Penetration Testing mailing list archives
Re: WPA-PSK audit
From: Joshua Wright <jwright () hasborg com>
Date: Fri, 28 Dec 2007 21:05:49 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I'd like to know of any existing tools designed to test the WPA-PSK security mode. I know it's more secure than wep with TKIP and so on but I wonder if there are any tools that are able to crack the WPA key within a reasonable time limit - 2-3 hours? Any ideas and suggestions on WPA security will be appreciated.
I think it is unlikely that dictionary attacks will be effective against WPA/WPA2-PSK networks, as long as the passphrase is reasonable and not a dictionary word. That said, WPA/WPA2-PSK is not a suitable authentication mechanism for enterprise networks. Since the PSK is shared among all stations on the wireless network, every user with a workstation that has the PSK could conceivably know the PSK and share it with anyone else. Further, a stolen device could disclose the PSK for the network, compromising all later data exchanges. - -Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQIVAwUBR3WrfTWX3FIa1TkuAQIvbw//dCJMf/8GZTwUVmxN2uTSgyCM+vMCw8n4 VedAtIw5bOGWNcMkL/jNrPd50S99HlWJfd6+7KDB94WQZ8r8Z51XCeS5X7aVOYED BVQ/SWTlgrJalUlgqCmsc1/k6dMzf+MSP5FKk4hE/nxLKxwSe4/AIxP7BZ4hgq3x mBDOMo2YC62LA21jM1ozmKXCKnfjzxufpTlUjrTnWc2V/boc83eWnGuxkTfMqmCw c+UhalVs/bCIQ1IvnxzW6GVzAPf/OLJO1FFXhXqGOW31Kpya4ce5nmoyCY7ngUm4 YtdRD67fbU6wgdfsoDjQFZyQ7nPzPS1XQoDYJdbsunmVZwTR2BCdpzY42VE7tK0H ERQA7jSgfwKv15P1BPbkpOgNDMOjxrUYaZj8vdca6/5505XI0cmmqnG1U0g/SXHs 0SQ97I7ZyW+T74vDt1nxlerwThKCztGXpcfVJTZsVnXcs1+jlhsVvT0nIM6F+8Rn Aw8EaIQT4DLIWQXWcKerUv0Pq6E4hCTzlgI2MOXE+9/cBYVhqKF6AHNQDklN0ITc QB+u7+lwup0KjgJGWpWQo0gvpuA5i0LjavanmVPQca9iCq3Mt9Z1ZddYrAxVYQPx moBpbty6h62tPFws0MOvjjesy1cA1QviEymN/qKnUb3gTOVpK/EIDW8v0zS680Sz 4cMyUdCfe1I= =Zaw0 -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- WPA-PSK audit Nikolaj (Dec 18)
- Re: [pen-test] WPA-PSK audit Aaron Peterson (Dec 18)
- Re: WPA-PSK audit DaKahuna (Dec 19)
- Re: WPA-PSK audit Howard Sheen (Dec 27)
- Re: WPA-PSK audit Joshua Wright (Dec 31)
- Re: WPA-PSK audit Howard Sheen (Dec 27)
- Re: WPA-PSK audit Joshua Wright (Dec 31)