Has AES (WPA or WPA2) been cracked yet?
Results 1 to 8 of 8

Thread: Has AES (WPA or WPA2) been cracked yet?

  1. #1
    Junior Member
    Join Date
    Feb 2006
    Posts
    2

    Has AES (WPA or WPA2) been cracked yet?

    I've done a lot of googling but haven't really found an answer. WPA+TKIP has been cracked, that much I'm aware of. But WPA+AES or WPA2+AES?

  2. #2
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    Oddly enough, I was just discussing that with someone here. You mentioned WPA+TKIP has been cracked, do you have any more information/proof on that? I could really use the information.

    Thanks,
    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  3. #3
    Junior Member
    Join Date
    Feb 2006
    Posts
    2
    Proof (two flash movies):
    http://www.crimemachine.com/Tuts/Flash/WPA.html
    http://www.crimemachine.com/Tuts/Fla...crack-wpa.html

    Other tools for WPA cracking includes coWPAtty and WPA Crack. Thing is, I don't think they can do AES, only TKIP. As far as I understand, AES itself has only been cracked like nine times or something like that, and only by doing side channel attacks. That's way outta my league though.

    For a guide on using those tools I have to point you towards Google ^^

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    Cracking TKIP: The New Menace

    As you will see in the following Defense chapters, 802.11i TKIP eliminates the vulnerabilities of WEP we have described and is considered to be practically uncrackable, or is it? When the TKIP keys are generated, distributed, and rotated using 802.1x and RADIUS, a cracker won't get far trying to crack the keys. Instead, he or she will probably choose a more lateral approach, trying to attack the 801.1x itself. However, if 802.1x cannot be used, a preshared key (PSK) will substitute it as a key establishment method. Although each client host can have its own PSK, at the moment the only real-world implementation of the PSK available is a single PSK per ESSID, just like WEP was. However, the PSK is not used to encrypt data like WEP. Instead, it is employed to generate pairwise transient keys (PTK) for each TKIP-protected connection. These keys are distributed by a four-way handshake and, apart from the PSK, use two nonces from the two first packets of the handshake and two MAC addresses of the involved hosts. Because the handshake packets and the MAC addresses are easy to sniff out, once you know the PSK, you can easily produce all the PTKs you need and the network is yours to take. As usual, the handshake can be initiated by a DoS attack deassociating a client host from the AP. This already eliminates the advantage of TKIP preventing the "nosey employee attack" (users on the same WLAN sniffing each other's traffic). Such an attack can be mitigated by users not knowing the PSK, which creates additional load on the system administrator, who is now also responsible for entering the key on every user's box.

    But can an outside attacker obtain the PSK and take over the WLAN? With some luck he or she can. In a four-way handshake, the PTK is used to hash the frames. Because we know both nonces and both MACs, all we need to derive the PSK from the PTK is to crack the hash. Offline hash cracking is neither new nor hard to perform. We deal with it in this chapter, too, in a section devoted to attacks against EAP-LEAP. A PSK is 256 bits long; this is a significantly large number. Although this is great from the cryptographic point of view, no user would ever remember or easily enter a password string that long. Thus, the PSK is generated from an ASCII passphrase in accordance with the following formula:

    PMK = PBKDF2(passphrase, essid, essidLength, 4096, 256)

    where PBKDF2 is a cryptographic method from the PKCS #5 v2.0 Password-based Cryptography Standard. In a nutshell, the string of the passphrase, the ESSID, and its length are hashed 4,096 times to generate a 256-bit key value. Interestingly, neither the length of the passphrase nor the length of the ESSID has a significant impact on the speed of hashing. As stated in the 802.11i standard, a typical passphrase has approximately 2.5 security bits per single character. The n bits passphrase should produce a key with 2.5*n + 12 security bits. In accordance with this formula (and the 802.11i standard), a key generated from a passphrase less than 20 characters in length is not sufficiently secure and can be cracked. Just how many users (or even system administrators) usually choose and remember passwords of 20 characters or more?

    The practical attack against PSK-using TKIP would resemble an offline WEP cracking with WEPattack. The handshake frames capture can be done after deassociating a wireless host by one of the DoS attacks described in this chapter. Robert Moskowitz, who proposed this attack, considers it to be easier to execute than, for example, brute-forcing or running dictionary attacks against WEP. Although no ready tool to perform the offline TKIP cracking exists at the moment of writing, the bounty is too high and most likely by the time you buy this book, the cracking underground will come up with one. After all, we are talking about a hash-cracking tool similar to md5crack and a shell script to send deassociate frames and capture the handshake afterward to provide the feed for a hash cracker. Similar functionality is already implemented in a wireless attack tool, namely the Asleap-imp.

