testing wireless security
Josh Paetzel
josh at tcbug.org
Tue Nov 20 05:57:04 PST 2007
On Monday 19 November 2007 05:55:07 pm Mark D. Foster wrote:
> Josh Paetzel wrote:
> > When I looked in to this it seemed that the current state of affairs is
> > that WPA can only be broken by brute-forcing the key. I don't recall if
> > that could be done 'off-line' or not. My memory is that the needed info
> > to attempt bruteforcing could be done by simply receiving....no need to
> > attempt to associate to the AP was needed. I'm not really interested in
> > disseminating links to tools that can be used to break wireless security,
> > but simple google searches will give you the info you need.....and the
> > tools are in the ports tree for the most part.
> >
> > Fortunately WPA allows keys that put even resource-rich attackers in to
> > the decade range to bruteforce.
>
> That would not appear to be a limitation of aircrack-ng
> http://www.freshports.org/net-mgmt/aircrack-ng/
>
> aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can
> recover this keys once enough encrypted packets have been captured.
> It implements the standard FMS attack along with some optimizations
> like KoreK attacks, thus making the attack much faster compared to
> other WEP cracking tools. In fact aircrack is a set of tools for
> auditing wireless networks.
>
> That said, I haven't (yet) tried it myself ;)
Well, if you were to read your own link for a bit you'd eventually find...
http://www.aircrack-ng.org/doku.php?id=cracking_wpa
Quoting from the page....
WPA/WPA2 supports many types of authentication beyond pre-shared keys.
aircrack-ng can ONLY crack pre-shared keys. So make sure airodump-ng shows
the network as having the authentication type of PSK, otherwise, don't bother
trying to crack it.
There is another important difference between cracking WPA/WPA2 and WEP. This
is the approach used to crack the WPA/WPA2 pre-shared key. Unlike WEP, where
statistical methods can be used to speed up the cracking process, only plain
brute force techniques can be used against WPA/WPA2. That is, because the key
is not static, so collecting IVs like when cracking WEP encryption, does not
speed up the attack. The only thing that does give the information to start
an attack is the handshake between client and AP. Handshaking is done when
the client connects to the network. Although not absolutely true, for the
purposes of this tutorial, consider it true. Since the pre-shared key can be
from 8 to 63 characters in length, it effectively becomes impossible to crack
the pre-shared key.
The only time you can crack the pre-shared key is if it is a dictionary word
or relatively short in length. Conversely, if you want to have an unbreakable
wireless network at home, use WPA/WPA2 and a 63 character password composed
of random characters including special symbols.
--
Thanks,
Josh Paetzel
PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20071120/3022e25e/attachment.pgp
More information about the freebsd-security
mailing list