What is reaver telling me?
 

Hey LQ,

Some of my friends at University were telling me that wifi security is a joke these days. I wanted to put their opinion to the test and I've been reading up on reaver and it's brute forcing capabilities.

So far I'm 0.9% into cracking the password on my Wifi-hotspot on my Android phone and I keep seeing reaver report that it's trying "pin" numbers.

Mainly I'm just curious how does reaver know it's 0.9% done it's job and what the hell is a pin number. I've never heard of a "pin" number associated with anything computer related.

You may wish to re-read the LQ rules about discussing hacking and other illegal activities. From knowledge, discussions involving illegal activities are forbidden.

What I can tell you is this, it's not 0.9% cracked. It's 0.9% through it's lists of tables, and if your campus is using a Login-Service with even a basic WEP key, you'll never get in even if you crack the passkey.

Plus there's a good chance your campus has some level of logging and intrusion alert system in place, so my advise, quit while you're ahead.

I appreciate your concern, however it's not illegal to crack a password on a device that I control. I'm currently trying this out against my Android phone which is a personal wifi-hotspot. I wouldn't dare brute force the campus! I'm sure I'd be expelled haha.

So when you say it's running through a list of tables, what tables are you referring to? Does reaver have some list of pin numbers in a database or something that are known to unlock a router or something? I'm still not sure what a pin number is.

Rule 14: We, as a community, have no guarantee that you would only be using this information for lawful purposes. The LQ moderators typically frown on these types of posts and discussing password cracking techniques is not tolerated. Besides, even if YOU use the information for 100% legitimate activity, someone else who reads the post may not and this could still become a negative reflection on LQ.

With respect to your other question, regarding tables, what I suspect they are referring to is a concept called rainbow tables. In order to avoid storing passwords directly or transmitting them in plain text, the passwords are hashed using a one way conversion algorithm that always gives the same results for a given input, but the original input can't be deduced from the algorithm output. To get around this problem, crackers have started developing lists of tables that say things like ABC -> 123, DEF -> 345, etc. Therefore, given the hashed value, one can do a lookup of the hashes and get the corresponding original password string. The most widely used hashing algorithm is MD5 which of course has the biggest set of rainbow tables. There are other algorithms like, SHA-1 which have a much higher bit order, making a table much less practical, but the root problem remains. Alternatively, people use 'salt' values with the hashing sums to provide some initial randomization. The result being that you would need a table for each potential salt value. What this means for you is to use a stronger hashing algorithm, salt it, and use a longer password to provide greater variation.

It's still not against the law, however you appear to be correct that what I am doing is probably against the LQ rules. I don't personally understand how a security forum can be complete with out actual real world tests to put your security measures to the test. But I guess that's a discussion for somewhere else. I love LQ and I do not want to anything that would upset the moderators, owners or the community. If such a moderator has an issue with this topic please remove it. I however feel it's a valid post for the above reasons.

Thank you for replying. I think I get what you mean although I don't quite get how the term "rainbow table" is fitting for such a table lol. So is there no real way to secure a wifi network? It sounds like anyone with enough time can break into one which I guess would validate the claims made by some of my friends here.

I'm going to de/re-rail this topic into a technical standpoint for educational purposes without directly going to the actual usage.

The term "rainbow table" means that basically the table tries out all know combinations of letters, numbers, and common keyboard symbols in preset sequences. It's like an advanced dictionary method of attack, but if you use uncommon symbols that require multiple key presses in a certain sequence to activate, it's not that easy and mixtures of upper case, lower case, numerals, and symbols in random patterns of at least a 14+ character sequence can effectively stall a rainbow table out fairly well, if not delay it by at least several days, weeks, months, maybe even years if encryption is used on the password table.

Examples:

password @6c*3f9H1j^1m (an acronym for ABCDEFGHIJKLM) is a fairly strong password with mixed sets of numbers, letters, and symbols in various complexity and organization. A rainbow table could crack this, but the process and time needed would be fairly expansive to say the least.

password dr@g0nfly$600 might seem strong as it's mixed, and lengthy but it's more sequenced in characters and of the same suits. Because less randomness is applied the rainbow table might be able to crack the sequence faster.

Additional things like encryption basically using things like RSA keys can generate what is like a garbage layer basically turning the passwords above into any variable number of symbols some not even normally allowed for passwords making cracking next to impossible.

WPA2-AES is well know for using not only some of the highest levels of encryption available for 802.11 transmission protocols, but for generating a garbage layer so mucked up, to crack it would take in excess of nearly 2.5 million years even with the fastest known super computer setups, some of which involve massive usage of the IBM Cell PowerPC CPUs in clusters with all 8 cores activated, some even paired with AMD 12-core Opterons. In short, AES has yet to be cracked even with it's mere 256-bit encryption layer, the amount of randomness generated is basically a number of 256-bits in length to it's own power calculated.

For your hotspot, the strength of the password overall, and the type of encryption will determine how effective it will be against attacks.

Excellent explanation :D I'll forward my friends to this post. Thank you.