Results 1 to 3 of 3

Thread: WPA Cracking Proof of Concept Available

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    WPA Cracking Proof of Concept Available

    We warned you: short WPA passphrases could be cracked--and now the software exists: The folks who wrote tinyPEAP, a firmware replacement for two Linksys router models that has on-board RADIUS authentication using 802.1X plus PEAP, released a WPA cracking tool.

    As Robert Moskowitz noted on this site a year ago, a weakness in shorter and dictionary-word-based passphrases used with Wi-Fi Protected Access render those passphrases capable of being cracked. The WPA Cracker tool is somewhat primitive, requiring that you enter the appropriate data retrieved via a packet sniffer like Ethereal. Once entered, it runs the cracking algorithms.

    Remember that to crack WEP, an attacker has to gather many packets, possibly millions, but can then easily crack any key. For WPA, certain shorter or dictionary-based keys are highly crackable because an attacker can monitor a short transaction or force that transaction to occur and then perform the crack far away from the physical site.

    The solution to this WPA weakness involves one of three approaches:

    Choose a better passphrase: Pick passphrases that aren't entirely comprised of dictionary words, meaning they need some random nonsense in them. "My dog has fleas": very bad. "Mdasf;lkjadfklja;dfja;dfja;d": very good, but hard to type in. Passphrases should be at least 20 characters.

    Use randomness to choose a passphrase: A random passphrase of at least 96 bits and preferably 128 bits will defeat the cracking that Moskowitz wrote about, according to his paper. Tools like SecureEZSetup from Broadcom and AOSS (AirStation One-touch Setup System) from Buffalo are two automated ways to produce better passwords of this variety.

    Use WPA Enterprise or 802.1X + WPA: Deploy enterprise-based authentication which will allow a strong WPA key to be uniquely assigned to each user. This isn't as expensive as it once was. The TinyPEAP folks are pushing their method, but you can also turn to Interlink Networks's LucidLink product (for on-site control), Gateway Computer's 7000 series of access points with on-board PEAP service, and Wireless Security Corporation's WSC Guard, available from them directly or for certain Linksys models via Linksys.
    Source

    Get it here!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Has anyone had an opportunity to test out this POC?

    I haven't yet had the time to play.

    Just wanted to get some feedback on the tool.

    Thanks!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    The only WPA network that I could test as a passphrases soo long that I can hardly type in right the first time so this tool is not for me.
    -Simon \"SDK\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •