not so fast, janisk. it will take longer then 11111 mentioned (I doubt he’s done it), but it looks possible in theory:
Of course WPA2 is recommended, as well EAP is preffered to PSK, as well AES-CCM is preferred.
Anyway I doubt that 63 undictionary ‘wpa(1)-preshared-key’ will be 30 minutes work for regular user.
someting interesting for they who not believe 
WEP less then 5 sec
I code it ;)
сKуKцKсKфKсKущххKтKцKфKшKр
сKуKцKсKфKсKущххKтKцKфKщKр
сKуKцKсKфKсKущххKтKцKфKсрKр
сKуKцKсKфKсKущххKтKцKфKссKр
сKуKцKсKфKсKущххKтKцKфKстKр
сKуKцKсKфKсKущххKтKцKфKсуKр
сKуKцKсKфKсKущххKтKцKфKсфKр
сKуKцKсKфKсKущххKтKцKфKсхKр
again WEP - WE ARE TALKING ABOUT WPA!
WPA coding is simple too
just thing how is generated
show us somehow, I just don’t believe you can do it in minutes
did you even read it until the end?
As we’ve learned, cracking the password is no simple matter. Due to the WPA design, an attacker must have an insider’s understanding of how the packets are created and how their data is used to secure a WPA-PSK network (or a tool that does this for the attacker). Our example provided a test using a previously known password. To successfully crack a random network, an attacker must have a large dictionary file, a powerful computer, and a little luck in order to obtain the password. Fortunately, this isn’t as easy as it sounds.
Dear ahmedramze can I have your Yahoo ID
for more explenation.
why not mikrotik try to detect wireless client with different signal strength with one mac address?
definitely modulation and signal strength can be helpful key to come up with some level of security?
After we implement MK-PPPOE solution we saw our SSID (even with AP mac cloned) cloned and one PPPOE server was running in that “unknown” AP. They were getting user/password/mac from our customers. We already have one great solution for this. (once it works) But I am curious to know what Mikrotik suggests in these cases? (They always have better solution than ours 
smacebr,
use encryption protocols for wireless clients, as it was suggested in the previous posts(WPA/WPA2).
but the key is shared by all users in that interface. right?
The problem is that we suspect that who did that has access to our network. (He fixes computers - format, install OS, hardware etc - i’ve forgotten the word for this kind work). So if the Key is shared by all users in that interface he will be able to get the key when he visits one of our customers. Am I wrong?
preferably with eap certificates. but preshared key is also good choice for starters 
like me
edit:
you can create virtualAP with different pre-shared key, like one key for group
I have not checked “eap certificates” before. I must check it then. Any sugestion?
I was thinking about to develop one Dialer (for PCI Wireless Cards) and a customized AP Firmware (just like ApRouter and others) for doing an improved authentication.
After the user logs in (user,password,mac,station) in the radius. Our integration server would send one Key to the Dialer/AP(Fw.Customized) if it combines to the last key sent by our server in the previous session, the client (dialer/ap) will send another key back, in case of incorrect Key or not informing it the server will automatically disconected the user from MK. If everything is OK then the server sends the user a new key to be used in the next session. So this way these keys are updated each session and I hope avoid clonning for ever
Mikrotik what do you think about this kind of solution?
certificates can be used in this manner: AP and client receives certificate from radius server and then from this certificate keys are generated and they change over time, it is very very safe. 
Is it the same I talked above or is it diferent?
I need one example of implementing it to understand it better.
kind of the same, just already implemented in ROS, windows and Linux.
you have to generate TLS certificate for user and your AP, then set this certificate for router and for user
-
Try disabling ‘Universal Client’. (I think this is done by setting the address-pool in the user profile to ‘none’)
-
Try binding the MAC address to the IP address in the firewall (possibly with a login script in the user profile - if mac is xx-xx-xx-xx-xx-xx and ip is not yy.yy.yy.yy reject/tarpit/drop)
Just a few thoughts.
hi guys ,
i have the same problem with mikrotik .
you should give each client a static ip or there should be a script running which gives each client a subnet of 30 bits , this can solve mikrotik hotspot service .
i m using hotspot with static ip only , and my system is running well ,