How easy is it to Brute force WPA2-PSK?

B

Bonksnp

Supreme [H]ardness
Joined
Jan 13, 2006
Messages
7,264
I've been reading about this today (since our company uses it) and alot of security sites are tearing it up saying that corperations who use this are pretty much failsauce.

I have a little bit of back ground in security and would like to crack the PSK to show how easy it is to hack our network (even though the wireless I'm refering to goes to a seperate VLAN)
 
The biggest problem with PSK is that a company has to distribute the PSK to every client and can't prevent unauthorized access if the PSK gets out. I would only consider PSK marginally acceptable in very small companies (<10 employees) with 1-2 APs if the key is greater than 30 characters, up-to-date personal firewalls and anti-malware are installed & maintained, and the employees don't know the key. Still, it would be just as easy to implement a local RADIUS server on the AP(s) and assign unique userIDs and PWs to each User/PC.

There's a few things that you have to do to "brute force" WPA-PSK, but yes... it can be done.
 
Very easy if you use a word in the dictionary. These programs that use dictionary based attacks also implement highly customizable mutations on words. Eventually they could get your pass phrase but depending on the length and make up, it'll take an extremely long time to do so.

A good majority of people breaking into wireless AP's is based off of either no security or very weak pass phrases. And then there's social engineering which is another way of obtaining the pass phrase.

Do you have a link of where you're reading this? I'm curious to see what they're saying exactly.
 
ben chi(f4) said:
The biggest problem with PSK is that a company has to distribute the PSK to every client and can't prevent unauthorized access if the PSK gets out. I would only consider PSK marginally acceptable in very small companies (<10 employees) with 1-2 APs if the key is greater than 30 characters, up-to-date personal firewalls and anti-malware are installed & maintained, and the employees don't know the key. Still, it would be just as easy to implement a local RADIUS server on the AP(s) and assign unique userIDs and PWs to each User/PC.
Click to expand...
While I appreciate the response, it's poor form to copy someone elses comments off of the internet and use them as your own. :rolleyes:

http://it.toolbox.com/blogs/securitymonkey/enough-with-wpa2psk-already-21694

And ironically, this was where I was reading that WPS2-PSK = fail.
 
Bonksnp said:
I've been reading about this today (since our company uses it) and alot of security sites are tearing it up saying that corperations who use this are pretty much failsauce.
Click to expand...

In this case apparently failsauce = 1 byte/minute.

It does go to show that /PSK should be phased out, but it isn't exactly broken in half like WEP.

Dictionary attacks however are indeed entirely effective. I believe AES needs 16 characters to be most effective too, so 16 char passwords should be the minimum.
 
After reading that blog, it seems that the person is saying relying solely on pass phrase protection in WPA-PSK is fail, which is true.

It's not that WPA2-PSK is bad, it's having that as your only line of defense that's bad and just silly.
 
Bonksnp said:
While I appreciate the response, it's poor form to copy someone elses comments off of the internet and use them as your own. :rolleyes:

http://it.toolbox.com/blogs/securitymonkey/enough-with-wpa2psk-already-21694

And ironically, this was where I was reading that WPS2-PSK = fail.
Click to expand...

LOL busted!!:eek:





I've wanted to try Elcom Software's wireless security auiditor with and distributed password recovery which can utilize GPU's to speed up decoding WPA2 keys:cool: I bet a tri SLI or crossfire machine or a few of them networked would make short work of most basic keys.

http://hothardware.com/News/GPUs-Used-to-Successfully-Guess-WiFi-Passwords/


Other neat thing is this

ElcomSoft Wireless Security Auditor does not actually send continuous random passwords to a router in a traditional brute-force attack: "Elcomsoft Wireless Security Auditor works completely in off-line, undetectable by the Wi-Fi network being probed, by analyzing a dump of network communications in order to attempt to retrieve the original WPA/WPA2-PSK passwords in plain text.
Click to expand...
 
WPA is as strong as the password you use. If you copy and paste 64 character passwords with random numbers and letters it would be impossible for someone to have your specific key in the dictionary. Most home users choose names or common words you can find in a dictionary.
 
plasma said:
LOL busted!!:eek:





I've wanted to try Elcom Software's wireless security auiditor with and distributed password recovery which can utilize GPU's to speed up decoding WPA2 keys:cool: I bet a tri SLI or crossfire machine or a few of them networked would make short work of most basic keys.

http://hothardware.com/News/GPUs-Used-to-Successfully-Guess-WiFi-Passwords/


Other neat thing is this
Click to expand...

I can only imagine the type of number crunching they can do with multiple GPU's. It's actually very fascinating and interesting at the speeds that they can do these computations.
 
You must log in or register to reply here.
Back
Top