security wireless network: Cryptographic Hash Functions

LINUX DISTRIBUTIONS

The most known is backtrack versions(3 and 4) i will use backtrack4 another distributions wifiaway,wifislax.,everyone of them its specialase in auditoria of wireless network with a lot of programas like: airodump-wireles network scanner aircrack-its use to crack wep pass wireshark-internet traffic escanner It is a simple 3 examples of 3 programs from linux distributions you ask me how did this work how a hacker can use this to penetrate my wireless network: first one we need to download backtrack4http://www.backtrack-linux.org/ this is the link were you can download any backtrack you wish,try with live cd you can install backtrack into your sistem using a virual machine like VMWARE http://www.vmware.com/ this is the oficial site of vmware you need to download wmware workstation 7 you can use 30 days this program afree if you will subscrib (its free)i will put a video on youtube about how to run backtrack4 in vmware its very simple to do this. The youtube movie its show you how can a hacker crack a wireless network(wep key). The second video its about how can you run backtrack4 in vmware its very simple

SNIFFING PROGRAMS

Once penetrade the network the hacker can use snnifing programs such as cain&abel, wireshark,to see the internet trafic into the network with the final goal to steal your passwords. For now i will present only this two programs: cain&abel-its a complex program how has a sniffing tool and a crack tool. The basic idea in the traffic interceptation is that the attacker is interposed between the router and pc atacked so that traffic passes to the attacker pc first and then go to the router,this is the basic idea.i will put an video on this program,one more thing-i use this program under windows. wireshark-its almoust the same tipe that the first one but in this you will need to process a huge cantitate of data.This one its cames with backtrack4 but also can you use under windows.

WHAT CAN WE DO?

As you can see the tools hackers are diverse and complex as I illustrated above and is only a small part of the multitude of ways that we can be attacked, I think we should show more interest in everything around us and especially to new Wireless technology is the future because I believe that the transmission and receipt of data. How can we defend against these attacks, I have some advice: -If you have a wireless router and its has an wep key to have acces change it into an wpa key(choose a key that is not into the dictionary -phone number f.g) -check if at yor network are conected other pc that you know it If you connect through a public Internet network try to keep on mind that someone can spy on you and he can see what password that you type so dont type important psswords(such paypal pass)

lunes, 1 de marzo de 2010

Cryptographic Hash Functions

Can symmetric cryptography meet the requirements of the Biba model, based on the data integrity checks and proper authentication?

The answer is "yes," but in a very inefficient way. Recall the practical authentication example with the UNIX (well, Linux in our case) password encryption flaw when DES in ECB is used. Of course, any of the feedback modes or 128-bit block ciphers can be used instead of DES, with the obvious performance penalties. However, in our example, MD5 scales very well. This part of the chapter is devoted to ciphers like MD5, known as cryptographic hash functions. A cryptographic hash function is an algorithm that takes a message of custom length and produces a fixed-length output, called a fingerprint or message digest. Cryptographic hash functions are also called one-way functions, because they are designed in such a way that obtaining the original plaintext is nearly impossible and truly computationally unfeasible (in theory, anyway).

A good example of practical one-way function use is packet integrity preservation. Traditional insecure packet or frame checksums are usually calculated as the bit length of a protocol data unit (PDU) divided by a prime number. A cracker can modify the data inside of the packet and easily adjust the checksum to match the new packet content. With a cryptographic hash function substituting the checksum, such a task is simply impossible as long as the hash function is strong and correctly implemented. Many packets will pass until the cracker eventually gets the job done and, most likely by that time the packet's protocol will become obsolete. An example of such improvement is Michael (MIC) in TKIP, which replaces a traditional CRC-32-style integrity check vector (ICV) used by WEP. Michael is not exactly a one-way hash; it is closer to the hash-based message authentication codes (HMACs), which we review later.

The design of a strong cryptographic hash function depends on the size of its output (the larger, the better, but using huge data fingerprints is impractical) and avoiding collisions. A collision is a condition in which you can find two different strings of data (messages) that produce the same hash function output: if x != x', hash(x) = hash(x'). If a collision is possible, then x can be successfully replaced by x', and a whole class of attacks on the function, called birthday attacks, becomes possible. Birthday attacks are based on a well-known statistical problem known as the birthday paradox. You need an estimated 253 people in the room for the chance to be greater than even that one of them shares your birthday. However, you need only 23 people in the room for the chance to be greater than even that at least two of them share the same birthday. That is because with only 23 people in the room, there are still 253 different pairs of people present!

