We got a fascinating piece of spam today from free wifi robin dot com. It brings up interesting security concerns. Their product helps one get on wifi networks, it is unethical and looks very slick. Not the kind of free we recommend.

Basically the $160 solution will crack WEP WiFi networks. Due to the crummy nature of the encryption, capturing enough WEP traffic will allow anyone to crack the WEP encryption in 20 minutes. This means if your network uses WEP it can be cracked, exposing your machines. Apparently this wifi cracker also has a powerful antenna, so it can connect over a wide radius.

The way to solve this is to not use WEP, but WPA.

This bring up the problem of whether WPA can be cracked. It can, but it takes a while. (WPA2 AES is the best encryption – however, and takes the longest, and may not be easily crackable.)

What basically happens is that the cracker will monitor your encrypted connection and force you to re-authenticate. When you re-authenticate, which you probably won’t notice, that data can be saved to the hackers computer and cracked at their leisure. Basically they’ll run a brute force attack – trying every possible combination. It may take a while, but today’s computer are very powerful. One can even use graphics cards to speed up processing. Any password less than ten characters might be easy to crack that way. (Most people use only the 26 lowercase letters and ten numbers to make a password, therefore a password of 6 characters is one of only 2,000,000,000 combination’s. From a computer’s perspective this isn’t very many combinations.)

One is advised to use long passcodes – longer the better.
Passphrases are good –
itwasadarkandstormynight would probably work.

If you want to keep people off your Wi-Fi, don’t use WEP use WPA2 AES, or WPA and create a longer password.