, discussions involving illegal activities are forbidden.

What I can tell you is this, it's not 0.9% cracked. It's 0.9% through it's lists of tables, and if your campus is using a Login-Service with even a basic WEP key, you'll never get in even if you crack the passkey.

Plus there's a good chance your campus has some level of logging and intrusion alert system in place, so my advise, quit while you're ahead.
 
1 members found this post helpful.
Old 10-15-2012, 03:48 PM   #3
wh33t
Member
 
Registered: Oct 2003
Location: Canada
Distribution: Ubuntu Server LTS 14.04.1
Posts: 472

Original Poster
Rep: Reputation: 34
Quote:
Originally Posted by ReaperX7 View Post
You may wish to re-read the LQ rules about discussing hacking and other illegal activities. From knowledge, discussions involving illegal activities are forbidden.

What I can tell you is this, it's not 0.9% cracked. It's 0.9% through it's lists of tables, and if your campus is using a Login-Service with even a basic WEP key, you'll never get in even if you crack the passkey.

Plus there's a good chance your campus has some level of logging and intrusion alert system in place, so my advise, quit while you're ahead.
I appreciate your concern, however it's not illegal to crack a password on a device that I control. I'm currently trying this out against my Android phone which is a personal wifi-hotspot. I wouldn't dare brute force the campus! I'm sure I'd be expelled haha.

So when you say it's running through a list of tables, what tables are you referring to? Does reaver have some list of pin numbers in a database or something that are known to unlock a router or something? I'm still not sure what a pin number is.
 
Old 10-15-2012, 04:19 PM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Rule 14:
Quote:
Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed.
We, as a community, have no guarantee that you would only be using this information for lawful purposes. The LQ moderators typically frown on these types of posts and discussing password cracking techniques is not tolerated. Besides, even if YOU use the information for 100% legitimate activity, someone else who reads the post may not and this could still become a negative reflection on LQ.

With respect to your other question, regarding tables, what I suspect they are referring to is a concept called rainbow tables. In order to avoid storing passwords directly or transmitting them in plain text, the passwords are hashed using a one way conversion algorithm that always gives the same results for a given input, but the original input can't be deduced from the algorithm output. To get around this problem, crackers have started developing lists of tables that say things like ABC -> 123, DEF -> 345, etc. Therefore, given the hashed value, one can do a lookup of the hashes and get the corresponding original password string. The most widely used hashing algorithm is MD5 which of course has the biggest set of rainbow tables. There are other algorithms like, SHA-1 which have a much higher bit order, making a table much less practical, but the root problem remains. Alternatively, people use 'salt' values with the hashing sums to provide some initial randomization. The result being that you would need a table for each potential salt value. What this means for you is to use a stronger hashing algorithm, salt it, and use a longer password to provide greater variation.

Last edited by Noway2; 10-15-2012 at 04:21 PM.
 
1 members found this post helpful.
Old 10-15-2012, 04:40 PM   #5
wh33t
Member
 
Registered: Oct 2003
Location: Canada
Distribution: Ubuntu Server LTS 14.04.1
Posts: 472

Original Poster
Rep: Reputation: 34
Cool

Quote:
Originally Posted by Noway2 View Post
Rule 14:
We, as a community, have no guarantee that you would only be using this information for lawful purposes. The LQ moderators typically frown on these types of posts and discussing password cracking techniques is not tolerated. Besides, even if YOU use the information for 100% legitimate activity, someone else who reads the post may not and this could still become a negative reflection on LQ.

With respect to your other question, regarding tables, what I suspect they are referring to is a concept called rainbow tables. In order to avoid storing passwords directly or transmitting them in plain text, the passwords are hashed using a one way conversion algorithm that always gives the same results for a given input, but the original input can't be deduced from the algorithm output. To get around this problem, crackers have started developing lists of tables that say things like ABC -> 123, DEF -> 345, etc. Therefore, given the hashed value, one can do a lookup of the hashes and get the corresponding original password string. The most widely used hashing algorithm is MD5 which of course has the biggest set of rainbow tables. There are other algorithms like, SHA-1 which have a much higher bit order, making a table much less practical, but the root problem remains. Alternatively, people use 'salt' values with the hashing sums to provide some initial randomization. The result being that you would need a table for each potential salt value. What this means for you is to use a stronger hashing algorithm, salt it, and use a longer password to provide greater variation.
It's still not against the law, however you appear to be correct that what I am doing is probably against the LQ rules. I don't personally understand how a security forum can be complete with out actual real world tests to put your security measures to the test. But I guess that's a discussion for somewhere else. I love LQ and I do not want to anything that would upset the moderators, owners or the community. If such a moderator has an issue with this topic please remove it. I however feel it's a valid post for the above reasons.

Thank you for replying. I think I get what you mean although I don't quite get how the term "rainbow table" is fitting for such a table lol. So is there no real way to secure a wifi network? It sounds like anyone with enough time can break into one which I guess would validate the claims made by some of my friends here.
 
