Re: Wireless Security vs Performance

[Paul Johnston <paul.johnston () pentest co uk>]

Hi,

Just to clarify - cowpatty is only for WPA2-PSK. In enterprise mode,
some of the EAPs (authentication schemes) are vulnerable to brute force,
such as LEAP (http://www.willhackforsushi.com/Asleap.html), but others,
such as PEAP, are not.

Paul


On 10/09/2010 20:57, Adam Mooz wrote:
> Shailesh,
>
> WPA and WPA2 are both 100% vulnerable to brute force attacks, take a look at cowpatty.  It's supposed to take a very 
> long time.  It's extremely possible to brute force WPA/2, google it.  
>
> Adam Mooz

-- 
Pentest - When a tick in the box is not enough

Paul Johnston - IT Security Consultant / Tiger SST
Pentest Limited - ISO 9001 (cert 16055) / ISO 27001 (cert 558982)

Office: +44 (0) 161 233 0100
Mobile: +44 (0) 7817 219 072

Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
Registered Number: 4217114 England & Wales
Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------