Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Introduction

There is a new version of this article here.

Previously, we showed you how to secure your wireless with industrial strength RADIUS authentication via WPA-Enterprise. It turns out that there's a little back-story there. So, in traditional Tarentino fashion, now that we've already seen the ending, let's back up to the beginning: cracking WPA-PSK.

Wi-Fi Protected Access (WPA) was created to solve the gaping security flaws that plagued WEP. Perhaps the most predominant flaw in WEP is that the key is not hashed, but concatenated to the IV, allowing completely passive compromise of the network. With WEP, you can literally sit in your car listening for packets on a network. Once you have captured enough of them, you can extract the key and connect to the network.

WPA solves this problem by rotating the key on a per-packet basis, which renders the above method useless. However, nothing is perfectly secure, and WPA-PSK is particularly vulnerable during client association, during which the hashed network key is exchanged and validated in a "four-way handshake".

The Wi-Fi Alliance, creators of WPA, were aware of this vulnerability and took precautions accordingly. Instead of concatenating the key in the IV (the weakness of WEP), WPA hashes they key using the wireless access point's SSID as a salt. The benefits of this are two-fold.

First, this prevents the statistical key grabbing techniques that broke WEP by transmitting the key as a hash (cyphertext). It also makes hash precomputation via a technique similar to Rainbow Tables more difficult because the SSID is used as a salt for the hash. WPA-PSK even imposes a eight character minimum on PSK passphrases, making bruteforce attacks less feasible.

So, like virtually all security modalities, the weakness comes down to the passphrase. WPA-PSK is particularly susceptible to dictionary attacks against weak passphrases. In this How To, we'll show you how to crack weak WPA-PSK implementations and give you some tips for setting up a secure WPA-PSK AP for your SOHO.

NOTE!Warnings:
  • Accessing or attempting to access a network other than your own (or have permissions to use) is illegal.
  • SmallNetBuilder, Pudai LLC, and I are not responsible in any way for damages resulting from the use or misuse of information in this article.

NOTE!Note: The techniques described in this article can be used on networks secured by WPA-PSK or WPA2-PSK. References to "WPA" may be read "WPA/WPA2".

More Wireless

TRENDnet logo

How Powerline Can Solve Your Wi-Fi Woes - There's a better way to get WiFi Everywhere™.

Wi-Fi System Tools
Check out the new Wi-Fi System Charts, Ranker and Finder!

Featured Sponsors


Win This!

TRENDnet TPL-430APK WiFi Everywhere Powerline 1200 AV2 Wireless Kit

You could win a TRENDnet TPL-430APK WiFi Everywhere Powerline 1200 AV2 Wireless Kit

Learn How!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

ASUS ROG RAPTURE GT-AC5300 vs NETGEAR R7800 Nighthawk X4S: #1 vs #2 on the router ranking. Which one would you buy?
For starters, I am completely new to this. However I can follow instructions, or guides without hand holding =)My overall objective is to replace Cent...
Hi,I've flashed 4 TM-AC1900 (t-mobile version) to RT-AC68U. It shows the router as a ASUS RT-AC68U at the top left header using both the ASUS and Merl...
I decided to log into my router admin page to see if there were any updates. I then checked my clients and noticed that there was an ip / MAC address ...
I'm running Asuswrt-merlin 382.1_2 (though I've noticed the issue over pretty much all versions I've run). Even with Set AP Isolated disabled, I'm hav...

Don't Miss These

  • 1
  • 2
  • 3
Get Backblaze Now!