From: "Rich Gauszka" 

I sometimes wonder how safe/secure any of them are. The link below is yet
another reason to make sure employees don't visit a porn site

http://iss.tribe.net/thread/b374e675-ad6b-4786-bd6a-4d4c68e5fb00

At DefCon this year the guys from Chruch of WiFi were showing the gear
needed for their dictionary attack. They have a huge dictionary file, that
includes a lot of "strong" passwords and can crack WPA2 in less
then 5 minutes in most cases. The "strong" passwords that are in
their file mostly come from actual passwords used for porn sites. Granted
that most malicious users will not go through the trouble when there are
still tons of open networks, it still remains important to use the
strongest passwords possible, and change them often.

...
The dictionary file that they used was one that had a large amount of used
passwords from porn sites. ones that included numbers and such. Not sure
how they obtained it, but i do know that they break passwords fast. Take a
look here www.churchofwifi.org/ once there seach for wpa2 and click on
cowpatty 4.0 for more info. they don't give the info on their dictionary
file, they spoke of it at defcon though


"Glenn Meadows"  wrote in message
news:464c5444$1{at}w3.nls.net...
>I just read somewhere that TKIP was essentially WEP in a different name,
>NOT WPA.  For WPA, you need to be running AES encryptions. TKIP was for
>compatibility.
>
> (But all of that is way above my pay grade, so I could be obliviously
> incorrect).
>
> (Turns out I AM Incorrect, but below is a paste of the relevant article, I
> stand corrected).
>
> Ah, I think I found the info, it was from a Kim Komando newsletter,
> content pasted below:
>
> Wireless encryption confusion
> In your article from 2006 on wireless security, you recommend using WPA2,
> which you say is also called WPA-PSK. My laptop lists options for WPA,
> WPA-PSK, WPA2, and WPA2-PSK.  Meanwhile, my router doesn't list WPA2 at
> all, but does have WPA-PSK. I've set both the laptop and router to
> WPA-PSK, but am wondering if I should use WPA2-PSK (which would require a
> new router). Are WPA2 and WPA-PSK equivalent, or do I need to upgrade to
> get WPA2?
>
> Awhile back, I wrote steps to encrypt a home wireless network. But the
> steps aren't as specific as I normally like. Router makers often use
> confusingly different terminology and interfaces.
>
> Before continuing, I must apologize to everyone still clinging to their
> sanity. Like the question above, this Tip will be full of acronyms. So put
> on your thinking cap and read slowly.
>
> The question was: Are WPA2 and WPA-PSK equivalent? And the answer is:
> maybe!
>
> Stop laughing. This is going to get worse.
>
> First, let me explain these acronyms. They all refer to encryption. You
> use them to keep others off your wireless network. Without encryption,
> neighbors could easily pick up your signal. They could ride your network
> to the Internet. They might even be able to get into your computers.
>
> The original encryption standard was WEP-Wired Equivalent Privacy. WEP is
> easily broken. So you should never use it. If your router uses WEP, it
> probably can be upgraded to WPA. If not, get new equipment. WEP is
> dangerous.
>
> The wireless industry realized several years ago that it had to act. It
> developed WPA-Wi-Fi Protected Access. This was an interim standard. It
> actually uses the same encryption as WEP. But it changes the key
> frequently. WPA is safe, so long as you use a long password. It should be
> 22 characters or more.
>
> The final standard was WPA2. This standard uses AES (Advanced Encryption
> Standard). AES is unbreakable. So WPA2 is the preferred method of
> protection. If WPA2 (Wi-Fi Protected Access, second generation) is listed
> in a router's options, it should be used.
>
> To answer your question, the WPA-PSK option depends on the router. (PSK
> means pre-shared key.) Older routers may use WPA-PSK for both WPA and
> WPA2. If so, they should allow you to further specify either TKIP
> (Temporal Key Integrity Protocol) or AES. AES is the type of encryption
> that indicates WPA2. TKIP is always used by WPA.
>
> The most common variations of WPA or WPA2 include PSK, AES, TKIP, Personal
> and Enterprise.
>
> PSK is interchangeable with Personal. Both require you to manually enter
> your network's key or passphrase on each of your computers. In other
> words, the key is shared before you connect.
>
> Businesses don't spend time manually setting keys on all their machines.
> Instead, they typically use a server to manage secure connections. This
> type of setup is WPA or WPA2 (no PSK). Some routers add the word
> Enterprise for clarity.
>
> Now, TKIP is part of WPA, but it is not a type of encryption. You might
> recall, if you're still awake, that WPA uses the same encryption as WEP.
> However, TKIP frequently changes the key of the encrypted signal. The
> result is a moving target that is harder to crack.
>
> Because WPA uses the same encryption as WEP, it can be used on old
> hardware. Equipment originally designed for WEP can be upgraded for WPA.
> The upgrade is often just a download from the manufacturer.
>
> WPA2 and its AES encryption, however, require modern hardware. It's
> important to look for WPA2 certification before you buy a router. You can
> find more information in my wireless router buying guide.
>
> You can also check the Wi-Fi Alliance site for a thorough list of tested
> and certified products. Each listing specifies WPA or WPA2 certification.
>
> --
>
> Glenn M.
> "Rich Gauszka"  wrote in message
> news:464ba934$1{at}w3.nls.net...
>>I switched my router to TKIP only ( WPA ) trying to resolve my atheros
>> chip panic problem on the Macbook several days ago ( mentioned as a
>> possible unofficial fix ) . I haven't had a panic yet but I also stopped
>> iTunes from doing an auto update on podcasts which may have contributed
>> to the panic
>>
>>
>> mike wrote:
>>> WPA or WPA/2?
>>>
>>>
>>> On Wed, 16 May 2007 19:47:13 -0400, "Rich Gauszka"
>>>  wrote:
>>>
>>>> PClinuxOS was the first live cd  that I was able to configure my
>>>> Toshiba's
>>>> wireless ( WPA ) on boot. For some reason the Unbuntu 7.04
livecd would
>>>> just
>>>> let me configure for WEP. Not good when you're doing WPA
>>>>
>>>> http://www.pclinuxos.com/index.php?option=com_frontpage&Itemid=1
>>>>
>>>>
>>>> good review of Linux  live cds at
>>>>
>>>> http://www.osnews.com/story.php/9569/Linux-LiveCD-Roundup
>>>>
>
>
>

--- BBBS/NT v4.01 Flag-5