Penetration Testing mailing list archives
RE: WPA-PSK audit
From: "Matthews, Jeremiah W. (JSC-IT)[MEI]" <jeremiah.w.matthews () nasa gov>
Date: Mon, 31 Dec 2007 14:55:50 -0600
You can use the opensource aircrack array of tools. In addition, make sure that you have a wireless card that supports either the Atheros or Proxim chipsets. The adapter has to be capable of being put into monitor/prom mode. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Joshua Wright Sent: Friday, December 28, 2007 8:06 PM To: Nikolaj Cc: pen-test () securityfocus com Subject: Re: WPA-PSK audit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I'd like to know of any existing tools designed to test the WPA-PSK security mode. I know it's more secure than wep with TKIP and so on but I wonder if there are any tools that are able to crack the WPA key
within a reasonable time limit - 2-3 hours? Any ideas and suggestions on WPA security will be appreciated.
I think it is unlikely that dictionary attacks will be effective against WPA/WPA2-PSK networks, as long as the passphrase is reasonable and not a dictionary word. That said, WPA/WPA2-PSK is not a suitable authentication mechanism for enterprise networks. Since the PSK is shared among all stations on the wireless network, every user with a workstation that has the PSK could conceivably know the PSK and share it with anyone else. Further, a stolen device could disclose the PSK for the network, compromising all later data exchanges. - -Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQIVAwUBR3WrfTWX3FIa1TkuAQIvbw//dCJMf/8GZTwUVmxN2uTSgyCM+vMCw8n4 VedAtIw5bOGWNcMkL/jNrPd50S99HlWJfd6+7KDB94WQZ8r8Z51XCeS5X7aVOYED BVQ/SWTlgrJalUlgqCmsc1/k6dMzf+MSP5FKk4hE/nxLKxwSe4/AIxP7BZ4hgq3x mBDOMo2YC62LA21jM1ozmKXCKnfjzxufpTlUjrTnWc2V/boc83eWnGuxkTfMqmCw c+UhalVs/bCIQ1IvnxzW6GVzAPf/OLJO1FFXhXqGOW31Kpya4ce5nmoyCY7ngUm4 YtdRD67fbU6wgdfsoDjQFZyQ7nPzPS1XQoDYJdbsunmVZwTR2BCdpzY42VE7tK0H ERQA7jSgfwKv15P1BPbkpOgNDMOjxrUYaZj8vdca6/5505XI0cmmqnG1U0g/SXHs 0SQ97I7ZyW+T74vDt1nxlerwThKCztGXpcfVJTZsVnXcs1+jlhsVvT0nIM6F+8Rn Aw8EaIQT4DLIWQXWcKerUv0Pq6E4hCTzlgI2MOXE+9/cBYVhqKF6AHNQDklN0ITc QB+u7+lwup0KjgJGWpWQo0gvpuA5i0LjavanmVPQca9iCq3Mt9Z1ZddYrAxVYQPx moBpbty6h62tPFws0MOvjjesy1cA1QviEymN/qKnUb3gTOVpK/EIDW8v0zS680Sz 4cMyUdCfe1I= =Zaw0 -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: WPA-PSK audit Matthews, Jeremiah W. (JSC-IT)[MEI] (Jan 03)
- <Possible follow-ups>
- Re: WPA-PSK audit Tim (Jan 03)
- Re: WPA-PSK audit pinowudi (Jan 03)
- RE: WPA-PSK audit Ng, Kenneth (US) (Jan 07)
- Re: WPA-PSK audit kevin horvath (Jan 08)
- Re[2]: WPA-PSK audit Matthew Leeds (Jan 10)
- Re: WPA-PSK audit Jon Uriona (Jan 14)
- Re[2]: WPA-PSK audit Matthew Leeds (Jan 10)