Cedric Blancher wrote:
Yes it is indeed. Just remember management traffic is still sent unprotected. Now you want to crack WPA PSK. To achieve this, you need to sniff one authentication so you can attack it with your dictionnary or bruteforcer. How do you get this authentication ? You inject disassociations over the network so every client has to re-authenticate and you get your material. Now, you have the PSK, and you want to use it to actually decrypt traffic. But if you want to spy a specific client, you need to see him authenticate so you can have all the elements necessary for you to calculate its session TEK, then initiate TKIP generation so you can have every per packet key and then decrypt everything. So you need the authentication. And how do you get ? Disassociation frames injection and you're on traffic injection again...
If I understand correctly, my 26 character WPA pass phrase that is not in a dictionary, has special characters, and both upper and lower case should be pretty good. Not that I'm worried. My house is in a cul-de-sac in a relatively isolated residential neighborhood where a wardriver would be very obvious. I have two neighbors with AP's. One of them uses WEP and the other is unencrypted. I think my network would be the last that would be tried.
Thanks again, Larry _______________________________________________ Bcm43xx-dev mailing list [email protected] http://lists.berlios.de/mailman/listinfo/bcm43xx-dev
