Thursday, December 18, 2008

WPA Cracking

In Yorkshire on holiday with the extended family. Touch of man flu!

Its been a while since my last post as life has been flat out. Just a week back I taught the first LE only wireless attack course. I taught it at the Defford SB facility which was perfect, as apart from a bunch of huge radio telescopes there is no wireless interference at all.

What was interesting was the vast difference made by different antenna's. I guess this is obvious but I had the chance to really test the differences between the omni-directional and directional antennas I had available. The out and out winner was the 12dbi directional 'can' antenna which took us to the edge of the facility, at least 100 meters from the Access Point with plenty of power left over. Having returned to the office I thought I would invest in a parabolic mesh antenna slated as 24dbi. I bought 2, one for me and one for an operation I'm working on with a Police force. When they arrived they were HUGE! When put together the dish was at least 70cm square, not terribly useful in a covert setting. When hooked up the coverage was astonishing, I reckon that 1km could be possible with clear line of sight.

As WPA cracking is very reliant on a dictionary attack it is interesting to note that Elcomsoft are releasing a WPA specific cracking tool that uses a dictionary attack associated with GPU acceleration which is very exciting. They have offered me a beta copy and I will let you know how it goes.

The company already has brute force cracking a ability of WPA passphrases with GPU acceleration which the press have been having a field day over, saying WPA is dead. In reality a box with 2 super fast NVIDIA GTX 280 cards in will still take 3 months to break an 8 character password. I think the new dictionary version will be much faster.

We shall see...