Rainbow tables/hash tables versus WPA/WPA2
In Wi-Fi penetration testing, is it possible to use rainbow tables/hash tables on WPA/WPA2 networks?
Is there an advantage of one over the other?
Where would one get said tables or can they be generated? Is there a way to defend against all attacks of this type?
What hashing functions do WPA use and how does the process of authentication work?
In depth explanation and some scenarios would be lovely.
WPA/WAP2 does not use a dedicated random salt. Instead, it was designed to use the SSID as a salt value. This is better than no salt but it does mean some access points are vulnerable. For quite a while most routers would ship with a static SSID ('linksys' or 'default'). So while hackers can't just precompute a single set of passphrases they could precompute common passwords against common SSIDs. Church of Wifi has some rainbow tables (1 million common passphrases for 1,000 common SSID = 33GB) as well as general information on wifi cracking. http://www.renderlab.net/projects/WPA-tables/
So WPA/WPA2 isn't as bad as WEP but relying on a low entropy value like SSID made it more vulnerable than it needed to be. That vulnerability was made worse by companies shipping hundreds of millions of routers for years with static SSIDs. Many people never changed them, and some who did picked other equally bad/common SSIDs.
The most common SSIDs
linksys <no ssid> default NETGEAR Wireless WLAN Belkin54g MSHOME home hpsetup smc tsunami ACTIONTEC orange USR8054 101 tmobile <hidden ssid> SpeedStream linksys-g 3Com WaveLAN Network Wayport_Access hhonors pi07490509x pi07490509x09 Motorola SST-PR-1 ANY eurospot 188ALT Gateway HomeNet GoldenTree SITECOM ConnectionPoint <No current ssid> Philips WiFi Customer ID PCX5000 arescom Wireless Network
Today most routers use a pseudo-random SSID like
linksys_AUENFJS22instead of just
linksysbut there are a lot of vulnerable hotspots out there.
The hashing function is PBKDF2 which uses multiple rounds to slow down attacks. The entire authentication process is far too complex to be a good fit for SO.
To protect yourself from precomputation you should ensure you use a unique SSID. One thing I have seen more than once is someone thinking they are secure by disabling the SSID except that is common enough that it became an entry in most rainbow tables.
Can you salt a rainbow table the way you can salt a hash when precomputing it? Is there a way to guarantee almost 100% success when attacking a network?
You don't really salt the rainbow table. The salt and passwords are inputs of the hash function. So you can create a new table for a different salt (in this case SSID) but it will be just as expensive as the first one. There are practical limits on how many combinations you could precompute (that is the point of salt). Using the example above if u wanted to precompute 10 million pwd for 1 mil SSID it would require not 33GB but 330TB of storage. That still would not be anywhere near 100% chance against unique SSID and strong password.
While PMK is generated only using SSID and password, thing you can catch over the air is challenge-response with PMK, which is salted with 2 mac addresses and 2 nonces. I personally don't see here how rainbow tables should help. Even if you use evil twin attack, one mac and one nonce is still controlled by the station.