Penetration Testing mailing list archives
Re: WPA-PSK audit
From: pinowudi <pinowudi () gmail com>
Date: Tue, 01 Jan 2008 19:51:58 -0500
Limit the target set. Limit the dictionary to the 200 most common passwords. Run tables for all 1-8 character alpha-only SSID combinations and include the factory default ssids. Might take a little time to generate. See how successful it is and let us know. If you have time, add numerals to the ssid set... Joshua Wright wrote:
I'd like to know of any existing tools designed to test the WPA-PSK security mode. I know it's more secure than wep with TKIP and so on but I wonder if there are any tools that are able to crack the WPA key within a reasonable time limit - 2-3 hours? Any ideas and suggestions on WPA security will be appreciated.I think it is unlikely that dictionary attacks will be effective against WPA/WPA2-PSK networks, as long as the passphrase is reasonable and not a dictionary word. That said, WPA/WPA2-PSK is not a suitable authentication mechanism for enterprise networks. Since the PSK is shared among all stations on the wireless network, every user with a workstation that has the PSK could conceivably know the PSK and share it with anyone else. Further, a stolen device could disclose the PSK for the network, compromising all later data exchanges. -Josh
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: WPA-PSK audit Matthews, Jeremiah W. (JSC-IT)[MEI] (Jan 03)
- <Possible follow-ups>
- Re: WPA-PSK audit Tim (Jan 03)
- Re: WPA-PSK audit pinowudi (Jan 03)
- RE: WPA-PSK audit Ng, Kenneth (US) (Jan 07)
- Re: WPA-PSK audit kevin horvath (Jan 08)
- Re[2]: WPA-PSK audit Matthew Leeds (Jan 10)
- Re: WPA-PSK audit Jon Uriona (Jan 14)
- Re[2]: WPA-PSK audit Matthew Leeds (Jan 10)