| Hacking & Solutions: Cracking WEP and WPA2-PSK |
|
|
RSS Feed
Delicious
Digg
NewsVine
YahooMyWeb| Written by Devin Akin | |
| Thursday, 20 March 2008 | |
|
This article is presented as part of hacking + solution track for Wireless Security Expo 2008. Before reading the solutions article, make sure you have watched the hacking video. Videos are available by registering here . Cracking WEP is old-hat, but the newer WPA/WPA2-Personal can be cracked too. See how its done and see how to secure against it. Cracking WEP is fast and easy with commonly available Windows- or Linux-based tools. The length of the WEP key, 40- or 104-bit, is practically irrelevant, and with the software tools currently available, any novice can crack WEP in minutes given enough captured data. With users being added to the WLAN every day in most enterprises and the amount of data going over the WLAN growing exponentially, capturing enough data to crack WEP is often simple. The moral of the story with WEP is simply that it should never be used when stronger authentication and encryption mechanisms are available. Cracking WPA/WPA2-Personal (which uses a passphrase) is a much more difficult task than cracking WEP, but it still isn't an overwhelming task. Given the right dictionary file(s) and the latest versions of WPA cracking tools, cracking WPA/WPA2-Personal can happen in a short time if a very strong passphrase isn't used by the network administrator. The Wi-Fi Alliance suggests at least 20 characters with lower case, upper case, numbers, and special characters and use of WPA2 over WPA whenever possible. Tools such as Aircrack-ng can be easily used both for cracking WEP and WPA/WPA2-Passphrase. Since Aircrack-ng is available for Windows, it gives the ability to do sophisticated hacking to a novice. Use of WPA/WPA2-Personal should be limited to small installations such as SOHO - hence the name "Personal" - or very specific scenarios in SMB installations (like VoWLAN phones). When WPA/WPA2-Personal is used, it is best for only the network administrator to have the passphrase. He/she would enter it into every laptop, VoWLAN phone, handheld PC, or other wireless device manually without giving it to the user. Of course this is not scalable, but it's more secure than having 5-50 users knowing the passphrase. More secure alternatives to static WPA/WPA2-Personal passphrases have been developed, such as Ruckus Wireless's Dynamic PSK solution. More information on this solution can be found here: http://www.ruckuswireless.com/pdf/fs-dynamic-psk.pdf If you just can't bring yourself to make a strong passphrase, there are tools just for this purpose, such as Juiper's PassAmp utility (a free download) and these websites: http://www.yellowpipe.com/yis/tools/WPA_key/generator.php https://www.grc.com/passwords.htm Having tools like these will help you get past the mental block of creating such strong passphrases. Comments (1)
 ... written by loc nguyen, April 06, 2008
HI do you help me signup new acuont thanh
Write comment
|
Subscribe to this comment's feed
| < Prev | Next > |
|---|
Google wireless search
Google our favorite wireless sites for answers and information:
Suggest a site
Upcoming Wireless Classes
Top Wireless News Headlines
July NewsbitsCisco to Acquire Pure Networks
Picking Up Speed
Olympic Games to Serve Up Video for Mobile Users
Palm's Treo Presses On (iPhone Who?)
Juniper Continues Growth in Q2
Investors Grill Ikanos; Chip Biz Is No Picnic
WiMax: What's Working Now
Kriens Steps Aside as Juniper CEO
Thomson Nabs AlcaLu Exec for CEO Role
Stay Informed
Recent posts on wireless technology, trends, and more.
Add this feed to your online news reader