Re: [pen-test] WPA-PSK audit
- From: Aaron Peterson <aaron@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 18 Dec 2007 21:04:29 -0800
Hi Nikolaj:
In general WPA-PSK cracking is very slow (by several orders of magnitude)
compared to cracking other types of hashing. Unless the customer is using a
dictionary word or a common password you probably won't be able to crack the
password within the 2-3 hour timeframe you mention. Aircrack-ng is now much
faster than coWPAtty (for a software only implementation of cracking), but
if you really want good performance I'd check into getting some FPGA
hardware from Pico Computing (http://picocomputing.com/). If you're doing
professional pen-testing I'd say it's worth the money since they can be used
for multiple purposes.
A couple other very general suggestions for cracking WPA-PSK in a pen-test
engagement:
- You can use wigle.net (or just do a drive-by if you're physically
close) to find the SSIDs for your target customer,
and before the engagement generate custom rainbow tables with
genpmk.
- I've found that taking the time to craft a custom
dictionary/password list and then generating permutations with the
john the ripper rules very effective. You can use things like
wget -m and wyd to help generate customer or industry specific
lists. I'm always surprised at how many customers use permutations
of their name or the product/group names for passwords (I know
this isn't WPA-PSK specific, but since cracking it is so slow,
this becomes more effective than the gains you see in software).
HTH,
Aaron
On Mon, Dec 17, 2007 at 11:17:25PM +0200, Nikolaj wrote:
Hello list,
I'd like to know of any existing tools designed to test the WPA-PSK
security mode. I know it's more secure than wep with TKIP and so on but I
wonder if there are any tools that are able to crack the WPA key within a
reasonable time limit - 2-3 hours? Any ideas and suggestions on WPA
security will be appreciated.
Kind regards.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- WPA-PSK audit
- From: Nikolaj
- WPA-PSK audit
- Prev by Date: Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ???
- Next by Date: RE: GCIA, GSEC, GCIH, CISSP, CEH ???
- Previous by thread: WPA-PSK audit
- Next by thread: Re: WPA-PSK audit
- Index(es):
