RE: WPA-PSK audit

From: Ng, Kenneth (US) (kenng@kpmg.com)
Date: Thu Jan 03 2008 - 13:29:16 EST

• Next message: Password Crackers, Inc.: "RE: Generate passwords by bruteforce"
• Previous message: Larry Pesce: "Re: RFID cloning and overall security"
• In reply to: Joshua Wright: "Re: WPA-PSK audit"
• Next in thread: kevin horvath: "Re: WPA-PSK audit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Joshua Wright
Sent: Friday, December 28, 2007 9:06 PM
To: Nikolaj
Cc: pen-test@securityfocus.com
Subject: Re: WPA-PSK audit

* PGP Signed by an unknown key: 12/28/2007 at 09:05PM

>> I'd like to know of any existing tools designed to test the WPA-PSK
>> security mode. I know it's more secure than wep with TKIP and so on
but
>> I wonder if there are any tools that are able to crack the WPA key
>> within a reasonable time limit - 2-3 hours? Any ideas and suggestions
on
>> WPA security will be appreciated.
>
>I think it is unlikely that dictionary attacks will be effective
against
>WPA/WPA2-PSK networks, as long as the passphrase is reasonable and not
a
>dictionary word. That said, WPA/WPA2-PSK is not a suitable
>authentication mechanism for enterprise networks. Since the PSK is
>shared among all stations on the wireless network, every user with a
>workstation that has the PSK could conceivably know the PSK and share
it
>with anyone else. Further, a stolen device could disclose the PSK for
>the network, compromising all later data exchanges.

Josh, since all you need is a copy of the PSK, couldn't you target the
corporation with a spearfishing attack with malware that gets the PSK
and then sends it to an anonymous drop site? If a laptop is stolen,
then there is a chance they may figure out that the PSK was compromised.
But with malware that terminates after uploading the PSK, there won't be
a trace, unless you can find it in the firewall logs or something.

<html>
<body>
<p>***********************************************************************</p>
<p>The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else is
unauthorized. If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on it, is
prohibited and may be unlawful. When addressed to our clients any opinions or
advice contained in this email are subject to the terms and conditions
expressed in the governing KPMG client engagement letter.</p>
<p>***********************************************************************</p>
</body>
</html>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Password Crackers, Inc.: "RE: Generate passwords by bruteforce"
• Previous message: Larry Pesce: "Re: RFID cloning and overall security"
• In reply to: Joshua Wright: "Re: WPA-PSK audit"
• Next in thread: kevin horvath: "Re: WPA-PSK audit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:18 EDT