    What would be the impact of such an attack? The wireless networks that do not use 802.1x for TKIP keys distribution and rotation are primarily the networks lacking a RADIUS server due to installation difficulties, price, or other reasons. The networks using legacy wireless hardware and firmware incapable of handling 802.1x also fall into this category. This means that SOHO networks and public hotspots (mind the users bringing "ancient" unupdated client cards) are the networks expected to be susceptible to offline TKIP cracking attacks. These are precisely the kind of networks on which users and administrators are likely to set simple, easy-to-crack passwords that can be found in a modest dictionary. This is clearly a case of Murphy's Law at work.

    www.cs.dartmouth.edu/~cs38/local/wi-foo-chapter.html+robert+moskowitz+TKIP+CRACK&hl=en&gl=us&ct=clnk&cd=36]Found Here[/url]
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    I don't know of too much AES being cracked. Well, none that I have heard of but, I plan on researching it some more.
    Now, as for WPA-PSK:
    Tedob1 is correct. We had this discussion some time ago here at AO. Thread here
    This article (that Tedob1 provided) once again emphasizes just how important the selection of a passphrase really is.
    In accordance with this formula (and the 802.11i standard), a key generated from a passphrase less than 20 characters in length is not sufficiently secure and can be cracked. Just how many users (or even system administrators) usually choose and remember passwords of 20 characters or more?
    answer: at least one...me

    Here's the formula in a nutshell (just adding/reiterating onto what Tedob1 posted)
    Notice the the only real thing stopping someone is what's in bold. That's right. The passphrase.

    PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)
    PTK = PRF-512(PMK, “Pairwise key expansion”, Min(AP_Mac, Client_Mac) ||
    Max(AP_Mac, Client_Mac) || Min(ANonce, SNonce) || Max(ANonce, SNonce))

    Some more articles I linked to from the old post are:
    http://wifinetnews.com/archives/002452.html
    http://www.tinypeap.com/docs/WPA_Pas...k_Overview.pdf
    http://arstechnica.com/articles/paedia/security.ars/3
    granted some of these articles are older but, none the less important reading.
    In any event, I will keep telling people to create good passphrases (25+ chars, upper/lower case, symbols, numbers) until I turn blue in the face and my testies fall off. I'm glad Tedob brought this back up as it should be focused on with wifi popping up all over the place.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Originally posted here by ShagDevil
    I don't know of too much AES being cracked. Well, none that I have heard of but, I plan on researching it some more.
    Now, as for WPA-PSK:
    Tedob1 is correct. We had this discussion some time ago here at AO. Thread here
    This article (that Tedob1 provided) once again emphasizes just how important the selection of a passphrase really is.

    answer: at least one...me
    Count me in...

    I treat WPA passphrases the same way I treat ipsec shared secrets and such...
    Use a tool to generate 20+ random chars, keep it in passwordsafe (or such), copy-paste it when you need it...


    Ammo
    Credit travels up, blame travels down -- The Boss

  7. #7
    Junior Member
    Join Date
    Feb 2006
    Posts
    2
    funny little story about this. about eight months ago my company gave a nice little laptop to use at home. i get it home boot it up and there are five networks in my neighborhood. one is called linksys i connect no problem go to the default config page for router, yep default password in place. dumb people! i still don't who owns that one. next one is well protected, next 3 unprotected and router named as person's last name. one i'll call smith. my nextdoor neighbor. i left a "ha ha you been hacked" message on his desktop. the message basically said you should secure or call me and i'll do it for you. i usually see him out doing chores, playing with the kids and such and we bs all the time. after about two weeks, he still hasn't secured it and never mentions the message, so i ask him if he's evergonna secure his network and asked about my message. he had no idea what i was talking about. to make a long story short the guy directly behind him has been using his access for the past four months, and that was the computer i left the message on.needless to say when i setup my wireless i made sure it was well protected.

  8. #8
    Junior Member
    Join Date
    Feb 2006
    Posts
    2
    ooppss sorry wrong thread thought i was in the unconfigureded wireless ap ethics thread <embarrasssed, blushing hiding now! >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •