Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] comcast wifi question

> From: at [mailto:discuss-
> at] On Behalf Of Eric Chadbourne
> I do not think that is accurate.  Probably nobody around me knows my wifi
> password.  Cracking wifi is hard. Not like it used to be. Try it sometime.

In the old days of WEP, they just simply screwed up all the crypto.  In the modern days of WPA2 based on passwords - the weak point is the password.  You can brute force guess passwords millions per second, which means the password itself needs to have something on par with >100 bits of entropy to withstand the brute force hack.  While this is distinctly possible, it's definitely unusual.

If instead you're doing cert-based authentication, WPA2 Enterprise / EAP/TLS and similar, then modern wifi is very strong.

> Let me change the question to, if I access an evil access point will my vpn
> protect me from their mnm / DNS crackery?

Depends on their form of attack.  If they have control of a CA trusted by your VPN client, then they can still attack you.  And without any additional effort, I'll just say, they can probably come up with some additional attacks - but they are mostly kind of obscure and/or difficult.

For example, if you were using a Linux client, and have not patched shellshock, then before your VPN is even connected, they can already own you.  Perhaps some other similar attacks might exist.  And of course, lots of services (your mail client, dropbox client, etc) will automatically connect to the internet as soon as  a connection is available.  You might have to take care to connect your VPN before any automated services have the possibility of trying to use the internet...

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /