Is it safe to leave my shaw hitron router password the same as when it was installed? If not, why?
It should be safe if you trust everyone who has physical access to your modem. I have the Cisco wifi modem at home and I left my wifi password as the default.
But the password is written on the sticker on your modem. If you suspect that a guest to your home went to the modem and wrote down the info on the sticker, then yeah, I'd recommend changing the wifi password.
Alright, I was not sure if the passwords were common or somewhat the same and your neighbour could just use your internet.
colinwallin wrote: Is it safe to leave my shaw hitron router password the same as when it was installed? If not, why?
Password is the serial number of the modem..
It wouldn't take too long to brute-force it because the serial numbers are a certain length and format, but it will do a decent job against casual people in the neighbourhood.
Is this proven yet somehow, somewhere? Have you seen or tested this theory?
colinwallin wrote: Is this proven yet somehow, somewhere? Have you seen or tested this theory?
Given a brand of modem, which is identified by it's MAC address that is sent out when broadcasting the WiFi SSID (WiFi network name), you can look up the format of it's serial number.
If you suspect the WiFi network you are trying to break into hasn't changed the password, you can build a 'rainbow table' for all possible serial numbers - letters and numbers in the appropriate places, then use this list to 'crack' the WiFi password.
Using the DPC3825 modem/router, instead of an unknown password of length from 8 to 64 characters, letters, numbers, and symbols, the default password is 9 or 10 digits. Numbers only instead of letters and numbers.
From the air, watch/record a device connecting to the wireless network, give this encrypted session to a computer to run though all 9 and 10 digit numbers, waiting for it to become readable. Done, WiFi password found.
Other modem/routers have different lengths with letters in a spot. One of those letters might be the 'year' code it was made in, so all of them may have three different letters to pick from (a lot better than 26), numbers where they need to be, and no symbols, you cut your work down substantially.
Look at your serial number. Where yours has a digit, everybody's does. Where yours has a letter, everybody's does and the letter variations are *usually* not random but this doesn't really matter for this discussion.. So someone 'guessing' your WiFi password knows it is exactly 12 characters, 3 letters and 9 digits.. This cuts down the work to figure out the password substantially.
Using your own pass-phrase, a random attacker has no idea where to begin, how long it is, capitals vs lower case (serial numbers are almost always all capitals or all lower case), or if there is a symbol mixed in. Grab the MAC to look up the brand, try the rainbow-table for the modem's serial pattern, if it fails the victim has changed the password, so move on to another network.
The SmartRG default passwords are really bad.. It is the Ethernet MAC address of the system (without the colons or hyphens), scan for WiFi with any survey tool, grab the MAC address, subtract 1, and that is the default password.
Ok sounds like I should change my password, you basically say my router has a sort of pattern for passwords that could be cracked by someone who has talent...I should change it to something that is long and random such as at least 13 characters long with upper case lowercase and digits but not common words etc. Sounds like good advice, a guy at work suggested I change the password as well to something along those lines as it is possible someone could steal my internet making it not so reliable and fast, or do naughty things on it.
So why would shaw not just have it totally random and unbreakable if it is indeed a pattern or "crackable"? I guess we as the end user are responsible for that.
So With some testing I found it is easy to crack a password of any stock shaw router and it is same to login to router itself, shaw needs to fix this asap!
Retrieving data ...