Re: Rainbowtables for WPA PSK?
- From: Seth Fogie <seth@xxxxxxxxxxxxxxx>
- Date: Wed, 21 Dec 2005 23:08:01 -0500
I will pipe in once again...
This Cisco article below has a part one with it as well (they are actually hosted at InformIT.com). I wrote these up because there was little out that really explained step by step how WPA cracking works. Joshua Wright wrote the program I reference in this article (cowpatty).
http://www.informit.com/articles/article.asp?p=369221 (part 1) http://www.informit.com/articles/article.asp?p=370636 (part 2)
Just another two cents...
Meidinger Chris wrote:
Hi Jeroen,
Both STA and AP use nonces to defeat a replay or precalc attack.
http://en.wikipedia.org/wiki/Nonce
Key generation is significantly more complicated in WPA than in WEP.
Here's a brief bit about what's relevant to cracking WPA:
http://www.ciscopress.com/articles/article.asp?p=370636&seqNum=6&rl=1
And I hate to post a microsoft link, but this explains WPA key generation and mangement very clearly:
http://www.microsoft.com/technet/community/columns/cableguy/cg0805.mspx
Cheers,
Chris
-----Original Message-----
From: Jeroen [mailto:jeroen@xxxxxxxx] Sent: Tuesday, December 20, 2005 9:58 PM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Rainbowtables for WPA PSK?
Without studying the ins and outs, I think it should be possible to generate
rainbowtables for WPA PSKs. Especially since on-the-fly cracking takes quite
some time per crypt and most users use a alphanumeric characterset for the
pass. It my assumption right? Anyone already working on this subject? Please
let me know!
Gz, Jeroen
--------------------------------------------------------------
----------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------- -----------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
- References:
- RE: Rainbowtables for WPA PSK?
- From: Meidinger Chris
- RE: Rainbowtables for WPA PSK?
- Prev by Date: Re: IPS Comparison
- Next by Date: New version of pwdump, and announcing fgdump!
- Previous by thread: RE: Rainbowtables for WPA PSK?
- Next by thread: Re: Rainbowtables for WPA PSK?
- Index(es):
Relevant Pages
|
