Penetration Testing mailing list archives
RE: Rainbowtables for WPA PSK?
From: "Meidinger Chris" <chris.meidinger () badenIT de>
Date: Wed, 21 Dec 2005 09:04:55 +0100
Hi Jeroen, Both STA and AP use nonces to defeat a replay or precalc attack. http://en.wikipedia.org/wiki/Nonce Key generation is significantly more complicated in WPA than in WEP. Here's a brief bit about what's relevant to cracking WPA: http://www.ciscopress.com/articles/article.asp?p=370636&seqNum=6&rl=1 And I hate to post a microsoft link, but this explains WPA key generation and mangement very clearly: http://www.microsoft.com/technet/community/columns/cableguy/cg0805.mspx Cheers, Chris
-----Original Message----- From: Jeroen [mailto:jeroen () isvet nl] Sent: Tuesday, December 20, 2005 9:58 PM To: pen-test () securityfocus com Subject: Rainbowtables for WPA PSK? Without studying the ins and outs, I think it should be possible to generate rainbowtables for WPA PSKs. Especially since on-the-fly cracking takes quite some time per crypt and most users use a alphanumeric characterset for the pass. It my assumption right? Anyone already working on this subject? Please let me know! Gz, Jeroen -------------------------------------------------------------- ---------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------- -----------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Rainbowtables for WPA PSK? Jeroen (Dec 20)
- RE: Rainbowtables for WPA PSK? Rocky (Dec 21)
- Free Wi-Foo Book Giveaway Seth Fogie (Dec 23)
- Re: Rainbowtables for WPA PSK? Marlon Jabbur (Dec 21)
- Re: Rainbowtables for WPA PSK? Fabien Degouet (Dec 21)
- <Possible follow-ups>
- RE: Rainbowtables for WPA PSK? Meidinger Chris (Dec 21)
- Re: Rainbowtables for WPA PSK? Seth Fogie (Dec 22)
- Re: Rainbowtables for WPA PSK? Joshua Wright (Dec 23)
- RE: Rainbowtables for WPA PSK? Rocky (Dec 21)