Home page logo

pen-test logo Penetration Testing mailing list archives

RE: WPA-PSK audit
From: "Ng, Kenneth (US)" <kenng () kpmg com>
Date: Thu, 3 Jan 2008 13:29:16 -0500

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Joshua Wright
Sent: Friday, December 28, 2007 9:06 PM
To: Nikolaj
Cc: pen-test () securityfocus com
Subject: Re: WPA-PSK audit

* PGP Signed by an unknown key: 12/28/2007 at 09:05PM

I'd like to know of any existing tools designed to test the WPA-PSK
security mode. I know it's more secure than wep with TKIP and so on
I wonder if there are any tools that are able to crack the WPA key
within a reasonable time limit - 2-3 hours? Any ideas and suggestions
WPA security will be appreciated.

I think it is unlikely that dictionary attacks will be effective
WPA/WPA2-PSK networks, as long as the passphrase is reasonable and not
dictionary word.  That said, WPA/WPA2-PSK is not a suitable
authentication mechanism for enterprise networks.  Since the PSK is
shared among all stations on the wireless network, every user with a
workstation that has the PSK could conceivably know the PSK and share
with anyone else.  Further, a stolen device could disclose the PSK for
the network, compromising all later data exchanges.

Josh, since all you need is a copy of the PSK, couldn't you target the
corporation with a spearfishing attack with malware that gets the PSK
and then sends it to an anonymous drop site?  If a laptop is stolen,
then there is a chance they may figure out that the PSK was compromised.
But with malware that terminates after uploading the PSK, there won't be
a trace, unless you can find it in the firewall logs or something.

<p>The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else is
unauthorized. If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on it, is
prohibited and may be unlawful. When addressed to our clients any opinions or
advice contained in this email are subject to the terms and conditions
expressed in the governing KPMG client engagement letter.</p>

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]