Re: Rainbowtables for WPA PSK?

[Seth Fogie <seth () fogieonline com>]

I will pipe in once again...

This Cisco article below has a part one with it as well (they are 
actually hosted at InformIT.com). I wrote these up because there was 
little out that really explained step by step how WPA cracking works. 
Joshua Wright wrote the program I reference in this article (cowpatty).

http://www.informit.com/articles/article.asp?p=369221 (part 1)
http://www.informit.com/articles/article.asp?p=370636 (part 2)

Just another two cents...

Meidinger Chris wrote:

> Hi Jeroen,
>
> Both STA and AP use nonces to defeat a replay or precalc attack.
>
> http://en.wikipedia.org/wiki/Nonce
>
> Key generation is significantly more complicated in WPA than in WEP.
>
> Here's a brief bit about what's relevant to cracking WPA:
>
> http://www.ciscopress.com/articles/article.asp?p=370636&seqNum=6&rl=1
>
> And I hate to post a microsoft link, but this explains WPA key
> generation and mangement very clearly:
>
> http://www.microsoft.com/technet/community/columns/cableguy/cg0805.mspx 
>
> Cheers,
>
> Chris 
>
>  
>
> > -----Original Message-----
> > From: Jeroen [mailto:jeroen () isvet nl] 
> > Sent: Tuesday, December 20, 2005 9:58 PM
> > To: pen-test () securityfocus com
> > Subject: Rainbowtables for WPA PSK?
> >
> > Without studying the ins and outs, I think it should be 
> > possible to generate
> > rainbowtables for WPA PSKs. Especially since on-the-fly 
> > cracking takes quite
> > some time per crypt and most users use a alphanumeric 
> > characterset for the
> > pass. It my assumption right? Anyone already working on this 
> > subject? Please
> > let me know!
> >
> > Gz,
> > Jeroen
> >
> >
> >
> > --------------------------------------------------------------
> > ----------------
> > Audit your website security with Acunetix Web Vulnerability Scanner: 
> >
> > Hackers are concentrating their efforts on attacking 
> > applications on your 
> > website. Up to 75% of cyber attacks are launched on shopping 
> > carts, forms, 
> > login pages, dynamic content etc. Firewalls, SSL and 
> > locked-down servers are 
> > futile against web application hacking. Check your website 
> > for vulnerabilities 
> > to SQL injection, Cross site scripting and other web attacks 
> > before hackers do! 
> > Download Trial at:
> >
> > http://www.securityfocus.com/sponsor/pen-test_050831
> > --------------------------------------------------------------
> > -----------------
> >
> >
> >    
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner: 
>
> Hackers are concentrating their efforts on attacking applications on your 
> website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
> futile against web application hacking. Check your website for vulnerabilities 
> to SQL injection, Cross site scripting and other web attacks before hackers do! 
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
>
>  

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------