Penetration Testing mailing list archives
Re: Rainbowtables for WPA PSK?
From: Joshua Wright <jwright () hasborg com>
Date: Thu, 22 Dec 2005 16:49:39 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Meidinger Chris wrote:
Both STA and AP use nonces to defeat a replay or precalc attack.
...
Without studying the ins and outs, I think it should be possible to generate rainbowtables for WPA PSKs. Especially since on-the-fly cracking takes quite some time per crypt and most users use a alphanumeric characterset for the pass. It my assumption right?
Note that while the PTK generation uses STA and authenticator nonces to defeat precomputation attacks, WPA-PSK PMK derivation does not use a nonce. The only "salt" that is used in PMK derivation is the SSID of the network, allowing an attacker to perform a precomputed dictionary attack against the PMK. In a dictionary attack against WPA-PSK, it is the PMK derivation that takes so long to compute. The PMK derivation is based on the pbkdf2 algorithm which uses 4096 HMAC-SHA1 passes, while PTK derivation is only a single HMAC-SHA1 pass. At Shmoocon this year, Renderman, Thorn, Dutch and I will be giving a presentation on a variety of wireless-related topics, including a new release of coWPAtty that takes advantage of precomputed PMK's to significantly accelerate the process of mounting a dictionary attack against WPA-PSK networks. - -Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDqx9zTS8i9jZYpL8RApNbAKDJlskt3LmaRtwx10MCRvZoTNYFrACgvxfC 2k5Pe6xQx+uidMI5GASan/Y= =zVVS -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Rainbowtables for WPA PSK? Jeroen (Dec 20)
- RE: Rainbowtables for WPA PSK? Rocky (Dec 21)
- Free Wi-Foo Book Giveaway Seth Fogie (Dec 23)
- Re: Rainbowtables for WPA PSK? Marlon Jabbur (Dec 21)
- Re: Rainbowtables for WPA PSK? Fabien Degouet (Dec 21)
- <Possible follow-ups>
- RE: Rainbowtables for WPA PSK? Meidinger Chris (Dec 21)
- Re: Rainbowtables for WPA PSK? Seth Fogie (Dec 22)
- Re: Rainbowtables for WPA PSK? Joshua Wright (Dec 23)
- RE: Rainbowtables for WPA PSK? Rocky (Dec 21)