Privacy

42561 readers

667 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

Is connecting a Windows computer to your wired network worse than keeping it on Wi-Fi? (lemmy.ml)

submitted 1 day ago by HiddenLayer555@lemmy.ml to c/privacy@lemmy.ml

19 comments fedilink hide all child comments

I'm not that knowledgeable on networking, but I do remember that if a device is connected to a wired network, it can end up receiving packets not meant for it because switches will flood all the ports for packets they don't know how to route. But I also heard that Wi-Fi is supposedly smarter than that and a device connected to it should never receive a packet not meant for it.

Is this true? And in practice, does this mean it's preferable should keep computers with invasive operating systems (which might decide to record foreign packets sent to it in its telemetry) on Wi-Fi instead of on the wired network?

Also, how exactly does Wi-Fi prevent devices from receiving the wrong packets when it's a radio based system and any suitable antenna can receive any Wi-Fi signal? Does each device get assigned a unique encryption key and so is only capable of decrypting packets meant for it? How secure is it actually?

you are viewing a single comment's thread
view the rest of the comments

[–] irmadlad@lemmy.world 5 points 1 day ago (1 children)

If someone wanted to they could park near your house and run aircrack

Aircrack-ng can only try to guess the simple shared password (pre-shared key). So when you run your airodump-ng, it's got to show the network as having type PSK, or you're pissing up a rope. With WEP, you could collect IVs, however, with WPA/WPA2, there are no IVs to collect. So you have to guess the password one by one. The only clue you get is when a device performs a handshake with the Wi-Fi. You need to capture that handshake to even start guessing. WPA/WPA2 passwords can be/should be quite long, like up to 63 letters, numbers, or symbols. If the password is a simple word like "cat" or "password," aircrack-ng might guess it if it’s in the dictionary.

So it behooves the Wi-Fi owner to create a very long, complicated, password with all the bells and whistles. If you are using WEP, you might as well be holding up a sheet of single ply, no brand toilet paper. Also, turn off WPS and UPnP ffs.

[–] 9point6@lemmy.world 3 points 1 day ago* (last edited 1 day ago) (2 children)

I vaguely remember getting into a WPA network (that I owned!) using kismet about 15 years ago with relative ease, but I'm struggling to remember details about that process.

I also remember reading that WPA2 non-enterprise was broken a while ago, however I just looked into it and both of the main exploits I can find were patchable (and have been patched) at client OS level (They were the KRACK and FragAttacks). Seems like there has already been something found wrong with WPA3 too that's also been addressed.

So yeah as you say back to brute forcing for the most part. Forcing reconnects was a pretty easy way to get more handshakes to record back when I last tried, so I assume that still has decent levels of success, given the prevalence of mesh networks. Looking further it seems people use a tool called hashcat today to get pretty rapid results doing the actual brute forcing using a modern GPU.

But yes very good advice all in all, long passwords and the highest WPA version you can get away with are going to make an attackers job harder.

Thanks for the reply, you got me to go back down an interesting rabbit hole I've not looked at in a while

[–] FauxLiving@lemmy.world 4 points 1 day ago

I vaguely remember getting into a WPA network (that I owned!) using kismet about 15 years ago with relative ease, but I’m struggling to remember details about that process.

The 4-way handshake crack was the only key recovery attack until 2018 when the PMKID-based attack was discovered (here: https://hashcat.net/forum/thread-7717.html). The PMKID crack attack still required brute-forcing the key, but it didn't require the 4-way handshake so you didn't have to depend on a de-authentication attack to get started.

At that time there was another WPA vulnerability, if you were using WPA-TKIP, but it only allowed sending a few small packets every 10-12 minutes so it wouldn't allow you to gain access to the network.

Later there were a few WPS-based attacks but they were slow (4 hours to recover the WPS PIN) and/or limited to specific manufacturers (weak hardware random number generation).

[–] irmadlad@lemmy.world 3 points 1 day ago

but I’m struggling to remember details about that process.

At 71, I struggle sometimes remembering what I had for breakfast. LOL It is a very interesting rabbit hole for me as well. Wasn't trying to correct you, I'm an expert at nothing. Your comment just spurred a memory of a long forgotten era of my life as a wannabe haxor.