Old 10-15-2012, 10:55 PM   #6
ReaperX7
Senior Member
 
Registered: Jul 2011
Location: California
Distribution: LFS-7.6, Slackware 14.1, FreeBSD 10.1
Posts: 3,849
Blog Entries: 15

Rep: Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188Reputation: 1188
I'm going to de/re-rail this topic into a technical standpoint for educational purposes without directly going to the actual usage.

The term "rainbow table" means that basically the table tries out all know combinations of letters, numbers, and common keyboard symbols in preset sequences. It's like an advanced dictionary method of attack, but if you use uncommon symbols that require multiple key presses in a certain sequence to activate, it's not that easy and mixtures of upper case, lower case, numerals, and symbols in random patterns of at least a 14+ character sequence can effectively stall a rainbow table out fairly well, if not delay it by at least several days, weeks, months, maybe even years if encryption is used on the password table.

Examples:

password @6c*3f9H1j^1m (an acronym for ABCDEFGHIJKLM) is a fairly strong password with mixed sets of numbers, letters, and symbols in various complexity and organization. A rainbow table could crack this, but the process and time needed would be fairly expansive to say the least.

password dr@g0nfly$600 might seem strong as it's mixed, and lengthy but it's more sequenced in characters and of the same suits. Because less randomness is applied the rainbow table might be able to crack the sequence faster.

Additional things like encryption basically using things like RSA keys can generate what is like a garbage layer basically turning the passwords above into any variable number of symbols some not even normally allowed for passwords making cracking next to impossible.

WPA2-AES is well know for using not only some of the highest levels of encryption available for 802.11 transmission protocols, but for generating a garbage layer so mucked up, to crack it would take in excess of nearly 2.5 million years even with the fastest known super computer setups, some of which involve massive usage of the IBM Cell PowerPC CPUs in clusters with all 8 cores activated, some even paired with AMD 12-core Opterons. In short, AES has yet to be cracked even with it's mere 256-bit encryption layer, the amount of randomness generated is basically a number of 256-bits in length to it's own power calculated.

For your hotspot, the strength of the password overall, and the type of encryption will determine how effective it will be against attacks.

Last edited by ReaperX7; 10-15-2012 at 10:57 PM.
 
1 members found this post helpful.
Old 10-15-2012, 11:49 PM   #7
wh33t
Member
 
Registered: Oct 2003
Location: Canada
Distribution: Ubuntu Server LTS 14.04.1
Posts: 472

Original Poster
Rep: Reputation: 34
Quote:
Originally Posted by ReaperX7 View Post
I'm going to de/re-rail this topic into a technical standpoint for educational purposes without directly going to the actual usage.

The term "rainbow table" means that basically the table tries out all know combinations of letters, numbers, and common keyboard symbols in preset sequences. It's like an advanced dictionary method of attack, but if you use uncommon symbols that require multiple key presses in a certain sequence to activate, it's not that easy and mixtures of upper case, lower case, numerals, and symbols in random patterns of at least a 14+ character sequence can effectively stall a rainbow table out fairly well, if not delay it by at least several days, weeks, months, maybe even years if encryption is used on the password table.

Examples:

password @6c*3f9H1j^1m (an acronym for ABCDEFGHIJKLM) is a fairly strong password with mixed sets of numbers, letters, and symbols in various complexity and organization. A rainbow table could crack this, but the process and time needed would be fairly expansive to say the least.

password dr@g0nfly$600 might seem strong as it's mixed, and lengthy but it's more sequenced in characters and of the same suits. Because less randomness is applied the rainbow table might be able to crack the sequence faster.

Additional things like encryption basically using things like RSA keys can generate what is like a garbage layer basically turning the passwords above into any variable number of symbols some not even normally allowed for passwords making cracking next to impossible.

WPA2-AES is well know for using not only some of the highest levels of encryption available for 802.11 transmission protocols, but for generating a garbage layer so mucked up, to crack it would take in excess of nearly 2.5 million years even with the fastest known super computer setups, some of which involve massive usage of the IBM Cell PowerPC CPUs in clusters with all 8 cores activated, some even paired with AMD 12-core Opterons. In short, AES has yet to be cracked even with it's mere 256-bit encryption layer, the amount of randomness generated is basically a number of 256-bits in length to it's own power calculated.

For your hotspot, the strength of the password overall, and the type of encryption will determine how effective it will be against attacks.
Excellent explanation I'll forward my friends to this post. Thank you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
G-Reaver Mouse not working at all on Mint 13 r@fitiiixxx Linux - Hardware 2 08-09-2012 11:54 PM
What is 'diff' telling me? wh33t Linux - Software 2 05-16-2012 03:27 AM
LXer: Hands-on: hacking WiFi Protected Setup with Reaver LXer Syndicated Linux News 0 01-05-2012 04:21 AM
Just telling everyone who I am Thedrew87 LinuxQuestions.org Member Intro 1 10-01-2006 05:26 PM
Telling FC 5 what TV Tuner I have fstab Linux - Hardware 2 08-01-2006 06:31 PM


All times are GMT -5. The time now is 11:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration