Nope. No-can-do. The passphrase is salted with the SSID.Originally Posted by damocles
Cracking my WPA AP
Hi all,
I have been testing a lot lately on my Linksys AP. WEP 128 bit and 64 bit is no problem anymore. But now I wanted to focus on WPA encryption. I have read some information on it, but still some things are not clear yet.
I have switched my encryption to WPA on my router with a Pre shared key. I have put a phrase in it. Not a standard phrase, so you won't find it in any dictionaries.
But now i'm stuck. I wan't to learn how to crack my own AP with the WPA protection. But how? I can't find any good tutorials on this subject. I have found some videos, but they all think the keyphrase is in the dictionary.
Is it possible to crack my WPA key when the keyphrase is not in the dictionary by brute forcing it? Who got the right tutorial for this?
Maybe it's just me and i'm a bad user of the search function, but I can't find it here or on google.
Nope. No-can-do. The passphrase is salted with the SSID.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
you need to search for john the ripper and cowpatty and how to use them in conjunction with each other. Also search for how to capture the 4 way handshake.
you will also need alot of time, cpu cycles or a cluster if you have chosen any kind of descent passphrase.
Also rainbow tables may be worth looking into
If you already know the SSID, genpmk will generate your own tables. Only if the SSID is already in a pre-computed set of tables, will those tables help at all...and only then if the passphrase was in the dictionary used to create the tables.
Lastly, you need an already-authenticated client.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
This should tell you about how long it would take.
Ok, so whenever I think of something that is not in the dictionary file, it won't be able to find it? That's what I make out of the answers. But for WEP there are all clear tuts on what to do and what not to do. There is no clear WPA tutorial which take you through it step by step? I could go and try things out like I have been doing, but that's not really working right now haha
FYI, both coWPAtty and Aircrack use dictionary attacks which are not strictly brute force attacks.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
This is correct. Your best bet to crack WPA is a good dictionary file and a weak passphrase.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
Google Search time: 0.27 seconds
tutorial How to Crack WPA
This is why I said "may"
The intention was only a point in the right direction for research, which if done properly would show just how impractical given a good passphrase this can be.
Posting Permissions