How does one brute-force a hash function? By taking various data (usually a dictionary), hashing it with the same function, and diffing the result with the hash you brute-force until you get the same hash. If you have to brute-force 2^x messages, but find two messages that hash to the same value, you have to brute-force 2^x/2 messages, a huge difference!

No hay comentarios:

Publicar un comentario

attack methods

ACCESS POINT CLONE (Evil Twin) Traffic Interception – An attacker fools legitimate wireless clients into connecting to the attacker’s own network by placing an unauthorized access point with a stronger signal in close proximity to wireless clients. Users attempt to log into the substitute servers and unknowingly give away passwords and similar sensitive data. JAMMING- Denial of service attacks are also easily applied to wireless networks, where legitimate traffic can not reach clients or the access point because illegitimate traffic overwhelms the frequencies. An attacker with the proper equipment and tools can easily flood the 2.4 GHz frequency, corrupting the signal until the wireless network ceases to function. In addition, cordless phones, baby monitors and other devices that operate on the 2.4 GHz band can disrupt a wireless network using this frequency. These denials of service can originate from outside the work area serviced by the access point, or can inadvertently arrive from other 802.11b devices installed in other work areas that degrade the overall sign. CLIENT-CLIENT ATTACKS Two wireless clients can talk directly to each other, bypassing the access point. Users therefore need to defend clients not just against an external threat but also against each other. File Sharing and Other TCP/IP Service Attacks – Wireless clients running TCP/IP services such as a Web server or file sharing are open to the same exploits and misconfigurations as any user on a wired network. DOS (DENIAL OF SEVICE) – A wireless device floods other wireless client with bogus packets, creating a denial of service attack. In addition, duplicate IP or MAC addresses, both intentional and accidental, can cause disruption on the network. Brute Force Attacks Against Access Point Passwords Most access points use a single key or password that is shared with all connecting wireless clients. Brute force dictionary attacks attempt to compromise this key by methodically testing every possible password. The intruder gains access to the access point once the password is guessed. In addition, passwords can be compromised through less aggressive means. A compromised client can expose the access point. Not changing the keys on a frequent basis or when employees leave the organization also opens the access point to attack. Managing a large number of access points and clients only complicates this issue, encouraging lax security practices. ATTACKS AGAINST ENCRYPTACION 802.11b standard uses an encryption system called WEP (Wired Equivalent Privacy). MISCONFIGURATION Many access points ship in an unsecured configuration in order to emphasize ease of use and rapid deployment. Unless administrators understand wireless security risks and properly configure each unit prior to deployment, these access points will remain at a high risk for attack or misuse

security wireless network

search motor

pages

LINUX DISTRIBUTIONS

related links

SNIFFING PROGRAMS

sniffing programs

WHAT CAN WE DO?

lunes, 1 de marzo de 2010

Cryptographic Hash Functions

No hay comentarios:

looking for some software and you did not find,i can help you!

USEFUL PROGRAMS,antivirus,driver finder,video converter ,every week i will update the this page

my wireless equipment

LINUX DISTRIBUCIONS

some pictures

other useful programs

other useful programs

Seguidores

secure an wlan network

profil

blogcatalog

wep crack

packets injection

need to read the below list

attack methods

security wireless network

search motor

pages

LINUX DISTRIBUTIONS

related links

SNIFFING PROGRAMS

sniffing programs

WHAT CAN WE DO?

lunes, 1 de marzo de 2010

Cryptographic Hash Functions

No hay comentarios:

looking for some software and you did not find,i can help you!

USEFUL PROGRAMS,antivirus,driver finder,video converter ,every week i will update the this page

my wireless equipment

LINUX DISTRIBUCIONS

REGISTRATION HERE

some pictures

other useful programs

other useful programs

Seguidores

secure an wlan network

profil

blogcatalog

wep crack

packets injection

need to read the below list

attack methods