RE: Rainbowtables for WPA PSK?

From: Rocky (rocky.he@g-wizinnovations.com)
Date: Wed Dec 21 2005 - 15:19:10 EST


Hi,
This isn't really practical. With Rainbow crack you have to supply the hash
of the password which is then looked up in the tables. You could only do
something like this if you had the hashed PSK. From what I understand the
PKS is never transmitted. So how are you going to get a hold of the hash?
You could try to extrapolate it from a capture but it's only used for the
initial authentication. Which in turn means you'd have to capture about
15,000 authentications.

It would be easier to just crack the password on the AP or a client and read
the PSK off of it. IMOH

RH

-----Original Message-----
From: Jeroen [mailto:jeroen@isvet.nl]
Sent: Tuesday, 20 December 2005 1:58 PM
To: pen-test@securityfocus.com
Subject: Rainbowtables for WPA PSK?

Without studying the ins and outs, I think it should be possible to generate
rainbowtables for WPA PSKs. Especially since on-the-fly cracking takes quite
some time per crypt and most users use a alphanumeric characterset for the
pass. It my assumption right? Anyone already working on this subject? Please
let me know!

Gz,
Jeroen

----------------------------------------------------------------------------

--
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:17 EDT