Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Will WPA ever become vulnerable?

  1. #1
    Junior Member MaxRabbit's Avatar
    Join Date
    Jan 2009
    Posts
    34

    Default Will WPA ever become vulnerable?

    WEP, I know, is extremely easy to crack. But I haven't been around the hacking scene long enough to know: did it take a long time to find an exploit, or was it very easy from the first place?

    And what about WPA? Will it ever become easy to crack?

    I'm curious because I have the hash recovered from my laptop's Window's wireless zero configuration utility, but I'm not satisfied. I would like to be able to get the full password. My password is not one able to be dictionary attacked, and I've heard bruteforcing is pointless-so I guess my only hope is time until a vulnerability?

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by MaxRabbit View Post
    WEP, I know, is extremely easy to crack. But I haven't been around the hacking scene long enough to know: did it take a long time to find an exploit, or was it very easy from the first place
    WEP was suspected to be fairly easy to crack early on, due to the math used to compute it. It took several years for it to go from being a function that a few knowledgeable people where able to perform, to becoming the brain dead simple exercise that it is now. The advances there were improvements in the breaking algorithms, the applications using those algorithms, and in processor speeds.

    Quote Originally Posted by MaxRabbit View Post
    And what about WPA? Will it ever become easy to crack?
    No. WPA is is much stronger mathematically; WPA2 is stronger yet. WEP was essentially designed by people who didn't know crypto. WPA and WPA2 were designed to be secure by crypto experts.

    Quote Originally Posted by MaxRabbit View Post
    I'm curious because I have the hash recovered from my laptop's Window's wireless zero configuration utility, but I'm not satisfied. I would like to be able to get the full password. My password is not one able to be dictionary attacked, and I've heard bruteforcing is pointless-so I guess my only hope is time until a vulnerability?
    Don't wait around expecting a WPA/WPA2 vulnerability to arrive. It may be a while.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Junior Member MaxRabbit's Avatar
    Join Date
    Jan 2009
    Posts
    34

    Default

    Well, I actually got the idea that it might become insecure when I was reading another thread where someone said that a new breakthrough may be leading to an easy crack. Unfortunately, it looks like this person was overly optimistic!

    So, I guess I could see if I could bruteforce it? Could you recommend the best/fastest program to me? The only special feature I would like is to be able to divide it up between like 4 computers.

  4. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by MaxRabbit View Post
    Well, I actually got the idea that it might become insecure when I was reading another thread where someone said that a new breakthrough may be leading to an easy crack. Unfortunately, it looks like this person was overly optimistic!

    So, I guess I could see if I could bruteforce it? Could you recommend the best/fastest program to me? The only special feature I would like is to be able to divide it up between like 4 computers.
    As a bruteforce attack per definition will try every single possible character combination the question is not whether or not you will be able to bruteforce the WPA passphrase, but how long it will take. If you are using a strong passphrase, say 20+ characters including both upper-/lowercase letters, numbers and special symbols, don't even bother to try to brute it. If you on the other hand want to do it out of pure interest, then add the word to a wordlist of yours and use it in the attack. The process and result will be exactly the same but save yourself an eternity or two.
    -Monkeys are like nature's humans.

  5. #5
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by MaxRabbit View Post
    Well, I actually got the idea that it might become insecure when I was reading another thread where someone said that a new breakthrough may be leading to an easy crack. Unfortunately, it looks like this person was overly optimistic!

    So, I guess I could see if I could bruteforce it? Could you recommend the best/fastest program to me? The only special feature I would like is to be able to divide it up between like 4 computers.
    Sure you can try, but the last time I computed the figures, it would take about 57 years for a 21 character passphrase.

    Read this thread:
    http://forums.remote-exploit.org/showthread.php?t=14379

    Specifically, starting at the top of page 3, where I run some of the numbers.
    http://forums.remote-exploit.org/sho...5593#post85593

    This page may help:
    http://www.frontlinedefenders.org/ma...ppendix_d.html
    Thorn
    Stop the TSA now! Boycott the airlines.

  6. #6
    Junior Member MaxRabbit's Avatar
    Join Date
    Jan 2009
    Posts
    34

    Default

    Quote Originally Posted by Thorn View Post
    Sure you can try, but the last time I computed the figures, it would take about 57 years for a 21 character passphrase.
    Well, thanks-that's unfortunate. My password isn't about to be hit in a dictionary attack: it's *myinitialsallcaps*w1r3l3$$n3tw0rk... I suppose that's good-no one will be able to crack into my network, but I wish I could've cracked it

  7. #7
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by MaxRabbit View Post
    Well, thanks-that's unfortunate. My password isn't about to be hit in a dictionary attack: it's *myinitialsallcaps*w1r3l3$$n3tw0rk... I suppose that's good-no one will be able to crack into my network, but I wish I could've cracked it
    Well then add it to one of your dictionaries and you will be able to crack it. However if that is your actual key, it might be a good idea to change it after this.
    -Monkeys are like nature's humans.

  8. #8
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by MaxRabbit View Post
    Well, thanks-that's unfortunate. My password isn't about to be hit in a dictionary attack: it's *myinitialsallcaps*w1r3l3$$n3tw0rk... I suppose that's good-no one will be able to crack into my network, but I wish I could've cracked it
    Also you should know that while you may believe that to be a strong password in light of the special character/number replacements, there are actually a large number of "1337 speak" filters that will generate pass-phrases based on that very concept. With that in mind, you may want to change your password



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  9. #9
    Junior Member MaxRabbit's Avatar
    Join Date
    Jan 2009
    Posts
    34

    Default

    Quote Originally Posted by =Tron= View Post
    Well then add it to one of your dictionaries and you will be able to crack it. However if that is your actual key, it might be a good idea to change it after this.
    But adding it to my dictionary isn't any fun

  10. #10
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by MaxRabbit View Post
    But adding it to my dictionary isn't any fun
    I understand that, but on the other hand it will not change the actual process one bit. You have to keep in mind that the only weakness any dictionary based attack takes advantage of is the tendency of users to choose a common or easily guessed word as their password.

    Therefore you should not feel like you failed when your passphrase can't bee found in one of your wordlists, but instead applaud yourself.
    -Monkeys are like nature's humans.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •