Wireless password (key)?

[Artreid]

I have this new Comcast wireless router that came with 15diget password that
I changed to. Now I cannot remember what I changed it to.
How do find/see my network password

 

[Jeff Layman]

I have this new Comcast wireless router that came with 15diget password that
I changed to. Now I cannot remember what I changed it to.
How do find/see my network password

Is there no button which when pressed resets everything to default values?

 

[Richard]

Artreid,

Click on the "internet connection in the system tray.

"Right" click on the name of your wireless internet connection.

Select "Properties".

On the "Security" tab, there is a "check box" to "show characters". Check
it.

You will now see the actual password characters.

Hope this helps!

 

[Ammammata]

Il Sat, 24 Nov 2012 03:40:31 -0500, Artreid ha scritto:

I have this new Comcast wireless router that came with 15diget password
that I changed to. Now I cannot remember what I changed it to.
How do find/see my network password

if your password is stored in the computer, you can try with the wireless
key view from nirsoft

 

[Michael Swift]

Artreid,

Click on the "internet connection in the system tray.

"Right" click on the name of your wireless internet connection.

Select "Properties".

On the "Security" tab, there is a "check box" to "show characters". Check
it.

You will now see the actual password characters.

Hope this helps!

Just followed those suggestions and it worked for me, not that I needed
to remember my password, just interested, as an aside my Virgin Media
supplied Netgear super hub has a reset button which came in useful last
week when I needed to get back to the default settings after a bit of
trouble.

Mike

 

[Artreid]

Thnks Muchly, Richard.
That worked...

"Richard" wrote in message
Artreid,

Click on the "internet connection in the system tray.

"Right" click on the name of your wireless internet connection.

Select "Properties".

On the "Security" tab, there is a "check box" to "show characters". Check
it.

You will now see the actual password characters.

Hope this helps!

 

[Richard]

Thanks for the feedback. I'm glad it worked

 

[Jeff]

Artreid,

Click on the "internet connection in the system tray.

"Right" click on the name of your wireless internet connection.

Select "Properties".

On the "Security" tab, there is a "check box" to "show characters".
Check it.

You will now see the actual password characters.

Hope this helps!

Scary if you are worried about security.....

 

[Gordonbp]

Scary if you are worried about security.....

Not at all if you are running as a Standard User (which you should be),
because you then have to give the Admin password BEFORE the characters
are revealed...

 

[Gene E. Bloch]

Il Sat, 24 Nov 2012 03:40:31 -0500, Artreid ha scritto:


if your password is stored in the computer, you can try with the wireless
key view from nirsoft

It's stored in the router.

 

[J. P. Gilliver (John)]

It's stored in the router.

If Artreid is actually using it, but just can't remember it, it must be
stored in the computer too (-:.

 

[Gene E. Bloch]

If Artreid is actually using it, but just can't remember it, it must be
stored in the computer too (-:.

You caught me...

If I log in to my router from a computer wired to it, I can see the
password in plain text. Of course, I need to know the password that
gives me access to the router's setup.

And of course, as you imply, any device that can connect to the router
via WiFi has the password in it somewhere, but I hope not in plain text.

 

[Char Jackson]

You caught me...

If I log in to my router from a computer wired to it, I can see the
password in plain text. Of course, I need to know the password that
gives me access to the router's setup.

And of course, as you imply, any device that can connect to the router
via WiFi has the password in it somewhere,

I wonder, would anyone use the same password for both router setup and
wireless access? I hope not, but I try not to be surprised by such
things anymore.

but I hope not in plain text.

I don't know how it's stored, but the wireless access password is
easily viewable by such tools as the one from Nirsoft, and the
router's setup password can easily be reset to a known value,
especially if you have physical access to the box.

 

[Gene E. Bloch]

I wonder, would anyone use the same password for both router setup and
wireless access? I hope not, but I try not to be surprised by such
things anymore.

I use two very different passwords...

