Re: Rainbowtables for WPA PSK?

From: Fabien Degouet (fdegouet@conthackto.com.mx)
Date: Wed Dec 21 2005 - 00:49:58 EST

• Next message: Talisker: "RE: IPS Comparison"
• Previous message: Wade Woolwine: "Re: database scanning tools"
• In reply to: Jeroen: "Rainbowtables for WPA PSK?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

AFAIK the hashes used during the authentication are salted with the SSID...

It means that building rainbow-like tables would be made SSID-based..It
sounds almost impossible.

fabien

----- Original Message -----
From: "Jeroen" <jeroen@isvet.nl>
To: <pen-test@securityfocus.com>
Sent: Tuesday, December 20, 2005 2:58 PM
Subject: Rainbowtables for WPA PSK?

> Without studying the ins and outs, I think it should be possible to
generate
> rainbowtables for WPA PSKs. Especially since on-the-fly cracking takes
quite
> some time per crypt and most users use a alphanumeric characterset for the
> pass. It my assumption right? Anyone already working on this subject?
Please
> let me know!
>
> Gz,
> Jeroen
>
>
>
> --------------------------------------------------------------------------

----
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
> futile against web application hacking. Check your website for
vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------------------
-----
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Talisker: "RE: IPS Comparison"
• Previous message: Wade Woolwine: "Re: database scanning tools"
• In reply to: Jeroen: "Rainbowtables for WPA PSK?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:17 EDT