Processor | Time | Cost |
Hackers can scale the hack fairly easily in an almost linear progression. In simple words — the time taken to find a password can be reduced by the number of processors.
Processor | Time | Cost |
Hackers can scale the hack fairly easily in an almost linear progression. In simple words — the time taken to find a password can be reduced by the number of processors.
WiFi radio airwaves are available to any user, however, to secure networks, the WPA (Wi-Fi Protected Access) standard was developed, at the current relevant standard is WPA3.
WPA allows you to set a password on a WiFi network, to put it crudely, this password is a cipher for all WiFi traffic within the channel for this network. This means that hackers can still intercept network traffic, but without the password they cannot decrypt it.
When initialising a connection with the correct password, WPA provides for the exchange of private keys with the user, this is called a handshake. By intercepting the handshake, a hacker can «pick the password from its cast. To put it simply and crudely, there is no password in a handshake, there is its shadow. It is impossible to determine a password from the shadow, however, it is quite easy to get the shadow from any password. A hacker gets the shadow from the password 12345678 and compares it with the shadow he got from the handshake. If your WiFi password is 12345678, then the shadows will match.
Thus, hackers can «pick» passwords by simple brute force, i.e. get shadows from 00000000, 00000001, 00000002, etc. This kind of attack is called bruteforce.
As is not difficult to guess, the longer the password, the harder it is to«pick». That is why in 2000 year, when the WPA format was developed, its founders set a restriction — the password must be at least 8 characters long. At the time, it seemed to be a permanent defence against picking. But «then», these are the times where Intel's flagship was a single-core Pentium III 866Mhz. Modern GPUs like Nvidia 4090 are thousands of times more powerful, and picking a password of even 8 characters is not such a difficult task anymore.
By intercepting a handshake, and for this hacker just needs to be close to your network (for example, it can be a neighbour's child), most often the hacker is able to «pick» your password, spending only $100.
Someone will say: «I am not greedy. If a neighbour's child is so advanced that he can launch such an attack — I ll be happy for him». And what if I tell you that having a password from your network, a neighbour's child can not only communicate with terrorists from your network, for example, but also intercept all your traffic? In the https era, of course, this is not very relevant, but only on the side. For example, it won t be able to read your correspondence in mail or Facebook, however, it will be able to detect your porn sites, calculate with accuracy up to a byte how much traffic and time you spend on YouTube, will be able to see your VPN connections and so on.
Moreover, you can set yourself a 12-character password (which is not quite right, more details in the next article) with a lot of special characters, which would take many thousands of years to find at current capacities. But you are completely calmly entering passwords from «public» networks. Say, for example, a hotel has a simple password 12345678, you enter it without a second thought and forget about the fact that any of the guests of this hotel, knowing the password, can intercept and decrypt your traffic. Again if you use https, a hacker will not be able to read your correspondence or find out what pornographic film you watched last night before going to bed, but he will know exactly what resources you ve visited and how much time/traffic you ve spent on them.
You re unlikely to be thrilled that any essentially passerby will be able to know exactly what resources you re visiting + will be able to use your internet. If it's the neighbour's kid and he s just doing it for fun, that's nice. But what if your network is being used for illegal operations? What if there's a knock on YOUR door tomorrow asking why you ve been downloading child pornography?
Someone will say: «Yes Who needs me? Yes who will bother? ». Firstly, you need ) otherwise Facebook, Google and Apple would not collect all information about you by bits and pieces. Secondly, in 2022, the most populous altcoin, Etherium, switched from proof-of-works to proof-of-stake. If you didn t understand a word in the last sentence, just imagine that «miners» used to earn money from video cards, and now they ve been completely deprived of that income. On the main page I m providing calculations for one nvidia 4090 graphics card, but now imagine that millions of the most powerful graphics cards around the world a year ago lost«earnings» and are hanging around doing nothing.
Sorry if we ve scared you. In fact, it is not all so sad, and it is possible to be quite safe inside your WiFi network and «invisible» in the public one.
Forget about WiFi passwords, you don t need them anymore. All you need to do is to generate 1 times a password with a length of 63 characters (this is the maximum value for a password in WPA), including ASCII special characters that are not present on the keyboard, and generate a QR code for your network. All modern smartphones can read QR codes, you will only need to take a picture of QR code or print it to «share it.
In own WiFi network you can switch router to WPA2/WPA3 security mode (if your router can this). It won't guarantee safety, but it can secure modern devices.
Enter SSID (WiFi network name) and couple of time regenerate password. Copy password and change on your router. Make photo of QR code and save it to favorite. Now, when you need to share your password with your family or friends, just share it via the standard iOS/Android tools, or show them the QR code.
For old, IoT or TV devices, use different network, most modern routers can do this.
Use WiFi networks outside your home (outside your network) — only via VPN. Many modern routers are able to create a VPN server, so it s not difficult to do if you have a stationary computer at home, which is always switched on and always in the network. It can be a single-board computer like RaspberryPI, which costs inexpensive and takes up no space. You should make it a rule to use the Internet via WiFi only via VPN from your home. Any passerby and hotel guest will still be able to intercept your traffic, knowing the hotel password, but for them it will be encrypted VPN traffic, which will definitely be useless without access to your VPN.
I ve got it all figured out! Thank you! It seems I d like to help the project, how can I do it?
The aim of the project is to make the Internet safer. In the modern world, WiFi is the main provider of the Internet, and we, the development team, understand both the problem and ways to solve it.
If you want to help the project, we could really use your language skills ) We want to translate this project into as many languages as possible, so that everyone knows about WiFi security.
If you re proficient in JavaScript, you re welcome to help the project with code.