But there are still a few routers whose username and password are the
default ones :-(

I don't know how it's stored, but the wireless access password is
easily viewable by such tools as the one from Nirsoft, and the
router's setup password can easily be reset to a known value,
especially if you have physical access to the box.

I would expect that the Nirsoft tool reads the one on the router, but
Nir is pretty clever

As I said, I have physical (wired) access to the box, and so I can see
my wireless password.

It might be worth noting that since this computer has wired access to
the router, I haven't entered the wireless password here. That would
preclude Nirsoft's ability to find that password somewhere on this box &
decrypt it.

 

[Anthony Buckland]

I use two very different passwords...

But there are still a few routers whose username and password are the
default ones :-(



I would expect that the Nirsoft tool reads the one on the router, but
Nir is pretty clever

As I said, I have physical (wired) access to the box, and so I can see
my wireless password.

It might be worth noting that since this computer has wired access to
the router, I haven't entered the wireless password here. That would
preclude Nirsoft's ability to find that password somewhere on this box &
decrypt it.

I have no idea of current practices, but decades ago
when I was involved in en/decryption, it was customary
to store not the password, but the encrypted version of
the password using an encryption method which was one-way:
the encryption method was well-known, and the user (only)
new the plaintext password, but no-one (supposedly) could
reverse the encryption. A distressed user could only set
a new password after authenticating themselves, and again
it would not be stored, only its encrypted version to
compare when the user logged on and their attempt at the
password was encrypted, hopefully yielding something
identical to the stored encrypted version. I'd expect
any current password control method to be equally
robust.

 

[Gene E. Bloch]

I have no idea of current practices, but decades ago
when I was involved in en/decryption, it was customary
to store not the password, but the encrypted version of
the password using an encryption method which was one-way:
the encryption method was well-known, and the user (only)
new the plaintext password, but no-one (supposedly) could
reverse the encryption. A distressed user could only set
a new password after authenticating themselves, and again
it would not be stored, only its encrypted version to
compare when the user logged on and their attempt at the
password was encrypted, hopefully yielding something
identical to the stored encrypted version. I'd expect
any current password control method to be equally
robust.

I am quite sure that is the current practice. But there could be
exceptions, since not everyone pays attention to common sense...

Actually, I was alluding to that when I said that "Nir is pretty
clever". But I have to admit it would take more than cleverness to crack
the password using the method you describe; unfortunately, I didn't
think that deeply until your post

One method of cracking a password is to go through a series of possible
passwords, encrypting each by the known method, until the encrypted text
matches what is stored on the computer. It would definitely take a while
to crack a password on a mere home computer.

For myself, an encrypted password data base, well backed up, gets around
a lot of my memory problems.

 

[Anthony Buckland]

...
One method of cracking a password is to go through a series of possible
passwords, encrypting each by the known method, until the encrypted text
matches what is stored on the computer. It would definitely take a while
to crack a password on a mere home computer.
...

Um ... yes. And all an administrator has to do is limit
the number of tries to, say, three before shutting down
the attempt, with penalties of varying severity. ATMs
either swallow your card (really severe) or shut down
access until you go to your bank for a reset (almost as
severe). If you tried that for access in a corporation,
somebody's boss would come storming into your office,
probably the next day, wanting to know if you were trying
to shut the company down. Forcing an end to the attempt
followed by a 30-second break would be more acceptable
and would prevent any computer-generated attempt to try
all possible passwords.

By the way, comparing an encrypted attempt to an encrypted
password allows a nice little side effect, of rejecting a
password which is already in use, although you could have
a lot of trouble explaining to the dense that you really
don't have their password stored in plaintext somewhere.
The passwords "in use" would of course include many of the
really stupid ones like "PW" and "123456" and every word
in the Oxford English Dictionary. Many other
easily attacked ones can be excluded by insisting on a
lower case alphabetic, an upper case alphabetic, a digit
_and_ a special character (like "/" or the other stuff
your device will accept) somewhere in the password.

Oh yes, "a while" as you put it. A simple scheme like six
lowercase alphabetics would require over 300 million
tries, which at one a second if you're a demon typist
or thumber would take something of the order of twelve
years; but take heart, you'd have an even chance of
success in the first six years. If my arithmetic is
correct.

