RE: WPA-PSK audit

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Joshua Wright
Sent: Friday, December 28, 2007 9:06 PM
To: Nikolaj
Cc: pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: WPA-PSK audit

* PGP Signed by an unknown key: 12/28/2007 at 09:05PM

I'd like to know of any existing tools designed to test the WPA-PSK
security mode. I know it's more secure than wep with TKIP and so on
I wonder if there are any tools that are able to crack the WPA key
within a reasonable time limit - 2-3 hours? Any ideas and suggestions
WPA security will be appreciated.

I think it is unlikely that dictionary attacks will be effective
WPA/WPA2-PSK networks, as long as the passphrase is reasonable and not
dictionary word. That said, WPA/WPA2-PSK is not a suitable
authentication mechanism for enterprise networks. Since the PSK is
shared among all stations on the wireless network, every user with a
workstation that has the PSK could conceivably know the PSK and share
with anyone else. Further, a stolen device could disclose the PSK for
the network, compromising all later data exchanges.

Josh, since all you need is a copy of the PSK, couldn't you target the
corporation with a spearfishing attack with malware that gets the PSK
and then sends it to an anonymous drop site? If a laptop is stolen,
then there is a chance they may figure out that the PSK was compromised.
But with malware that terminates after uploading the PSK, there won't be
a trace, unless you can find it in the firewall logs or something.

<p>The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else is
unauthorized. If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on it, is
prohibited and may be unlawful. When addressed to our clients any opinions or
advice contained in this email are subject to the terms and conditions
expressed in the governing KPMG client engagement letter.</p>

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

Relevant Pages

  • Re: WPA-PSK audit
    ... security mode. ... authentication mechanism for enterprise networks. ... Since the PSK is ... Need to secure your web apps NOW? ...
  • Re: wpa2-psk aes
    ... although the PSK is known, the re-key mechanism should grant a private ... and secure connection between client and AP as Vito confirms. ... Diffie helmann exchanges keys but it's peer authentication-less: ... The way is key exchange through RSA. ...
  • Re: Wi-Fi Security implementation help..
    ... I have to implement either 802.11i, WEP, or WPA type of encryption. ... AAA database or use PSK. ... On the other hand I want secure Wi-Fi. ... allowing unrestricted access to your lan from anyone ...
  • Re: WPA2-PSK safty
    ... I'm aware that the protocol is safe by today's knowledge if they key is kept secure. ... The AES encryption key is derived from the PSK in some form of handshake. ... I want to know now if someone else can obtain that key by capturing the handshake and knowing the PSK? ...
  • Re: Is WEP the most secure encryption in wireless network security?
    ... > I have Linksys Wireless-G USB Kit with SpeedBooster ... PSK, in this context, is a mode of operation of WPA. ... gotten on to your network. ... "I don't need to out-run the bear, I just need to out-run you." ...