- Dustin -
jon baer wrote:
there is no real difference between wep + crc checks + brute force keys and this exploit, bad passwords = bad passwords period ...
- jon
Wi-Fi Protected Access (WPA) has a weakness: poorly chosen short human-readable passphrases can be cracked with a robust dictionary attack offline and without access to the network: Robert Moskowitz, the senior techncial director of TruSecure Corp.'s ICSA Labs, has given me permission to post this paper he has written that describes a weakness in the interface design for WPA-equipped access points and adapters.
-snip- Anyone with knowledge of the PSK can determine any PTK in the ESS through passive sniffing of the wireless network, listening for those all-important key exchange data frames. Also, if a weak passphrase is used, for example, a short passphrase, an offline dictionary attack can readily guess the PSK. -snip-
http://wifinetnews.com/archives/002452.html http://wifinetnews.com/archives/002453.html
pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
--
NYCwireless - http://www.nycwireless.net/
Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/
Archives: http://lists.nycwireless.net/pipermail/nycwireless/
-- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