 

[Gene E. Bloch]

Um ... yes. And all an administrator has to do is limit
the number of tries to, say, three before shutting down
the attempt, with penalties of varying severity.

Notice that I said "the encrypted text matches what is stored on the
computer", not "try to log in". It doesn't even need to be done on the
computer holding the password; just copy the encrypted password to where
you are running the algorithm.

ATMs
either swallow your card (really severe) or shut down
access until you go to your bank for a reset (almost as
severe). If you tried that for access in a corporation,
somebody's boss would come storming into your office,
probably the next day, wanting to know if you were trying
to shut the company down. Forcing an end to the attempt
followed by a 30-second break would be more acceptable
and would prevent any computer-generated attempt to try
all possible passwords.

By the way, comparing an encrypted attempt to an encrypted
password allows a nice little side effect, of rejecting a
password which is already in use, although you could have
a lot of trouble explaining to the dense that you really
don't have their password stored in plaintext somewhere.
The passwords "in use" would of course include many of the
really stupid ones like "PW" and "123456" and every word
in the Oxford English Dictionary. Many other
easily attacked ones can be excluded by insisting on a
lower case alphabetic, an upper case alphabetic, a digit
_and_ a special character (like "/" or the other stuff
your device will accept) somewhere in the password.

Oh yes, "a while" as you put it. A simple scheme like six
lowercase alphabetics would require over 300 million
tries, which at one a second if you're a demon typist
or thumber would take something of the order of twelve
years; but take heart, you'd have an even chance of
success in the first six years. If my arithmetic is
correct.

But I didn't suggest typing it in[1]. To use the method I described, one
would run a password generator program which would generate all possible
passwords and automatically compare the results to the aforementioned
encrypted key. This could speed up the operation by a factor of 10
(using 10 without an exponent a good bit bigger than 1 is meant as a
joke).

[1] I said "go through a series of ... passwords", which is admittedly
vague, but I *did* think the intention was obvious, especially in
conjunction with the proviso that "the encrypted text matches what is
stored".

 

[Anthony Buckland]

Notice that I said "the encrypted text matches what is stored on the
computer", not "try to log in". It doesn't even need to be done on the
computer holding the password; just copy the encrypted password to where
you are running the algorithm.

....

OK, I get your point. Now, how does the cracker get
access to the collection of encrypted passwords?
The original question concerned a router. The
encrypted passwords are presumably on a computer
at the installation granting access to the network,
which I admit could be close by, in the IT office
administering the LAN, or could on the other hand be
a telephone company building in some city in the same
country. In the first case, Sandra Bullock triggers
a fire alarm, squirms into the appropriate cubicle,
and copies the file onto a DVD, getting away just in
time when everyone comes back from the false alarm.
In the second case, more difficult.

Anyway, this is really all a digression from the
original problem, which was solvable simply by
resetting the router to default values, which
fortunately included the plaintext password, no
encryption problem at all.

 

[Gene E. Bloch]

...

OK, I get your point. Now, how does the cracker get
access to the collection of encrypted passwords?

In the old Unix days, the file containing those things was accessible to
at least root (it's been too long for me to recall whether it was
available to others).

For things like Windows, in all honesty I don't know, but if I were a
thief, I'd try to find out

The original question concerned a router. The
encrypted passwords are presumably on a computer
at the installation granting access to the network,
which I admit could be close by, in the IT office
administering the LAN, or could on the other hand be
a telephone company building in some city in the same
country. In the first case, Sandra Bullock triggers
a fire alarm, squirms into the appropriate cubicle,
and copies the file onto a DVD, getting away just in
time when everyone comes back from the false alarm.
In the second case, more difficult.

How do I get access to Sandra Bullock? I only ask because my partner is
not looking over my shoulder at the moment...

Anyway, this is really all a digression from the
original problem, which was solvable simply by
resetting the router to default values, which
fortunately included the plaintext password, no
encryption problem at all.

True.