Wireless Security
WPA Encryption Oct 05 2009 12:31AM
AFH Security (security afallenhope com) (4 replies)
Re: WPA Encryption Oct 06 2009 02:41PM
Mike Duncan (Mike Duncan noaa gov)
Hash: SHA1

WPA cracking is not like WEP cracking, where the key can be "guessed"
from traffic captured. Rather, the handshake is needed to crack the key
later. You will need the handshake, which you have, and you will need
the password in a dictionary. Standard aircrack-ng use would require the
password to be available within the dictionary file as aircrack-ng will
go through, one by one, every password in the file. You can try to
generate a password file as well using various tools and there have been
discussions about about the benefits of using dictionary generators and
piping the results directly into aricrack-ng.

Because the ESSID is used to encrypt the key, the encrypted form of the
key will be different from ESSID to ESSID. This is where coWPAtty comes
in by providing a utility to generate "rainbow-tables" based on the
ESSID and possible passwords. Much faster cracking results, but it can
take a long time to generate the coWPAtty formatted table files and they
are very large (containing encrypted forms of various passwords for
various ESSIDs). They have a couple to download which have common
passwords and common ESSIDs.

Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
NOAA :: National Climatic Data Center

AFH Security wrote:
> I've been looking for tutorials or articles on the weakness in the WPA
> protocol. I've been able to capture my handshake, and I've used the
> aircrack-ng suite, but never am I able to find my password. Mind you
> it's something extremely simple, but it's not found in any dictionaries.
> I was told you can use rainbow tables, but I've never used them. Can
> someone enlighten me on this please?
> Regards.
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


[ reply ]
Re: WPA Encryption Oct 05 2009 08:21PM
Taras (taras securityaudit ru)
Re: WPA Encryption Oct 05 2009 03:50PM
Robin Wood (dninja gmail com)
Re: WPA Encryption Oct 05 2009 02:12PM
Fatah al Farihin (fathkay yahoo com)


Privacy Statement
Copyright 2010, SecurityFocus