Penetration Testing mailing list archives
RE: WPA-PSK audit
From: "Ng, Kenneth (US)" <kenng () kpmg com>
Date: Thu, 3 Jan 2008 13:29:16 -0500
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Joshua Wright Sent: Friday, December 28, 2007 9:06 PM To: Nikolaj Cc: pen-test () securityfocus com Subject: Re: WPA-PSK audit * PGP Signed by an unknown key: 12/28/2007 at 09:05PM
I'd like to know of any existing tools designed to test the WPA-PSK security mode. I know it's more secure than wep with TKIP and so on
but
I wonder if there are any tools that are able to crack the WPA key within a reasonable time limit - 2-3 hours? Any ideas and suggestions
on
WPA security will be appreciated.I think it is unlikely that dictionary attacks will be effective
against
WPA/WPA2-PSK networks, as long as the passphrase is reasonable and not
a
dictionary word. That said, WPA/WPA2-PSK is not a suitable authentication mechanism for enterprise networks. Since the PSK is shared among all stations on the wireless network, every user with a workstation that has the PSK could conceivably know the PSK and share
it
with anyone else. Further, a stolen device could disclose the PSK for the network, compromising all later data exchanges.
Josh, since all you need is a copy of the PSK, couldn't you target the corporation with a spearfishing attack with malware that gets the PSK and then sends it to an anonymous drop site? If a laptop is stolen, then there is a chance they may figure out that the PSK was compromised. But with malware that terminates after uploading the PSK, there won't be a trace, unless you can find it in the firewall logs or something. <html> <body> <p>***********************************************************************</p> <p>The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.</p> <p>***********************************************************************</p> </body> </html> ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: WPA-PSK audit Matthews, Jeremiah W. (JSC-IT)[MEI] (Jan 03)
- <Possible follow-ups>
- Re: WPA-PSK audit Tim (Jan 03)
- Re: WPA-PSK audit pinowudi (Jan 03)
- RE: WPA-PSK audit Ng, Kenneth (US) (Jan 07)
- Re: WPA-PSK audit kevin horvath (Jan 08)
- Re[2]: WPA-PSK audit Matthew Leeds (Jan 10)
- Re: WPA-PSK audit Jon Uriona (Jan 14)
- Re[2]: WPA-PSK audit Matthew Leeds (Jan 10)