[kismac] Re: WPA Data Packets

  • From: Robin L Darroch <robin@xxxxxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Fri, 16 Jun 2006 07:06:04 +0800

The good thing about WPA is that it appears not to have the kind of weaknesses that WEP has: a thousand authentication handshake packets will not make it any easier to crack than just one, and if the passphrase (verbatim) isn't in the dictionary file, then you won't crack it.

Use a passphrase like:

"Hello, my name is Steve and if you want to use my network without asking, you can BUGGER 0FF!!"

... and essentially there's no way (currently known) of breaking in unauthorised. This may change if we ever get genuine light-based computing (some theories suggest that quantum effects may allow for phenomenally fast cracking of existing encryption algorithms), but I think you're pretty safe for the time being.

What's more, even if the key is ever cracked, you can't use it to go back and decrypt packets captured earlier from that network, because it's only the initial layer of encryption rather than the only one.

So once you were able to get that was a dictionary attack successful?

I have collected over 1500 data packets yet kismac still says I need more?


On Jun 14, 2006, at 5:50 AM, Erik Winkler wrote:

For WPA dictionary attacks, you need to capture the authentication handshake between a valid client and the access point. I have done this for wireless assessments by sending a deauthentication packet targeted to the specific client BSSID. Once the client disconnects and reconnects to the AP, you have your WPA handshake.


On Jun 14, 2006, at 12:59 AM, Daren wrote:

So what is the min # of data packets before you can start a bruteforce wordlist attack?

PS has anyone successfully been able to break a wpa with a wordlist attack....using Kismac that is.


 Robin L. Darroch - PO Box 2715, South Hedland WA 6722 - +61 421 503 966
      robin@xxxxxxxxxxxxx - robin@xxxxxxxxxxx - robin@xxxxxxxxxxxxx

Other related posts: