Andrew VanderVeen

Source: http://flickr.com/photos/nzdave/250990923/

Since WEP is extremely simple to crack, WPA/WPA2 has become the most common way to secure wireless networks. However, recently a Russian research team found a method to speed up WPA/WPA2 cracking by 20 times, which means that cracking the average network just got a whole lot easier. Apparently this Russian team can crack WPA keys “in days or weeks instead of years”, I’m guessing that this is with a poorly chosen password like a standard english word. Even though it takes days or weeks for a bad key to be cracked, this still has IT people worried.

There’s an easy way to solve the problem of brute-force techniques though. My proposition involves two keys, here’s how it works:

1. Hacker tries to guess the key for a network (brute force)
2. After “days or weeks” he gets the first passkey correct
3. The system requires a second passkey
4. After 1 failed attempt at guessing the key, the router automatically changes the first passkey to a hex string 64 characters in length.
5. Repeat.

In this way the average user can get onto their network simply by knowing two keys, in fact they really only have to remember one. The second one doesn’t even have to be hard to guess, as they router only allows 1 attempt. After successful authentication a user can set his computer as white listed on the router to only require the 2nd passkey–which never has to change.

In this way a hacker has to guess a password in 1 try or they have to repeat the process of brute forcing a random 64 character hex string, this could happen as many times as there are possible passwords. So now the time it takes to crack a network is much more difficult. In fact if it took, say, 10 days to crack the network before, and the chances of cracking the second key are 1 in 218340105584896 (and that’s only an 8 character alphanumeric key), then it will take the hacker up to 10*218340105584896 days to crack they key. With this method it’s impossible to crack a network and legitimate network users don’t have to remember a difficult key, it can even be a simple, memorable, one-word key because of the exponentially increasing time for cracking.

In fact, if they were to pick one word out of the very dictionary (with 218,632 words–Oxford) the hackers were using the bruteforce, it would still take up to 2,186,320 days to guess it.

Source: http://www.flickr.com/photos/t1ger/2394174394/

Source: http://www.flickr.com/photos/rickharris/59188613/

This is the default background image that came with the Aeros theme.

Source: http://thebuckmaker.com/aeros

I’ve finally gotten around to creating my first personal website, and here it is. I still have to do some tweaking, or I might just scrap this setup and redo it, but that all depends. Right now I’m thinking about scrapping this background and getting something different. If you have an interesting background, link to it in a comment and I might use it.

Eventually I plan on posting any work I’ve done with programming and web development as well as any other personal hobby stuff. I might get around to making a portfolio page and/or a resume page too. For now, I’m just going to take care of the back-end of this site and leave this filler post up to fill in the blank front page.

If you have any suggestions or comments on this site so far (how do you like the theme?), leave a comment.