For some reason, I had a delusion that WPA or WPA-2 was a pretty solid protocol for wireless network encryption if using AES as your encryption method (it might still be if you are not using PSK, but WPA-PSK is the default for most wireless routers out of the box). The only “good” attack that I knew of was the Rainbow tables attack, which was built out of a brute force dictionary attack on common WIFI ESSID names. For instance, if you use linksys as your ESSID (which is a common default network name for linksys wireless network devices out of the box), then it’s very likely someone could retrieve your PSK by using this attack.
As processors get more powerful, and the price of that computing power goes down, it becomes easier to perform brute force dictionary attacks. Now with clusters, even easier because you don’t need to have 1 large ultra-expensive super computer, but rather many average/cheap PCs grouped in a cluster to get the same or more processing power. The result, WPA Cracker. WPA Cracker claims to be able to crack your WPA-PSK password in about $20 minutes given a WPA handshake capture (which can be captured very easily by aircrack-ng).
Moral of the story: If you want to run wireless, segment your network or use something else rather than WPA-PSK… Like RADIUS.
More information: Here
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.