This is an intermediate tech article. It isn't meant as a definitive resource on the subject. If you are a very technical reader, you probably know most of this information. If you are just learning computers this article may be over your head.
Wireless networks have a varying degree of security. From unencrypted "open" networks to very secure corporate networks using WPA2-AES and an authentication server.
If you are using WEP based encryption, have your SSID (network name) hidden, use MAC filtering, or any combination thereof, your network is not protected at all. Discovering hidden SSID's is simple, spoofing (faking) a valid MAC address is simple, and cracking even the longest WEP keys is trivial.
WEP has a gaping security hole, which prompted the creation of WPA (primarly for home use) and WPA2 (primarly for corporate use). WEP encryption is vulnurable during it's initial connection, a hashed copy of the password is appended to the end of the initial authentication packets. If a hacker can collect enough of these authentication packets, they can crack your network key, often start to finish is under 20 minutes.
WPA fixed the problem with WEP's authentication method by mixing in the routers SSID with the key, also WPA has an eight character minimum for it's key. An 8 character key yields roughly 6 quadrillion different combinations of letters and numbers. It would take around 6 months for 1000 desktop pc's to crack the password.
A group of security professionals devised a way to more quickly crack WPA networks by creating a "look-up table" of pre-mutated keys. You may be asking yourself "What the heck is a mutated key?" The answer lies in hashing. In encryption a hash is a one way street, consider the following example using the md5 "hashing" algorithm(mathematical equation):
password --> 5f4dcc3b5aa765d61d8327deb882cf99
Password --> dc647eb65e6711e155375218212b3964
The two hashes (on the right) are different because because the input (on the left) was different (notice the capital 'p'). The hash is the mutated key, this operation is usually done on an as needed basis. A pre-mutated key is when this process is done before it is needed. By creating a huge database of key's and the corresponding hashes, the attacker can use a captured WPA 4 way handshake and look-up the hash and retrieve the key. This reduces the time down to less than two hours for a single modern laptop.
There is a gotcha in the way the security professionals use their "look-up table." Remeber how I said WPA adds the SSID to the key. Consider the following illustration:
privatenet password --> 211f7c25c5d01737df6d07fe8622b393
linksys password --> 3bb726ec2954042f0f98204151ca5b48
By changing the SSID from privatenet to linksys, the hash changed. So what the security team did was create a list of the thousand most popular SSID's and the million most common passwords and created a huge (33GB) "look-up table" (this required about 3 days on a borrowed $50,000 specialized computer system). So if you have a common SSID and a common password you are vulnerable.
One last gotcha! Using free software a hacker can generate a specialized "look-up table" that contains a fair number of common passwords for your SSID in a few days. Therefore the only way to block a determined hacker is to use a purely random wifi password.
When it comes to computer security, think of it like home security. You can have the best alarm system, locks, barred windows, and reinforced doors, but if a thief really wants in there's nothing you can do to stop them. A determined attacker will choose the easiest way to obtain their goals. If that goal is leaching free internet off of their paying neighbors, they'll find a neighbor with a weak network rather than waste their time on a fortified one. If their goal is to make money stealing personal information, they'll pick the easy targets instead of wasting time with a very difficult target. Don't be an easy target use a random WPA PSK (pre-shared key), and change your SSID and network key every 3 to 6 months.
Cheers,
-Bradley Beach (Owner)