lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 08 Nov 2004 16:35:30 -0500
From: Joshua Wright <jwright@...borg.com>
To: bugtraq@...urityfocus.com
Subject: Offline WPA-PSK auditing tool (coWPAtty)


A while back, Robert Moskowitz published a paper titled "Weakness in 
Passphrase Choice in WPA Interface" [1] that described a dictionary 
attack against wireless networks using the TKIP protocol with a 
pre-shared key (PSK).

Even though the WPA-PSK authentication mechanism was intended to be used 
solely for consumer networks, I've seen a surprising number of SMB and 
Enterprise networks that have adopted it, presumably for its ease of use.

Fortunately, offline dictionary attacks are not terribly effective 
against WPA-PSK networks, due to the IEEE selection of the pbkdf2 
algorithm for PSK hashing.  For a dictionary attack to be effective, it 
must take each dictionary word and perform 4096 iterations of HMAC-SHA1 
with two nonce values and the supplicant and authenticator MAC 
addresses.  I've optimized the ipad and opad calculations in an attempt 
to optimize this process, but I'm only able to accommodate approximately 
70 words/second on a Pentium 4 3.8 GHz system (5570 bogomips).

Max Moser offered to host coWPAtty for me, available at 
http://www.remote-exploit.org/?page=codes.  coWPAtty was written for 
Linux systems; please let me know if you get it running on other 
platforms as well.  More information is available in the README and FAQ 
files included in the tarball.

Thanks,

-Josh

[1] http://wifinetnews.com/archives/002452.html
-- 
-Joshua Wright
jwright@...borg.com
http://home.jwu.edu/jwright/

pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73

Today I stumbled across the world's largest hotspot.  The SSID is "linksys".

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