Wireless security client

We all know wireless even with all the WEP and WPA security bells and whistles turned on is not secure - it can usually be broken within a few hours.

My company has had a commercial wireless security product used in offices and company settings that works great, but is too expensive of a solution for the private individual.

A friend of mine and myself took the task on to develop a wireless security client that would meet the following qualifications:

  1. 100% unbreakable encryption 2. Would work from any wireless network in the world, as long as it was connected to the Internet 3. Cheap enough that the millions of home and public wireless users would be able to use it 4. Wouldn't require any additional hardware 5. No security knowledge would be required - download, install, click "secure"

After two months of hard work we've got it all put together. We're looking for users that would like to test and use the security for FREE until we go "live".

The security works 100% during our testing period, there are no features disabled during testing - you get the real deal for FREE.

After we go live with the security client we will pay you $5 per month for every customer that you send our way. You can see how this can quickly add up - 20 referrals is $100 per month. By introducing the wireless security solution to your friends and people you meet at public wifi spots you can easily generate some serious residual income.

To sign up or read more about it, go to:

formatting link

Thanks!

Reply to
/dev/null
Loading thread data ...

Oh, forgot to mention. Put "FREE" as the promotional code to get the client for free.

Thanks!

Reply to
/dev/null

[/begin yawn]

Free? as in $15 a month!?? With that not so subtle "cute little" scam who the h*lls going to trust your encryption?

Oh sure..... [/end yawn]

Reply to
Barbara

Heh. Looks like I forgot more than telling you to put "FREE" in the promo box. You can enter 16 zeros for your credit card if you want.

Even if you put in a credit card it still wouldn't be charged until we go live.

It's free until we go live with it, just like I said. We are looking for people to test it out. Once we go live it's $15/mo.

Reply to
/dev/null

We even changed the signup page to reflect the instructions of entering 16 zeros with the promotional code "FREE".

Thanks for catching this error.

Sorry for any confusion.

Reply to
/dev/null

What's the algorithm that protects the wireless data?

Reply to
David Taylor

x509 PKI for authentication (both the server and the client authenticate against one another)

OpenSSL's EVP for encrypting they data and HMAC-SHA1 for authenticating the data.

Reply to
/dev/null

Not true. WPA with a strong passphrase is quite robust.

There is no such thing, particularly without real expertise in cryptography.

Already exists; e.g.,

  • commercial
  • free

Why should we trust you?

Ahhh... A pyramid scheme.

No thanks.

Reply to
John Navas

FIPS 140-2 approval?

Have you got a product sheet or PDF?

Reply to
David Taylor

formatting link
if you need more, please ask me.

Reply to
/dev/null

*THAT'S* not true. It's actually easier to break into WPA than WEP.

With WEP you have to wait for IVs to be duplicated before you can crack it.

With WPA each client has to initiate the conection in a WEP-similar manner with the WEP key. This critical time is where the packets are collected that use the preshared WPA key. Just like with WEP once enough of these packets are collected the preshared WPA key can be cryptographically determined.

With WEP you have to wait around for enough packets to cross the network. With WPA you pretend you are a client (un-authenticated) and that causes the access point to force all the clients to re-authenticate.

Durring that authentication phase you collect your packets, then cause them to all authenticate again, and again, and again until you have enough packets to discover the key.

With WEP you have to wait for the traffic, with WPA you can force the traffic to happen and discover the key quicker.

Anyway, this is a moot point. 70% of the networks out there don't use anything, public-access points certainly don't, and that's on purpose. Anyone that uses them needs a product like the one we developed. For the roughly 20% that use WEP, it's just a matter of time. With WPA (about 5 -

10%) it can be force broken.

The only WPA we've found that can't be broken is enterprise-grade, and that's cost prohibitive for the end user and public access points will never use it (if they did use it they'd have to hand out free keys anyway, defeating the purpose).

We didn't develop the encryption, we left that up to the experts. We just use what they developed. But thanks for your criticism.

Reply to
/dev/null

Citation? Here's mine -- :

Weakness in Passphrase Choice in WPA Interface By Glenn Fleishman Senior Technical Director ICSA Labs, a division of TruSecure Corp Given the nature of the attack against the 4-Way Handshake, a PSK with only 128 bits of security is really sufficient, and in fact against current brute-strength attacks, 96 bits SHOULD be adequate.

128 bits = 16 8-bit characters. The WPA recommendation is to use more than 20 characters, which is even safer.

That doesn't mean:

  1. You used it correctly.
  2. You have no other vulnerabilities.
  3. You are trustworthy.

All we have on those points is your word.

You're welcome.

Reply to
John Navas

I asked about validations?

Reply to
David Taylor

Easy enough to do an ARP replay to collect packets.

Please humour me, document this attack and the tools used in full. It's new to me, this new "easy" WPA crack because the only ones documented so far are dictionary attacks on the preshared key.

David.

Reply to
David Taylor
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

This is of course just FUD to promote a new business, inappropriately advertised on Usenet.

Reply to
John Navas

I await the details of this highly efficient and obviously repetitive attack on WPA with interest...

:)

David.

Reply to
David Taylor

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.