Penetration Testing mailing list archives
Re: [pen-test] WPA-PSK audit
From: Aaron Peterson <aaron () midnightresearch com>
Date: Tue, 18 Dec 2007 21:04:29 -0800
Hi Nikolaj: In general WPA-PSK cracking is very slow (by several orders of magnitude) compared to cracking other types of hashing. Unless the customer is using a dictionary word or a common password you probably won't be able to crack the password within the 2-3 hour timeframe you mention. Aircrack-ng is now much faster than coWPAtty (for a software only implementation of cracking), but if you really want good performance I'd check into getting some FPGA hardware from Pico Computing (http://picocomputing.com/). If you're doing professional pen-testing I'd say it's worth the money since they can be used for multiple purposes. A couple other very general suggestions for cracking WPA-PSK in a pen-test engagement: - You can use wigle.net (or just do a drive-by if you're physically close) to find the SSIDs for your target customer, and before the engagement generate custom rainbow tables with genpmk. - I've found that taking the time to craft a custom dictionary/password list and then generating permutations with the john the ripper rules very effective. You can use things like wget -m and wyd to help generate customer or industry specific lists. I'm always surprised at how many customers use permutations of their name or the product/group names for passwords (I know this isn't WPA-PSK specific, but since cracking it is so slow, this becomes more effective than the gains you see in software). HTH, Aaron On Mon, Dec 17, 2007 at 11:17:25PM +0200, Nikolaj wrote:
Hello list, I'd like to know of any existing tools designed to test the WPA-PSK security mode. I know it's more secure than wep with TKIP and so on but I wonder if there are any tools that are able to crack the WPA key within a reasonable time limit - 2-3 hours? Any ideas and suggestions on WPA security will be appreciated. Kind regards. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- WPA-PSK audit Nikolaj (Dec 18)
- Re: [pen-test] WPA-PSK audit Aaron Peterson (Dec 18)
- Re: WPA-PSK audit DaKahuna (Dec 19)
- Re: WPA-PSK audit Howard Sheen (Dec 27)
- Re: WPA-PSK audit Joshua Wright (Dec 31)
- Re: WPA-PSK audit Howard Sheen (Dec 27)
- Re: WPA-PSK audit Joshua Wright (Dec 31)