The 32 to 256 bit passphrase that is salted w/the ssid and hashed into the 256 bit key.
Well, first off the SSID shouldnt be to hard to come by, least in most cases. So that just leaves the passphrase, which are most often ascii chars.
First approach) dict attack using SSID of target. Even with a very large dict should only take 10's of hours on decent hardware.
Second) Known SSID + bruteforce ascii passphrase (assuming about 72 diff chars)
keyspace: 72^64 - 72^8 = doh, thats not happenin
OK, turns out this doesnt matter
Passphrase keyspace = 512bit + SSID salt
This is then hashed down to the final 256bit key, Y, well to evenly spread out the ascii input into the keyspace.
SO, in short it would better to just bruteforce the RAW keyspace vs the passphrase. ( 2^256 << 72^64 )
So_how_long_is_64_charaters_anyway_um_well_quite_alot_actually_!
I think it would be safe to assume that anyone thats going to use an ascii (vs hex) passphrase will prolly only use part of the max, lets say half and see where that gets us.
new_keyspace: 72^32 - 72^8 = ~2.7x10^59 = 1 quadrillion machines @ 1 quadrillion K/s each for 2-3 yrs
Well, thats less than 2^256, but still not gonna work, hmmm, guess a simple bruteforce of the hex_keyspace would be fastest as all you need to do is a bunch of cmp's which would be faster than hashing & comparing the passphrases (minus the dict approach of course).
WPA-PSK
4 posts
• Page 1 of 1
-
- Ads
Re: WPA-PSK
by crypt1101 » Sat Jan 24, 2009 12:51 am
Well hey, looks like there is already a CUDA project with WPA in its sites, (not that Im surprised). And it looks like they have gone with a rainbow table type approach or as they put it "...pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff".
Very nice results so far...
http://code.google.com/p/pyrit/
Very nice results so far...
http://code.google.com/p/pyrit/
- crypt1101
- Posts: 7
- Joined: Thu Jan 22, 2009 7:36 pm
Re: WPA-PSK
by Bitweasil » Sat Jan 24, 2009 1:19 am
It's not really "rainbow tables" - it's "precomputed lookup tables." There is a difference.
But, yes, Pyrit with a good supply of GPUs would be interesting at least.
But, yes, Pyrit with a good supply of GPUs would be interesting at least.
- Bitweasil
- Site Admin
- Posts: 912
- Joined: Tue Jan 20, 2009 4:26 pm
Re: WPA-PSK
by crypt1101 » Sat Jan 24, 2009 2:03 am
touché =)
I had been thinking to much about DES when I posted that. Forgot that bruteforce of wireless doesnt need to hash the PT.
I had been thinking to much about DES when I posted that. Forgot that bruteforce of wireless doesnt need to hash the PT.
- crypt1101
- Posts: 7
- Joined: Thu Jan 22, 2009 7:36 pm
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest