RE: Rainbowtables for WPA PSK?

From: Meidinger Chris (chris.meidinger@badenIT.de)
Date: Wed Dec 21 2005 - 03:04:55 EST

• Next message: Dave Bush: "Re: IPS Comparison"
• Previous message: Jerry: "Don't mess up!"
• Maybe in reply to: Jeroen: "Rainbowtables for WPA PSK?"
• Next in thread: Seth Fogie: "Re: Rainbowtables for WPA PSK?"
• Reply: Seth Fogie: "Re: Rainbowtables for WPA PSK?"
• Reply: Joshua Wright: "Re: Rainbowtables for WPA PSK?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Jeroen,

Both STA and AP use nonces to defeat a replay or precalc attack.

http://en.wikipedia.org/wiki/Nonce

Key generation is significantly more complicated in WPA than in WEP.

Here's a brief bit about what's relevant to cracking WPA:

http://www.ciscopress.com/articles/article.asp?p=370636&seqNum=6&rl=1

And I hate to post a microsoft link, but this explains WPA key
generation and mangement very clearly:

http://www.microsoft.com/technet/community/columns/cableguy/cg0805.mspx

Cheers,

Chris

> -----Original Message-----
> From: Jeroen [mailto:jeroen@isvet.nl]
> Sent: Tuesday, December 20, 2005 9:58 PM
> To: pen-test@securityfocus.com
> Subject: Rainbowtables for WPA PSK?
>
> Without studying the ins and outs, I think it should be
> possible to generate
> rainbowtables for WPA PSKs. Especially since on-the-fly
> cracking takes quite
> some time per crypt and most users use a alphanumeric
> characterset for the
> pass. It my assumption right? Anyone already working on this
> subject? Please
> let me know!
>
> Gz,
> Jeroen
>
>
>
> --------------------------------------------------------------
> ----------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking
> applications on your
> website. Up to 75% of cyber attacks are launched on shopping
> carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are
> futile against web application hacking. Check your website
> for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks
> before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------
> -----------------
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Dave Bush: "Re: IPS Comparison"
• Previous message: Jerry: "Don't mess up!"
• Maybe in reply to: Jeroen: "Rainbowtables for WPA PSK?"
• Next in thread: Seth Fogie: "Re: Rainbowtables for WPA PSK?"
• Reply: Seth Fogie: "Re: Rainbowtables for WPA PSK?"
• Reply: Joshua Wright: "Re: Rainbowtables for WPA PSK?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:17 EDT