8

In Wi-Fi penetration testing, is it possible to use rainbow tables/hash tables on WPA/WPA2 networks?

Is there an advantage of one over the other?

Where would one get said tables or can they be generated? Is there a way to defend against all attacks of this type?

What hashing functions do WPA use and how does the process of authentication work?

In depth explanation and some scenarios would be lovely.

Yanshof
  • 141
  • 1
  • 7
WMPR
  • 313
  • 1
  • 4
  • 9

1 Answers1

4

WPA/WAP2 does not use a dedicated random salt. Instead, it was designed to use the SSID as a salt value. This is better than no salt but it does mean some access points are vulnerable. For quite a while most routers would ship with a static SSID ('linksys' or 'default'). So while hackers can't just precompute a single set of passphrases they could precompute common passwords against common SSIDs. Church of Wifi has some rainbow tables (1 million common passphrases for 1,000 common SSID = 33GB) as well as general information on wifi cracking. http://www.renderlab.net/projects/WPA-tables/

So WPA/WPA2 isn't as bad as WEP but relying on a low entropy value like SSID made it more vulnerable than it needed to be. That vulnerability was made worse by companies shipping hundreds of millions of routers for years with static SSIDs. Many people never changed them, and some who did picked other equally bad/common SSIDs.

The most common SSIDs

linksys
<no ssid>
default
NETGEAR
Wireless
WLAN
Belkin54g
MSHOME
home
hpsetup
smc
tsunami
ACTIONTEC
orange
USR8054
101
tmobile
<hidden ssid>
SpeedStream
linksys-g
3Com
WaveLAN Network
Wayport_Access
hhonors
pi07490509x
pi07490509x09
Motorola
SST-PR-1
ANY
eurospot
188ALT
Gateway
HomeNet
GoldenTree
SITECOM
ConnectionPoint
<No current ssid>
Philips WiFi
Customer ID
PCX5000
arescom
Wireless Network

Today most routers use a pseudo-random SSID like linksys_AUENFJS22 instead of just linksys but there are a lot of vulnerable hotspots out there.

The hashing function is PBKDF2 which uses multiple rounds to slow down attacks. The entire authentication process is far too complex to be a good fit for SO.

To protect yourself from precomputation you should ensure you use a unique SSID. One thing I have seen more than once is someone thinking they are secure by disabling the SSID except that is common enough that it became an entry in most rainbow tables.

AJ.
  • 103
  • 4
Gerald Davis
  • 2,250
  • 16
  • 17
  • Can you salt a rainbow table the way you can salt a hash when precomputing it? Is there a way to guarantee almost 100% success when attacking a network? – WMPR Jul 01 '15 at 21:07
  • You don't really salt the rainbow table. The salt and passwords are inputs of the hash function. So you can create a new table for a different salt (in this case SSID) but it will be just as expensive as the first one. There are practical limits on how many combinations you could precompute (that is the point of salt). Using the example above if u wanted to precompute 10 million pwd for 1 mil SSID it would require not 33GB but 330TB of storage. That still would not be anywhere near 100% chance against unique SSID and strong password. – Gerald Davis Jul 02 '15 at 03:12
  • While PMK is generated only using SSID and password, thing you can catch over the air is challenge-response with PMK, which is salted with 2 mac addresses and 2 nonces. I personally don't see here how rainbow tables should help. Even if you use evil twin attack, one mac and one nonce is still controlled by the station. – Smit Johnth Jul 31 '19 at 16:52