Penetration Testing mailing list archives

Re: Rainbowtables for WPA PSK?

From: Joshua Wright <jwright () hasborg com>
Date: Thu, 22 Dec 2005 16:49:39 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Meidinger Chris wrote:

Both STA and AP use nonces to defeat a replay or precalc attack.

...

Without studying the ins and outs, I think it should be possible to
generate rainbowtables for WPA PSKs. Especially since on-the-fly 
cracking takes quite some time per crypt and most users use a
alphanumeric characterset for the pass. It my assumption right?


Note that while the PTK generation uses STA and authenticator nonces to
defeat precomputation attacks, WPA-PSK PMK derivation does not use a
nonce.  The only "salt" that is used in PMK derivation is the SSID of
the network, allowing an attacker to perform a precomputed dictionary
attack against the PMK.

In a dictionary attack against WPA-PSK, it is the PMK derivation that
takes so long to compute.  The PMK derivation is based on the pbkdf2
algorithm which uses 4096 HMAC-SHA1 passes, while PTK derivation is only
 a single HMAC-SHA1 pass.

At Shmoocon this year, Renderman, Thorn, Dutch and I will be giving a
presentation on a variety of wireless-related topics, including a new
release of coWPAtty that takes advantage of precomputed PMK's to
significantly accelerate the process of mounting a dictionary attack
against WPA-PSK networks.

- -Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDqx9zTS8i9jZYpL8RApNbAKDJlskt3LmaRtwx10MCRvZoTNYFrACgvxfC
2k5Pe6xQx+uidMI5GASan/Y=
=zVVS
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Rainbowtables for WPA PSK? Jeroen (Dec 20)
- RE: Rainbowtables for WPA PSK? Rocky (Dec 21)
  - Free Wi-Foo Book Giveaway Seth Fogie (Dec 23)
- Re: Rainbowtables for WPA PSK? Marlon Jabbur (Dec 21)
- Re: Rainbowtables for WPA PSK? Fabien Degouet (Dec 21)
- <Possible follow-ups>
- RE: Rainbowtables for WPA PSK? Meidinger Chris (Dec 21)
  - Re: Rainbowtables for WPA PSK? Seth Fogie (Dec 22)
  - Re: Rainbowtables for WPA PSK? Joshua Wright (Dec 23)