Re: WPA-PSK audit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'd like to know of any existing tools designed to test the WPA-PSK
security mode. I know it's more secure than wep with TKIP and so on but
I wonder if there are any tools that are able to crack the WPA key
within a reasonable time limit - 2-3 hours? Any ideas and suggestions on
WPA security will be appreciated.

I think it is unlikely that dictionary attacks will be effective against
WPA/WPA2-PSK networks, as long as the passphrase is reasonable and not a
dictionary word. That said, WPA/WPA2-PSK is not a suitable
authentication mechanism for enterprise networks. Since the PSK is
shared among all stations on the wireless network, every user with a
workstation that has the PSK could conceivably know the PSK and share it
with anyone else. Further, a stolen device could disclose the PSK for
the network, compromising all later data exchanges.

- -Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQIVAwUBR3WrfTWX3FIa1TkuAQIvbw//dCJMf/8GZTwUVmxN2uTSgyCM+vMCw8n4
VedAtIw5bOGWNcMkL/jNrPd50S99HlWJfd6+7KDB94WQZ8r8Z51XCeS5X7aVOYED
BVQ/SWTlgrJalUlgqCmsc1/k6dMzf+MSP5FKk4hE/nxLKxwSe4/AIxP7BZ4hgq3x
mBDOMo2YC62LA21jM1ozmKXCKnfjzxufpTlUjrTnWc2V/boc83eWnGuxkTfMqmCw
c+UhalVs/bCIQ1IvnxzW6GVzAPf/OLJO1FFXhXqGOW31Kpya4ce5nmoyCY7ngUm4
YtdRD67fbU6wgdfsoDjQFZyQ7nPzPS1XQoDYJdbsunmVZwTR2BCdpzY42VE7tK0H
ERQA7jSgfwKv15P1BPbkpOgNDMOjxrUYaZj8vdca6/5505XI0cmmqnG1U0g/SXHs
0SQ97I7ZyW+T74vDt1nxlerwThKCztGXpcfVJTZsVnXcs1+jlhsVvT0nIM6F+8Rn
Aw8EaIQT4DLIWQXWcKerUv0Pq6E4hCTzlgI2MOXE+9/cBYVhqKF6AHNQDklN0ITc
QB+u7+lwup0KjgJGWpWQo0gvpuA5i0LjavanmVPQca9iCq3Mt9Z1ZddYrAxVYQPx
moBpbty6h62tPFws0MOvjjesy1cA1QviEymN/qKnUb3gTOVpK/EIDW8v0zS680Sz
4cMyUdCfe1I=
=Zaw0
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • RE: WPA-PSK audit
    ... sure that you have a wireless card that supports either the Atheros or ... authentication mechanism for enterprise networks. ... Since the PSK is ... Need to secure your web apps NOW? ...
    (Pen-Test)
  • Re: WPA-PSK audit
    ... add numerals to the ssid set... ... authentication mechanism for enterprise networks. ... Since the PSK is ... Need to secure your web apps NOW? ...
    (Pen-Test)
  • Re: Are we legally responsible for our internet connections security?
    ... a reasonably secure state is rather easy to ... For people with wireless Internet access, ... networks, of which about half are unsecured. ... If everyone operated unsecured networks (or the tools to crack a secure ...
    (uk.legal)
  • Re: Are we legally responsible for our internet connections security?
    ... a reasonably secure state is rather easy to ... For people with wireless Internet access, ... networks, of which about half are unsecured. ... If everyone operated unsecured networks (or the tools to crack a secure ...
    (uk.legal)
  • Re: [Full-disclosure] [NANOG] IOS rootkits
    ... A rootkit for Cisco will cause Cisco to look into the ... I'm interested in you saying things will be more secure because of the ... I don't want there to be an attack window of any length... ... Let's just hope its networks that don't matter that get pwned, ...
    (Full-Disclosure)