A new paper(1) discussing vulnerabilities on WPA2-PSK was released recently and many people have been interested in it, but have not gained access. By using a library, yes they still exist and are still useful, I was able to get access to the paper. WPA2-PSK has a key length between 8 to 63 ASCII characters. They collected WPA2 handshakes using Aireplay deauthentication attack. Their method uses pre generated dictionary of 666,696 entries and Aircrack to bruteforce the password in their test. They wrote a program that would generate a dictionary of all possible 95 ASCII characters for the entire PSK key space. They also discuss ways to prevent this type of attack. While the methodology is sound and I applaud anyone that publishes papers, but didnâ??t uncover a new flaw. WPA2 Rainbow tables(2) have been around for a while and you gain a huge speed advantages in this case. Pure brute forcing the entire ASCII passwords can be done without a pre generated dictionary and they didnâ??t discuss any speed trade-off by doing this. I would love to see a follow-up with comparisons.
 1. Tsitroulis, Achilleas, Dimitris Lampoudis, and Emmanuel Tsekleves. "Exposing WPA2 security protocol vulnerabilities." International Journal of Information and Computer Security 6.1 (2014): 93-107. 2. "The Renderlab: Church of Wifi WPA-PSK Lookup Tables." 2006. 2 May. 2014 <hxxp://www.renderlab.net/projects/WPA-tables/>
 -- Tom Webb |
Tom 45 Posts ISC Handler |
Reply Subscribe |
May 2nd 2014 3 years ago |
yet another inane argument that passwords are broken
Let's see, you generate a random 63 character string to use for the WPA2 share secret. That's 95^63 possible combinations or 10^124 possibilities. Would take the NSA a few centuries to crack. So what? If you pick a stupid password you get hacked. So what? You deserve it. |
Starlight 34 Posts Posts |
Reply Quote |
May 3rd 2014 3 years ago |
We all know that almost every encryption can be bruteforced. That is not the problem here afaik:
"Although the time taken to break into a system rises with longer and longer passwords. However, it is the de-authentication step in the wireless setup that represents a much more accessible entry point for an intruder with the appropriate hacking tools. As part of their purported security protocols routers using WPA2 must reconnect and re-authenticate devices periodically and share a new key each time. The team points out that the de-authentication step essentially leaves a backdoor unlocked albeit temporarily. Temporarily is long enough for a fast-wireless scanner and a determined intruder." |
Anonymous Posts |
Reply Quote |
May 3rd 2014 3 years ago |
Sign Up for Free or Log In to start participating in the conversation!