Forums | MacLife

Yes, but it's still just as worthless.

Another thread about this? Sheesh people.

Nope same topic. It's just been going on for a while despite a short (couple week) break.

Even if you password was uiweAisfd987y it would EVENTUALLY be cracked.

Macskeeball wrote:

The following is a description of how I personally secured my network.

-NAT router to prevent unsolicited incoming traffic
-UPnP turned off on the router
-Wired where appropriate (desktop) and wireless where appropriate (laptop)
-Wireless is encrypted with WPA-PSK with TKIP (least computationally intensive form of WPA) with an extremely random and 64 character long hex key
-Software firewall on each computer to resist attacks originating from any other computer within the LAN.
-MAC address filtering (easily spoofed)
-SSID hiding (easily sniffed)

While nothing is truly secure (what one mind can create another can destroy) and while "a meteorite could fall out of the sky" (as NAG said in another thread), it's still a good idea to lock the doors to your house. Security is a matter of layers.

No VPN?!  Weak.

MacBoy4139 wrote:

Macskeeball wrote:

The following is a description of how I personally secured my network.

-NAT router to prevent unsolicited incoming traffic
-UPnP turned off on the router
-Wired where appropriate (desktop) and wireless where appropriate (laptop)
-Wireless is encrypted with WPA-PSK with TKIP (least computationally intensive form of WPA) with an extremely random and 64 character long hex key
-Software firewall on each computer to resist attacks originating from any other computer within the LAN.
-MAC address filtering (easily spoofed)
-SSID hiding (easily sniffed)

While nothing is truly secure (what one mind can create another can destroy) and while "a meteorite could fall out of the sky" (as NAG said in another thread), it's still a good idea to lock the doors to your house. Security is a matter of layers.

No VPN?!  Weak.

VPN is overkill for home - just use SFTP for file transfers and SSH tunnels for everything else

Alien wrote:

Macskeeball wrote:

For passwords with maximum complexity (256-bit hexidecimal length, and extremely random) such as mine, there are literally 65,536 billion billion billion billion billion billion billion billion billion billion billion billion billion billion billion billion possibilities (not a typo, nor is it an exaggeration).

There's no such thing as a hexadecimal bit, and you're off by a factor, oh, about 65,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 or so.

,xtG
.tsooJ

What I meant was a 256-bit key in hexidecimal form. As for the amount of possibilites, how many are there then? More? Less? I'll take your word for it then. I was basing it on math I did in a rush based on something I read in a rush (it's finals week).

Edit: Is 256,000,000,000,000,000,000,000,000,000,000,000,000 (2.56 x 10^38) correct?

Last edited by Macskeeball (2006-05-10 2:49 pm)

ConnertheCat wrote:

Macskeeball wrote:

ConnertheCat wrote:

Even if you password was uiweAisfd987y it would EVENTUALLY be cracked.

By long and random I mean something like 66007989485B6E7C791E1060FA906E7AE151A8429A74257484E3A91A2C00608F (not my own, but an example of the sort of passwords randomly generated by https://grc.com/pass) That's the sort of password that I use. I don't have to remember it; Keychain does it for me. With WEP, password strength only went up linearally with length, but with WPA it goes up exponentially. Read my previous posts; I went over this and more already.

For passwords with maximum complexity (256-bit hexidecimal length, and extremely random) such as mine, there are literally 65,536 billion billion billion billion billion billion billion billion billion billion billion billion billion billion billion billion possibilities (not a typo, nor is it an exaggeration).

Still crackable.

Steve Gibson wrote:

If a given computer at a given speed took two seconds to crack a 40-bit key, that same computer would take 35 hours to crack a 56-bit key, one year to crack a 64-bit key, 10 to the 14th years to crack a 112-bit key, and 10 to the 19 years to crack a 128-bit key.

He hadn't even gotten to 256-bit yet. Theoretically, it's possible but in reality the Sun will probably explode first.

Gipetto wrote:

MacBoy4139 wrote:

Gipetto wrote:

VPN is overkill for home - just use SFTP for file transfers and SSH tunnels for everything else

WHOOOOOOOOSH!

