Take, for example, the hundreds of millions of WiFi networks in use all over the world. Between a Netgear WGR617 wireless router and my MacBook Pro. So I got the permission of one of my office neighbors to crack his WiFi password. Paul Allen's Huge Plane, and SpaceX Gets a Crucial Green-light.
![]()
Last week's feature explaining why passwords are under assault like never before touched a nerve with many Ars readers, and with good reason. After all, passwords are the keys that secure Web-based bank accounts, sensitive e-mail services, and virtually every other facet of our online life. Lose control of the wrong password and it may only be a matter of time until the rest of our digital assets fall, too.
![]()
Take, for example, the hundreds of millions of WiFi networks in use all over the world. If they're like the ones within range of my office, most of them are protected by the WiFi Protected Access or WiFi Protected Access 2 security protocols. In theory, these protections prevent hackers and other unauthorized people from accessing wireless networks or even viewing traffic sent over them, but only when end users choose strong passwords. I was curious how easy it would be to crack these passcodes using the advanced hardware menus and techniques that have become readily available over the past five years. What I found wasn't encouraging.
First, the good news. WPA and WPA2 use an extremely robust password-storage regimen that significantly slows the speed of automated cracking programs. By using the PBKDF2 key derivation function along with 4,096 iterations of SHA1 cryptographic hashing algorithm, attacks that took minutes to run against the recent LinkedIn and eHarmony password dumps of June would require days or even weeks or months to complete against the WiFi encryption scheme.
What's more, WPA and WPA2 passwords require a minimum of eight characters, eliminating the possibility that users will pick shorter passphrases that could be brute forced in more manageable timeframes. WPA and WPA2 also use a network's SSID as salt, ensuring that hackers can't effectively use precomputed tables to crack the code.
That's not to say wireless password cracks can't be accomplished with ease, as I learned firsthand.
I started this project by setting up two networks with hopelessly insecure passphrases. The first step was capturing what is known as the four-way handshake, which is the cryptographic process a computer uses to validate itself to a wireless access point and vice versa. This handshake takes place behind a cryptographic veil that can't be pierced. But there's nothing stopping a hacker from capturing the packets that are transmitted during the process and then seeing if a given password will complete the transaction. With less than two hours practice, I was able to do just that and crack the dummy passwords 'secretpassword' and 'tobeornottobe' I had chosen to protect my test networks.
Brother, can you spare a deauth frame?
To capture a valid handshake, a targeted network must be monitored while an authorized device is validating itself to the access point. This requirement may sound like a steep hurdle, since people often stay connected to some wireless networks around the clock. It's easy to get around, however, by transmitting what's known as a deauth frame, which is a series of deauthorization packets an AP sends to client devices prior to it rebooting or shutting down. Devices that encounter a deauth frame will promptly rejoin an affected network.
Using the Silica wireless hacking tool sold by penetration-testing software provider Immunity for $2,500 a year, I had no trouble capturing a handshake established between a Netgear WGR617 wireless router and my MacBook Pro. Indeed, using freely available programs like Aircrack-ng to send deauth frames and capture the handshake isn't difficult. The nice thing about Silica is that it allowed me to pull off the hack with a single click of my mouse. In less than 90 seconds I had possession of the handshakes for the two networks in a 'pcap' (that's short for packet capture) file. My Mac never showed any sign it had lost connectivity with the access points.
I then uploaded the pcap files to CloudCracker, a software-as-a-service website that charges $17 to check a WiFi password against about 604 million possible words. Within seconds both 'secretpassword' and 'tobeornottobe' were cracked. A special WPA mode built-in to the freely available oclHashcat Plus password cracker retrieved the passcodes with similar ease.
It was the neighborly thing to do
Cracking such passcodes I had set up in advance to be guessed was great for demonstration purposes, but it didn't provide much satisfaction. What I really wanted to know was how much luck I'd have cracking a password that was actually being used to secure one of the networks in the vicinity of my office.
So I got the permission of one of my office neighbors to crack his WiFi password. To his chagrin, it took CloudCracker just 89 minutes to crack the 10-character, all-numerical password he used, although because the passcode wasn't contained in the entry-level, 604 million-word list, I relied on a premium, 1.2 billion-word dictionary that costs $34 to use.
My fourth hack target presented itself when another one of my neighbors was selling the above-mentioned Netgear router during a recent sidewalk sale. When I plugged it in, I discovered that he had left the eight-character WiFi password intact in the firmware. Remarkably, neither CloudCracker nor 12 hours of heavy-duty crunching by Hashcat were able to crack the passphrase. The secret: a lower-case letter, followed two numbers, followed by five more lower-case letters. There was no discernible pattern to this password. It didn't spell any word either forwards or backwards. I asked the neighbor where he came up with the password. He said it was chosen years ago using an automatic generation feature offered by EarthLink, his ISP at the time. The e-mail address is long gone, the neighbor told me, but the password lives on.
