On 2013-05-15 00:32, Jim Henderson wrote:
> On Tue, 14 May 2013 18:16:03 +0000, brucewayne507 wrote:
> Providing a tutorial on how to crack wireless security would not be
> overly responsible of us, any more than creating a virus creation toolkit
> would be. Security isn’t implemented through obscurity, but if you really
> want to learn, learning takes more than being given a “how to”, it
> involves understanding the principles of wireless security at a
> fundamental level. Understanding key exchange algorithms and methods, for
> example, is a broader discussion about security we can have here.
openSUSE contains a tool that tries to crack every user’s password,
named “john”. If I remember correctly, it is a software and large
dictionary packaged separately. It is used by the security weekly cron
job “seccheck” if john is available.
It is hugely cpu intensive. I tried it once for curiosity, and had to
remove it after perhaps a day running 100% CPU.
IIRC, if it cracks a password, it emails the administrator and the user
involved - I’m not sure if it actually tells you what the password is,
because the purpose is security, not cracking.
As it is included in the OBS official release, I have to assume that the
package has been accepted by the SUSE legal team.
I’m not interested in cracking a WiFi, but I do know that there is at
least a Linux distribution that specializes on doing it (aircrack?). I
assume that the purpose is finding out if there are weak setups in your
company, not to break them, and then advise the people responsible to
I’ve never used it personally. Owning such tools on some countries is
illegal (Germany?), but I believe that even a network sniffer can be
And even if the tool is not illegal in some countries, using the cracked
password should be illegal anywhere, and if not, highly unethical in any
If you are interested in the technical security aspects of wireless and
other setups, I’m sure that there are communities dedicated to this
(high math knowledge required). Again, I assume that the purpose is
discovering vulnerable encryption algorithms and improving them in
consequence. It is possible that these communities are closed, not
public. Some legislations might require the people doing this to
register with the authorities.
For example, WEP was proved vulnerable; you can find more details in the
wikipedia, and the software used for this (aircrack-ng). The end result
was the development of better methods.
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)