Whoosh what? VPNs are more difficult to setup and maintain than SSH tunnels and SFTP, which you have by default in OSX - you don't have VPN by default in all routers on the consumer level.

The comment I made obviously went over your head.  "Whoosh" is the sound it made when doing so.

I don't know why you're suddenly talking about VPNs being overkill when nobody even mentioned them, Gipetto, but I think they are good for security on the road. Currently I just use SSH tunneling for that, but I do plan to set up my own VPN over the summer. College just hasn't left me with a lot of time to do a lot of the things I'd like to do.

Edit: I suppose MacBoy may have said something, but I stopped reading his post several weeks ago. Carry on.

Last edited by Macskeeball (2006-05-10 3:18 pm)

Macskeeball wrote:

ConnertheCat wrote:

Macskeeball wrote:

By long and random I mean something like 66007989485B6E7C791E1060FA906E7AE151A8429A74257484E3A91A2C00608F (not my own, but an example of the sort of passwords randomly generated by https://grc.com/pass) That's the sort of password that I use. I don't have to remember it; Keychain does it for me. With WEP, password strength only went up linearally with length, but with WPA it goes up exponentially. Read my previous posts; I went over this and more already.

For passwords with maximum complexity (256-bit hexidecimal length, and extremely random) such as mine, there are literally 65,536 billion billion billion billion billion billion billion billion billion billion billion billion billion billion billion billion possibilities (not a typo, nor is it an exaggeration).

Still crackable.

Steve Gibson wrote:

If a given computer at a given speed took two seconds to crack a 40-bit key, that same computer would take 35 hours to crack a 56-bit key, one year to crack a 64-bit key, 10 to the 14th years to crack a 112-bit key, and 10 to the 19 years to crack a 128-bit key.

He hadn't even gotten to 256-bit yet. Theoretically, it's possible but in reality the Sun will probably explode first.

2 Seconds to test one string seems pretty long to me.  Even then, you can cut that number by 400% by simply adding another 3 computers onto the job.  You could even remove a few improbable keys (all of one letter, or with only one letter difference) to shorten the time... loosing complete security, but those are less likely to be password.

ConnertheCat wrote:

Macskeeball wrote:

Steve Gibson wrote:

If a given computer at a given speed took two seconds to crack a 40-bit key, that same computer would take 35 hours to crack a 56-bit key, one year to crack a 64-bit key, 10 to the 14th years to crack a 112-bit key, and 10 to the 19 years to crack a 128-bit key.

He hadn't even gotten to 256-bit yet. Theoretically, it's possible but in reality the Sun will probably explode first.

2 Seconds to test one string seems pretty long to me.

No, two seconds to crack a 40-bit key. That's two seconds to test a maximum of 1,099,511,627,776 (2^40) numbers to find the correct one.

Even then, you can cut that number by 400% by simply adding another 3 computers onto the job.

Yes, but the point is that the key can't be simply cracked by someone with a laptop sitting in a car around the corner, no? Not whether it is theoretically possible to garner up the computing power to actually crack the key, eventually.

You could even remove a few improbable keys (all of one letter, or with only one letter difference) to shorten the time... loosing complete security, but those are less likely to be password.

Not if the key is randomly generated.

,xtG
.tsooJ

Alien wrote:

ConnertheCat wrote:

Macskeeball wrote:

He hadn't even gotten to 256-bit yet. Theoretically, it's possible but in reality the Sun will probably explode first.

2 Seconds to test one string seems pretty long to me.

No, two seconds to crack a 40-bit key. That's two seconds to test a maximum of 1,099,511,627,776 (2^40) numbers to find the correct one.

Even then, you can cut that number by 400% by simply adding another 3 computers onto the job.

Yes, but the point is that the key can't be simply cracked by someone with a laptop sitting in a car around the corner, no? Not whether it is theoretically possible to garner up the computing power to actually crack the key, eventually.

And while it's theoretically possible to crack everything else, how often does it happen?  Yeah, thought so...