802.11 Wireless Attacks  Home ToC Prev Up Next 
802.11
Attacks
O/S/M Vulnerabilities
WEP Encryption
Passive Attacks
Active Attacks
IV Reply Attack
Bit-flipping Attack
ManInTheMiddle
MITM Attack
Cisco LEAP
LEAP weaknesses
LEAP attack
ICV issue
Passive WPA PSK
+WPA PSK attacks
PSK attack tools
Conclusion
  

WPA PSK attacks

  • Any PTK can be generated by learning the two MAC addresses, nonces and selected ciphersuite during the initial exchange

  • Anyone with knowledge of the PSK can determine any PTK in the ESS (Extended Service Set) through passive sniffing of the wireless network

  • A key generated from a passphrase of less than about 20 characters is likely vulnerable to the dictionary attack

  • Since the single PSK is used for the whole ESS, the attacker is now a member of the ESS, and the whole ESS is compromised

  • WPA PSK should use only truly random keys!!!
Copyright © 2005 Pavol Lupták, OpenWeekend 2005  Prev Next