23,000 IP addresses

Michael Holstein michael.holstein at csuohio.edu
Wed May 11 09:59:08 CDT 2011


> ("it's one in a billion to crack it! beyond a
> reasonable doubt! we dont have anyone anywhere in our IT who could possibly
> crack it!") 

A billion iterations takes what fraction of a second using a high-end
multi-card gamer rig and CUDA? (or for the cheap/lazy, a S3/Tesla instance).

Even for brute-force, although WPA2 is salted with the SSID, 95% of the
time it's still "Linksys". Rainbow tables for the ~140 most common SSIDs
are already available.

I once used GPS and a wifi analyizer to show a map of how large the
possible "cloud" around a standard WRT54G and 2nd floor installation of
the accused's router really was. To make it dumb enough, I used the
pringle's cantenna (literally) instead of a commercial antenna.

The "CSI effect" works when the defense does it too. Juries love to hear
techie stuff these days, it's just that the defense usually can't afford
it. If a sizable community of technical folks were to pro-bono as expert
witnesses, the "presumption of innocence" would return pretty fast.

Cheers,

Michael Holstein
Cleveland State University




More information about the NANOG mailing list