Lost Password? No account yet? Sign up! Why bother?
  • Narrow screen resolution
  • Wide screen resolution
  • Auto width resolution
  • Increase font size
  • Decrease font size
  • Default font size

SmallNetBuilder - Small Network Help

  
Home arrow Wireless arrow Wireless How To arrow How To Crack WPA / WPA2
How To Crack WPA / WPA2 Print E-mail
Brandon Teska   
January 15, 2008
Slashdot
Digg
Technorati
Delicious
Stumble

Introduction

Previously, we showed you how to secure your wireless with industrial strength RADIUS authentication via WPA-Enterprise. It turns out that there's a little back-story there. So, in traditional Tarentino fashion, now that we've already seen the ending, let's back up to the beginning: cracking WPA-PSK.

Wi-Fi Protected Access (WPA) was created to solve the gaping security flaws that plagued WEP. Perhaps the most predominant flaw in WEP is that the key is not hashed, but concatenated to the IV, allowing completely passive compromise of the network. With WEP, you can literally sit in your car listening for packets on a network. Once you have captured enough of them, you can extract the key and connect to the network.

WPA solves this problem by rotating the key on a per-packet basis, which renders the above method useless. However, nothing is perfectly secure, and WPA-PSK is particularly vulnerable during client association, during which the hashed network key is exchanged and validated in a "four-way handshake".

The Wi-Fi Alliance, creators of WPA, were aware of this vulnerability and took precautions accordingly. Instead of concatenating the key in the IV (the weakness of WEP), WPA hashes they key using the wireless access point's SSID as a salt. The benefits of this are two-fold.

First, this prevents the statistical key grabbing techniques that broke WEP by transmitting the key as a hash (cyphertext). It also makes hash precomputation via a technique similar to Rainbow Tables more difficult because the SSID is used as a salt for the hash. WPA-PSK even imposes a eight character minimum on PSK passphrases, making bruteforce attacks less feasible.

So, like virtually all security modalities, the weakness comes down to the passphrase. WPA-PSK is particularly susceptible to dictionary attacks against weak passphrases. In this How To, we'll show you how to crack weak WPA-PSK implementations and give you some tips for setting up a secure WPA-PSK AP for your SOHO.

NOTE!Warnings:
  • Accessing or attempting to access a network other than your own (or have permissions to use) is illegal.
  • SmallNetBuilder, Pudai LLC, and I are not responsible in any way for damages resulting from the use or misuse of information in this article.

NOTE!Note: The techniques described in this article can be used on networks secured by WPA-PSK or WPA2-PSK. References to "WPA" may be read "WPA/WPA2".


Prev     Page 1 of 7     Next >>

Comments (10)Add Comment

Write comment

busy

Tags: Hacking, How To, WiFi, WPA,

Related Articles:

The Feds can own your WLAN too
WEP Cracking...Reloaded
How To Crack WEP - Part 1: Setup & Network Recon
How To Crack WEP - Part 2: Performing the Crack
How To: Setting up FreeRADIUS for WPA & WPA2 Enterprise - Part 1
 

Top Wireless Products

Wireless G Wireless Router (802.11b/g, 54 Mbps, 128 Bit WEP)
Lowest Price: $ 46.16

WRT54G Wireless Router (802.11b/g, 54 Mbps, 128 Bit WEP, WPA)
Lowest Price: $ 34.99

Dual-Band Wireless-N Gigabit Router (802.11b/g, draft 802.11n, 300 Mbps, 256 Bit WEP, WPA2)
Lowest Price: $ 151.37

Micro Bluetooth USB Adapter (3MBytes/sec)
Lowest Price: $ 33.99

WRT150N Wireless Router (802.11b/g, draft 802.11n, 300 Mbps, 256 Bit WEP, WPA2)
Lowest Price: $ 55.95

Most Read

 

Slideshows

Netgear ReadyNAS Duo Trendnet TS-S402 2-Bay SATA I/II Network Storage Enclosure Netgear WNDR3300 RangeMax Dual-Band Wireless N Router HP mv5150 Media Vault Pro Iomega StorCenter Pro 200rL Trendnet 300Mbps Wireless N Home Router More
 

Got a Minute?

Win This!

You could win this D-Link Draft 11n Router and Card

Learn How!

The Charts

Wireless Performance Charts: Netgear WNDR3300
Trendnet TEW-632BRP 300Mbps Wireless N Home Router
NAS Performance Charts: Netgear ReadyNAS Duo
Netgear ReadyNAS Duo
Router Performance Charts: Belkin N Wireless
Belkin F5D8233-4 N Wireless Router

Latest FAQ

Tags

3G 802.11n AirMagnet Apple Atheros Belkin Buffalo BYOD CES 2007 CES2008 Contest D-Link gigabit Hacking HomePlug How To HP Iomega IPsec LAN Linksys Media adapter Media player Microsoft NAS Netgear Network camera open source powerline Qnap RAID router Router reviews Security Skype Skype phone Slideshow Smart Switch SMC SSL Synology Thecus Trendnet Tutorial UWB VoIP VPN WiFi Wireless Reviews ZyXEL
 

TG Daily

Stability-improving PS3 firmware coming soon

Your daily iPhone rumor: Intel confirms Atom for 3G iPhone

Bill Gates: E-Mail, cell phones not effective enough

Asus to produce millions of mobos with ‘instant’ OS technology

VIA to adopt 45 nm process and launch dual-core CPU by the end of 2009

Go Shopping with PriceGrabber

Get Email Updates

Enter your email address:

Delivered by FeedBurner once a day

MyHomeServer

A NASty showdown over at wired.com

SmallNetBuilder reviews the HP MV5150 Pro Home Server

Computer Shopper reviews the HP Media Vault MV2120

New Review - The Linksys Wireless-G Internet Home Monitoring Camera

PC Pro reviews the HP Media Vault Pro Server

ZWaveWorld

Is Z-Wave Secure? Ask the Expert

GE Z-Wave Wireless Lighting Dimmer Switch Review

Danish Company Offers Z-Wave Based Tools to Monitor Energy Use

 
 

This page took 0.958388805389 seconds to load.