From: Aaron Peterson (aaron@midnightresearch.com)
Date: Wed Dec 19 2007 - 00:04:29 EST
Hi Nikolaj:
In general WPA-PSK cracking is very slow (by several orders of magnitude)
compared to cracking other types of hashing. Unless the customer is using a
dictionary word or a common password you probably won't be able to crack the
password within the 2-3 hour timeframe you mention. Aircrack-ng is now much
faster than coWPAtty (for a software only implementation of cracking), but
if you really want good performance I'd check into getting some FPGA
hardware from Pico Computing (http://picocomputing.com/). If you're doing
professional pen-testing I'd say it's worth the money since they can be used
for multiple purposes.
A couple other very general suggestions for cracking WPA-PSK in a pen-test
engagement:
- You can use wigle.net (or just do a drive-by if you're physically
close) to find the SSIDs for your target customer,
and before the engagement generate custom rainbow tables with
genpmk.
- I've found that taking the time to craft a custom
dictionary/password list and then generating permutations with the
john the ripper rules very effective. You can use things like
wget -m and wyd to help generate customer or industry specific
lists. I'm always surprised at how many customers use permutations
of their name or the product/group names for passwords (I know
this isn't WPA-PSK specific, but since cracking it is so slow,
this becomes more effective than the gains you see in software).
HTH,
Aaron
On Mon, Dec 17, 2007 at 11:17:25PM +0200, Nikolaj wrote:
> Hello list,
>
> I'd like to know of any existing tools designed to test the WPA-PSK
> security mode. I know it's more secure than wep with TKIP and so on but I
> wonder if there are any tools that are able to crack the WPA key within a
> reasonable time limit - 2-3 hours? Any ideas and suggestions on WPA
> security will be appreciated.
>
> Kind regards.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:17 EDT