Sheetal - Wirelesss Hacking - ClubHack2008
•Télécharger en tant que PPS, PDF•
4 j'aime•1,317 vues
![Wireless Security Workshop ,[object Object],[object Object],© ClubHack http://clubhack.com 7 th December 2008](https://image.slidesharecdn.com/sheetalclubhack08-100708145723-phpapp02/85/sheetal-wirelesss-hacking-clubhack2008-1-320.jpg)
![Roadmap ,[object Object],[object Object],[object Object],[object Object],© ClubHack http://clubhack.com](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Sheetal - Wirelesss Hacking - ClubHack2008
Similaire à Sheetal - Wirelesss Hacking - ClubHack2008 (20)
Plus de ClubHack
Plus de ClubHack (20)
Dernier
Dernier (20)
Sheetal - Wirelesss Hacking - ClubHack2008
- 8. Wireless Security Standards © ClubHack http://clubhack.com
- 10. CHAP Authentication © ClubHack http://clubhack.com Supplicant Authenticator username challenge response Accept/reject
- 11. How WEP works © ClubHack http://clubhack.com IV RC4 key IV encrypted packet original unencrypted packet checksum
- 13. WEP Cracking Demo © ClubHack http://clubhack.com
- 14. Radius: An additional layer in security © ClubHack http://clubhack.com
- 22. © ClubHack http://clubhack.com WPA–PSK Hacking Demo
- 24. A Comparison © ClubHack http://clubhack.com WEP WPA WPA2 Cipher RC4 RC4 AES Key Size 40 bits 128 bits 128 bits Key Life 24 bit IV 48 bit IV 48 bit IV Packet Key Concatenated Mixing Function Not Needed Data Integrity CRC - 32 Michael CCM Replay Attack None IV Sequence IV Sequence Key Management None EAP - Based EAP - Based
- 28. Locating a wireless network © ClubHack http://clubhack.com We need a special holiday to honor the countless kind souls with unsecured networks named 'linksys'. http://www.xkcd.com Strip Number: 466
- 37. Example : Dlink
- 38. Example : ZyXEL
- 44. Q & 42 ? :-?
- 45. © ClubHack http://clubhack.com Thank You! [email_address] [email_address]
Notes de l'éditeur
- SSID service set identifier, a 32-character unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect to the BSS.
- IV provides more randomness to the encryption process, to avoid pattern recognition in the ciphertext
- The initialization vector in WEP is a 24-bit field, which is sent in the cleartext part of a message. Such a small space of initialization vectors guarantees the reuse of the same key stream. A busy access point, which constantly sends 1500 byte packets at 11Mbps, will exhaust the space of IVs after 1500*8/(11*10^6)*2^24 = ~18000 seconds, or 5 hours. Malicious user can generate automated collisions and collect enough packets to crack a moderately used network well within 30 minutes.
- 802.1x is used with the EAP protocol which provides a framework to extend authentication possibilities from PAP, CHAP to OTP, certificates, biometrics, kerberos Eg: EAP -
- The PSK provides an easily implemented alternative for the PMK as compared to using 802.1X to generate a PMK. A 256bit PSK is used directly as the PMK. When the PSK is a passphrase, the PMK is derived from the passphrase as follows: PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256) Where the PBKDF2 method is from PKCS #5 v2.0: Password-based Cryptography Standard. This means that the concatenated string of the passphrase, SSID, and the SSIDlength is hashed 4096 times to generate a value of 256 bits. The lengths of the passphrase and the SSID have little impact on the speed of this operation. The PTK is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake. This is why the whole keying hierarchy falls into the hands of anyone possessing the PSK, as all the other information is knowable.
- This program simply tries a bunch of different options from a dictionary file to see if one ends up matching what is defined as the Pre-Shared Key