Re: testing wireless security
--nextPart13195010.E1FQb4yoQL
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Monday 19 November 2007 05:55:07 pm Mark D. Foster wrote:
> Josh Paetzel wrote:
> > When I looked in to this it seemed that the current state of affairs is
> > that WPA can only be broken by brute-forcing the key. I don't recall if
> > that could be done 'off-line' or not. My memory is that the needed info
> > to attempt bruteforcing could be done by simply receiving....no need to
> > attempt to associate to the AP was needed. I'm not really interested =
in
> > disseminating links to tools that can be used to break wireless securit=
y,
> > but simple google searches will give you the info you need.....and the
> > tools are in the ports tree for the most part.
> >
> > Fortunately WPA allows keys that put even resource-rich attackers in to
> > the decade range to bruteforce.
>
> That would not appear to be a limitation of aircrack-ng
> http://www.freshports.org/net-mgmt/aircrack-ng/
>
> aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can
> recover this keys once enough encrypted packets have been captured.
> It implements the standard FMS attack along with some optimizations
> like KoreK attacks, thus making the attack much faster compared to
> other WEP cracking tools. In fact aircrack is a set of tools for
> auditing wireless networks.
>
> That said, I haven't (yet) tried it myself ;)
Well, if you were to read your own link for a bit you'd eventually find...
http://www.aircrack-ng.org/doku.php?id=3Dcracking_wpa
Quoting from the page....
WPA/WPA2 supports many types of authentication beyond pre-shared keys.=20
aircrack-ng can ONLY crack pre-shared keys. So make sure airodump-ng shows=
=20
the network as having the authentication type of PSK, otherwise, don't both=
er=20
trying to crack it.
There is another important difference between cracking WPA/WPA2 and WEP. Th=
is=20
is the approach used to crack the WPA/WPA2 pre-shared key. Unlike WEP, wher=
e=20
statistical methods can be used to speed up the cracking process, only plai=
n=20
brute force techniques can be used against WPA/WPA2. That is, because the k=
ey=20
is not static, so collecting IVs like when cracking WEP encryption, does no=
t=20
speed up the attack. The only thing that does give the information to start=
=20
an attack is the handshake between client and AP. Handshaking is done when=
=20
the client connects to the network. Although not absolutely true, for the=20
purposes of this tutorial, consider it true. Since the pre-shared key can b=
e=20
from 8 to 63 characters in length, it effectively becomes impossible to cra=
ck=20
the pre-shared key.
The only time you can crack the pre-shared key is if it is a dictionary wor=
d=20
or relatively short in length. Conversely, if you want to have an unbreakab=
le=20
wireless network at home, use WPA/WPA2 and a 63 character password composed=
=20
of random characters including special symbols.
=2D-=20
Thanks,
Josh Paetzel
PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB
--nextPart13195010.E1FQb4yoQL
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
iD8DBQBHQueaJvkB8SevrssRAkHVAKCZUK3FVIoZOgmQUSvgC/XA/jgL9wCgkkuL
Q3gFjNU5UNSH9bIRiys9Cfo=
=arkb
-----END PGP SIGNATURE-----
--nextPart13195010.E1FQb4yoQL--
討論串 (同標題文章)
完整討論串 (本文為第 4 之 4 篇):