Penetration Testing mailing list archives
RE: Rainbowtables for WPA PSK?
From: "Rocky" <rocky.he () g-wizinnovations com>
Date: Wed, 21 Dec 2005 13:19:10 -0700
Hi, This isn't really practical. With Rainbow crack you have to supply the hash of the password which is then looked up in the tables. You could only do something like this if you had the hashed PSK. From what I understand the PKS is never transmitted. So how are you going to get a hold of the hash? You could try to extrapolate it from a capture but it's only used for the initial authentication. Which in turn means you'd have to capture about 15,000 authentications. It would be easier to just crack the password on the AP or a client and read the PSK off of it. IMOH RH -----Original Message----- From: Jeroen [mailto:jeroen () isvet nl] Sent: Tuesday, 20 December 2005 1:58 PM To: pen-test () securityfocus com Subject: Rainbowtables for WPA PSK? Without studying the ins and outs, I think it should be possible to generate rainbowtables for WPA PSKs. Especially since on-the-fly cracking takes quite some time per crypt and most users use a alphanumeric characterset for the pass. It my assumption right? Anyone already working on this subject? Please let me know! Gz, Jeroen ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Rainbowtables for WPA PSK? Jeroen (Dec 20)
- RE: Rainbowtables for WPA PSK? Rocky (Dec 21)
- Free Wi-Foo Book Giveaway Seth Fogie (Dec 23)
- Re: Rainbowtables for WPA PSK? Marlon Jabbur (Dec 21)
- Re: Rainbowtables for WPA PSK? Fabien Degouet (Dec 21)
- <Possible follow-ups>
- RE: Rainbowtables for WPA PSK? Meidinger Chris (Dec 21)
- Re: Rainbowtables for WPA PSK? Seth Fogie (Dec 22)
- Re: Rainbowtables for WPA PSK? Joshua Wright (Dec 23)
- RE: Rainbowtables for WPA PSK? Rocky (Dec 21)