From: Seth Fogie (seth@fogieonline.com)
Date: Wed Dec 21 2005 - 23:08:01 EST
I will pipe in once again...
This Cisco article below has a part one with it as well (they are
actually hosted at InformIT.com). I wrote these up because there was
little out that really explained step by step how WPA cracking works.
Joshua Wright wrote the program I reference in this article (cowpatty).
http://www.informit.com/articles/article.asp?p=369221 (part 1)
http://www.informit.com/articles/article.asp?p=370636 (part 2)
Just another two cents...
Meidinger Chris wrote:
>Hi Jeroen,
>
>Both STA and AP use nonces to defeat a replay or precalc attack.
>
>http://en.wikipedia.org/wiki/Nonce
>
>Key generation is significantly more complicated in WPA than in WEP.
>
>Here's a brief bit about what's relevant to cracking WPA:
>
>http://www.ciscopress.com/articles/article.asp?p=370636&seqNum=6&rl=1
>
>And I hate to post a microsoft link, but this explains WPA key
>generation and mangement very clearly:
>
>http://www.microsoft.com/technet/community/columns/cableguy/cg0805.mspx
>
>Cheers,
>
>Chris
>
>
>
>>-----Original Message-----
>>From: Jeroen [mailto:jeroen@isvet.nl]
>>Sent: Tuesday, December 20, 2005 9:58 PM
>>To: pen-test@securityfocus.com
>>Subject: Rainbowtables for WPA PSK?
>>
>>Without studying the ins and outs, I think it should be
>>possible to generate
>>rainbowtables for WPA PSKs. Especially since on-the-fly
>>cracking takes quite
>>some time per crypt and most users use a alphanumeric
>>characterset for the
>>pass. It my assumption right? Anyone already working on this
>>subject? Please
>>let me know!
>>
>>Gz,
>>Jeroen
>>
>>
>>
>>--------------------------------------------------------------
>>----------------
>>Audit your website security with Acunetix Web Vulnerability Scanner:
>>
>>Hackers are concentrating their efforts on attacking
>>applications on your
>>website. Up to 75% of cyber attacks are launched on shopping
>>carts, forms,
>>login pages, dynamic content etc. Firewalls, SSL and
>>locked-down servers are
>>futile against web application hacking. Check your website
>>for vulnerabilities
>>to SQL injection, Cross site scripting and other web attacks
>>before hackers do!
>>Download Trial at:
>>
>>http://www.securityfocus.com/sponsor/pen-test_050831
>>--------------------------------------------------------------
>>-----------------
>>
>>
>>
>>
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>futile against web application hacking. Check your website for vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------
>
>
>
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:17 EDT