Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Rainbowtables for WPA PSK?

from [Joshua Wright] Network Security [Permanent Link]
Subject: Re: Rainbowtables for WPA PSK?
Date: Thu, 22 Dec 2005 16:49:39 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Meidinger Chris wrote:

Both STA and AP use nonces to defeat a replay or precalc attack.

...

Without studying the ins and outs, I think it should be possible to
generate rainbowtables for WPA PSKs. Especially since on-the-fly 
cracking takes quite some time per crypt and most users use a
alphanumeric characterset for the pass. It my assumption right?


Note that while the PTK generation uses STA and authenticator nonces to
defeat precomputation attacks, WPA-PSK PMK derivation does not use a
nonce.  The only "salt" that is used in PMK derivation is the SSID of
the network, allowing an attacker to perform a precomputed dictionary
attack against the PMK.

In a dictionary attack against WPA-PSK, it is the PMK derivation that
takes so long to compute.  The PMK derivation is based on the pbkdf2
algorithm which uses 4096 HMAC-SHA1 passes, while PTK derivation is only
 a single HMAC-SHA1 pass.

At Shmoocon this year, Renderman, Thorn, Dutch and I will be giving a
presentation on a variety of wireless-related topics, including a new
release of coWPAtty that takes advantage of precomputed PMK's to
significantly accelerate the process of mounting a dictionary attack
against WPA-PSK networks.

- -Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDqx9zTS8i9jZYpL8RApNbAKDJlskt3LmaRtwx10MCRvZoTNYFrACgvxfC
2k5Pe6xQx+uidMI5GASan/Y=
=zVVS
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  New site location, shadown
Next by Date:  3rd party vuln assesment firms, rklemaster
Previous by Thread:  Re: Rainbowtables for WPA PSK?, Seth Fogie
Next by Thread:  XSS vulnerabilities in Google.com, Watchfire Research
Indexes:  [Date] [Thread] [Top] [All Lists]