No doubt, this neighbor should have changed his password long ago, but there is a lot to admire about his security hygiene nonetheless. By resisting the temptation to use a human-readable word, he evaded a fair amount of cutting-edge resources devoted to discovering his passcode. Since the code isn't likely to be included in any password cracking word lists, the only way to crack it would be to attempt every eight-character combination of letters and numbers. Such brute-force attacks are possible, but in the best of worlds they require at least six days to exhaust all the possibilities when using Amazon's EC2 cloud computing service. WPA's use of a highly iterated implementation of the PBKDF2 function makes such cracks even harder.
Besides changing the password every six months or so and not using a 10-digit phone number, my neighbors could have taken another important step to improve their WiFi security. WPA allows for passwords with 63 characters in them, making it possible to append four or five randomly selected words—'applesmithtrashcancarradar' for instance—that are easy enough to repeat to guests who want to use your wireless network but are prohibitively hard to crack.
Yes, the gains made by crackers over the past decade mean that passwords are under assault like never before. It's also true that it's trivial for hackers in your vicinity to capture the packets of the wireless access point that routes some of your most closely held secrets. But that doesn't mean you have to be a sitting duck. When done right, it's not hard to pick a passcode that will take weeks, months, or years to crack.
With odds like that, crackers are likely to move onto easier targets, say one that relies on the quickly guessed 'secretpassword' or a well-known Shakespearean quote for its security.
LightUp is the only SketchUp renderer that uses object-based rendering. This means you get stunningly accurate and beautiful results instantly inside the SketchUp window.The speed of LightUp makes it perfect for the way designers work. You can tweak and iterate your models and immediately see results. There's no waiting around for minutes or hours as with old-fashioned ray-tracing renderers.Move the camera around your model and watch everything render perfectly in real time.Create fly-through movies and export a file that can be played by your clients in their web browser.Whether you're working on product visualisations, architectural designs or immersive 3D experiences, LightUp gives you speed, quality and simplicity in a single SketchUp extension.LightUp gives the ability to have realtime walkthrough and flythough of your fully lit model, all running inside the SketchUp window. Simply place light sources in your Sketchup model switch to Touring mode and you can explore how your model looks from any angle. Change the time of year / time of day to perform shadow analysis using the advanced Rayleigh sunlight model.Add a 3D backdrop in the form of a Skybox or HDR Panorama images to situate your model in a realistic surrounding.
Use SketchUp Scenes tabs to author a scripted navigation around your model or take manual control and walk around your model to get a realistic sense of how your lighting works.Simple Dynamic Components are supported in Touring mode, so for example doors can open automatically as you approach to give a seamless navigation.While Touring your model, you can create instant High Resolution Stills from the current viewpoint so you can iterate quicky through a whole range of ideas. Resolution of Stills is only limited by available memory - presets for common 300dpi page sizes are available as well as standard 1920x1080, 3840x2160 sizes.
![]()
All of these can optionally produce the accompanying floating point depth maps to allow further post processing.As well as anti-aliased still images, LightUp can create AVI Movies of your model in a fraction of the time of traditional rendering packages right up to 1280x720 HD format. Advanced features such as motion blur are supported for a natural look.Instant one-click exporting of Panoramas in a variety of layouts is also supported and can be used as Skyboxes within subsequent LightUp models or used to produce Quicktime VR files to share with others.Exporting your lit Sketchup model is supported using Autodesk FBX files which can then be imported into other Applications that support multi-layer materials. A one-click export/import workflow is supported for the popular Unity game authoring system.Adding light sources to your model is quick and simple and requires just placing a SketchUp Component at the position you want a light source and editing its lighting properties.
Entering a Lumen value for your light source gets you started in seconds. Adding an IES luminaire definition file (available online from most manufacturers), allows you to evaluate lighting using real fittings. IES Type A, B and C light types are supported in LightUp making it ideal for both interior and exterior lighting design. Tools for orienting/targetting entire groups of lights make light rigging super quick as does the ability of LightUp to filter all light sources through any gobo or indeed any non-opaque materials the light passes through.Naturally, Area lights are supported with controls for both Lux (Lumen/square meter) as well as spread angle.The Rayleigh sunlight model provided by LightUp can be tweaked both in terms of Power and Turbidy to get the look you want as well simply being disabled. A powerful feature of LightUp is Image based Lighting which will use you backdrop as a global light source to illuminate your model. This technique ensures you have lighting that is complex and yet naturally blends with the backdrop.
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |