WPA2 Cracking (can it be cracked?/how?)

[cynicalpsycho]

Is it true that brute forcing isn't effective on wpa2 and that dictionary attacks are the only effective means of breaking it? if so why is that.

and if that is the case; if the my ssid password was:
6nG*4jkLM35 biteme26(@!nTDjk249w

It would make it relatively uncrackable (i know, there's no such thing right?) using methods like aircrack (without say, a computer with ridiculous processing power and alot of time) right?

How else can I/someone else crack my wifi net if not by this means?

[drgr33n]

Think you posted in the wrong section defo a newb post

Is it true that brute forcing isn't effective on wpa2 and that dictionary attacks are the only effective means of breaking it? if so why is that.

brute forcing is a dictionary attack.

and if that is the case; if the my ssid password was:
6nG*4jkLM35 biteme26(@!nTDjk249w

It would make it relatively uncrackable

yep

(i know, there's no such thing right?) using methods like aircrack (without say, a computer with ridiculous processing power and alot of time) right?

Think your a bit confused with the actual way wpa and wpa2 is attacked try wikpedia.

How else can I/someone else crack my wifi net if not by this means?

http://hackaday.com/2008/11/09/new-wpa-tkip-attack/

[imported_cybrsnpr]

http://hackaday.com/2008/11/09/new-wpa-tkip-attack/

Dr GrEeN; I read about this a while back (I guess probably around last Nov , do you know if anyone has actually come up with an implementation of these techniques?

[cynicalpsycho]

Think you posted in the wrong section defo a newb post

thanks... your posts have been real helpful...
and yes I am a "newb" as you so eloquently state, but even Kevin Mitnik had to start somewhere... i'll be sure to stay in the newb forums from here on out

brute forcing is a dictionary attack.

Actually you said that backwards...
a dictionary attack is a form of brute forcing.

Brute force attack generates all of the possible combination of a given set of characters in hopes of guessing the actual pass.

While dictionary attacks take this a step further and have predefined common password lists. That will speed along the guessing, (if the word is in said list)

Think your a bit confused with the actual way wpa and wpa2 is attacked try wikpedia.

Unfortunately wikipedia doesn't cover such a top with the kind of depth I was hoping to find here...

hackaday.com/2008/11/09/new-wpa-tkip-attack

Aircracks website is down...

[imported_cybrsnpr]

Aircracks website is down...

THIS link allows you to view the linked paper as html

[cynicalpsycho]

is link allows you to view the linked paper as html

ahh! google cache... i'd forgotten all about it... thanks cybrsnpr.

and to mr green, great info, thanks for sharing.

[Relentless]

Your passphrase is > 21 characters, whoever plans to crack your wireless AP or wireless router better have mad patient skills.

In the paper "Practical Attacks Against WEP & WPA" the authors emphasize that the PSK key
has to be "weak" in order for this to work at the begining of the paper; in addition, to the fact that the clients must be using WPA+TKIP to associate to the AP or wireless router .

However, In 2003 Robert Moskowitz of ISCA Labs detailed the potential problems of deploying weak passwords/passphrases with WPA in his paper: "Weakness in Passphrase Choice in WPA Interface," where Moskowitz points out that a short passphrase < 21 characters is susceptible to a dictionary attack.

Furthermore, I also thought that this was an interesting statement at the end of the paper: " Practical attacks against
WEP and WPA,"- "Our attack on TKIP in Section 5 shows that even WPA with a "strong" password is
not 100% secure and can be attacked in a real world scenario."

So one would have to ask, how long was the password/passphrase they tested in their paper "Practical attacks against
WEP and WPA."

And how long will it take to crack a passphrase that is greater than 21 charaters, especially in Cynicalpsycho's case where the passphrase has a combination of alphanumerica characters+space+and other random symbols.

Maybe a lab is in order ;-).

[imported_cybrsnpr]

I apologize in advance for taking the thread a bit off topic...

Good points Oktet. Given time, computing power, and disk space, any WPA/WPA2 "personal" (i.e. passphrase) key can be broken. 802.1x ("enterprise") may be a different story. But, when dealing with a private entity (home, personal, non-business) IMHO, all you really need to worry about is "am I faster than the other guy running from the bear?"

Unless a really determined adversary is after you, a strong non-dictionary based WPA passphrase should suffice for good security. Unless of course, your Govt is after you

[cynicalpsycho]

In the paper "Practical Attacks Against WEP & WPA" the authors emphasize that the PSK key
has to be "weak" in order for this to work at the begining of the paper; in addition, to the fact that the clients must be using WPA+TKIP to associate to the AP or wireless router .

However, In 2003 Robert Moskowitz of ISCA Labs detailed the potential problems of deploying weak passwords/passphrases with WPA in his paper: "Weakness in Passphrase Choice in WPA Interface," where Moskowitz points out that a short passphrase < 21 characters is susceptible to a dictionary attack.

Furthermore, I also thought that this was an interesting statement at the end of the paper: " Practical attacks against
WEP and WPA,"- "Our attack on TKIP in Section 5 shows that even WPA with a "strong" password is
not 100% secure and can be attacked in a real world scenario."

So one would have to ask, how long was the password/passphrase they tested in their paper "Practical attacks against
WEP and WPA."

Yeah exactly, they never really specified what a 'strong' password is, i mean i know some people (who's job IS security... in a place where *you would think* security really matters...) consider "68.GO.bang" a 'strong' pass. 2 upper 2 lower -alpha, 2 special chars, and 2 #s with at least 10 chars total.

And how long will it take to crack a passphrase that is greater than 21 charaters, especially in Cynicalpsycho's case where the passphrase has a combination of alphanumerica characters+space+and other random symbols.

Maybe a lab is in order ;-).

Certainly sounds like something worth looking into. It would help to build a good security policy.

Knowing how long it would take say a quad core (it would be rather pointless to go into supercomputing) computer to crack such a pass-phrase would make it easy to determine how often you should switch up your.

You're always hearing people complaining about how inherently insecure wifi is, it would be nice to have at least a little piece of mind on the subject.

another thing worth looking into is the encryption and wifi's susceptibility to monitoring.

[cynicalpsycho]

I apologize in advance for taking the thread a bit off topic...

Good points Oktet. Given time, computing power, and disk space, any WPA/WPA2 "personal" (i.e. passphrase) key can be broken. 802.1x ("enterprise") may be a different story. But, when dealing with a private entity (home, personal, non-business) IMHO, all you really need to worry about is "am I faster than the other guy running from the bear?"

Unless a really determined adversary is after you, a strong non-dictionary based WPA passphrase should suffice for good security. Unless of course, your Govt is after you

lol, well if you're governments after you, i doubt wifi is going to be your biggest concern. and if that were the case, you just plain shouldn't be on the net. but you're right... what's the average motive for cracking someones wifi?
boredom, curiosity, fun, free internet... i'm sure most would just break off and go for the easy kill. if not for the already dead (ie: my neighbors who leave their net wide open.)
another good deterrent could be using those programs that spam out hundreds of false ssid's.

lol so much for going offtopic.