A new paper(1) discussing vulnerabilities on WPA2-PSK was released recently and many people have been interested in it, but have not gained access. By using a library, yes they still exist and are still useful, I was able to get access to the paper.
WPA2-PSK has a key length between 8 to 63 ASCII characters. They collected WPA2 handshakes using Aireplay deauthentication attack. Their method uses pre generated dictionary of 666,696 entries and Aircrack to bruteforce the password in their test. They wrote a program that would generate a dictionary of all possible 95 ASCII characters for the entire PSK key space. They also discuss ways to prevent this type of attack.
While the methodology is sound and I applaud anyone that publishes papers, but didn’t uncover a new flaw. WPA2 Rainbow tables(2) have been around for a while and you gain a huge speed advantages in this case. Pure brute forcing the entire ASCII passwords can be done without a pre generated dictionary and they didn’t discuss any speed trade-off by doing this. I would love to see a follow-up with comparisons.
Check with your library and see if they have it, or if they can do a interlibrary loan. What do you think of the paper?
1. Tsitroulis, Achilleas, Dimitris Lampoudis, and Emmanuel Tsekleves. "Exposing WPA2 security protocol vulnerabilities."International Journal of Information and Computer Security 6.1 (2014): 93-107.
'취약점 정보1' 카테고리의 다른 글
| HP 정보누출 (0) | 2014.05.03 |
|---|---|
| Internet Explorer 보안 업데이트(KB2964358) 권고사항 보안패치 (0) | 2014.05.02 |
| Microsoft Announces Special Patch for IE 0-day (Win XP included!) (0) | 2014.05.02 |
| Busybox Honeypot Fingerprinting and a new DVR scanner (0) | 2014.05.02 |
| 2014-05-02 취약점 정리 (0) | 2014.05.02 |