Rainbow tables/hash tables versus WPA/WPA2

  • In Wi-Fi penetration testing, is it possible to use rainbow tables/hash tables on WPA/WPA2 networks?

    Is there an advantage of one over the other?

    Where would one get said tables or can they be generated? Is there a way to defend against all attacks of this type?

    What hashing functions do WPA use and how does the process of authentication work?

    In depth explanation and some scenarios would be lovely.

  • WPA/WAP2 does not use a dedicated random salt. Instead, it was designed to use the SSID as a salt value. This is better than no salt but it does mean some access points are vulnerable. For quite a while most routers would ship with a static SSID ('linksys' or 'default'). So while hackers can't just precompute a single set of passphrases they could precompute common passwords against common SSIDs. Church of Wifi has some rainbow tables (1 million common passphrases for 1,000 common SSID = 33GB) as well as general information on wifi cracking. http://www.renderlab.net/projects/WPA-tables/

    So WPA/WPA2 isn't as bad as WEP but relying on a low entropy value like SSID made it more vulnerable than it needed to be. That vulnerability was made worse by companies shipping hundreds of millions of routers for years with static SSIDs. Many people never changed them, and some who did picked other equally bad/common SSIDs.

    The most common SSIDs

    linksys
    <no ssid>
    default
    NETGEAR
    Wireless
    WLAN
    Belkin54g
    MSHOME
    home
    hpsetup
    smc
    tsunami
    ACTIONTEC
    orange
    USR8054
    101
    tmobile
    <hidden ssid>
    SpeedStream
    linksys-g
    3Com
    WaveLAN Network
    Wayport_Access
    hhonors
    pi07490509x
    pi07490509x09
    Motorola
    SST-PR-1
    ANY
    eurospot
    188ALT
    Gateway
    HomeNet
    GoldenTree
    SITECOM
    ConnectionPoint
    <No current ssid>
    Philips WiFi
    Customer ID
    PCX5000
    arescom
    Wireless Network
    

    Today most routers use a pseudo-random SSID like linksys_AUENFJS22 instead of just linksys but there are a lot of vulnerable hotspots out there.

    The hashing function is PBKDF2 which uses multiple rounds to slow down attacks. The entire authentication process is far too complex to be a good fit for SO.

    To protect yourself from precomputation you should ensure you use a unique SSID. One thing I have seen more than once is someone thinking they are secure by disabling the SSID except that is common enough that it became an entry in most rainbow tables.

    Can you salt a rainbow table the way you can salt a hash when precomputing it? Is there a way to guarantee almost 100% success when attacking a network?

    You don't really salt the rainbow table. The salt and passwords are inputs of the hash function. So you can create a new table for a different salt (in this case SSID) but it will be just as expensive as the first one. There are practical limits on how many combinations you could precompute (that is the point of salt). Using the example above if u wanted to precompute 10 million pwd for 1 mil SSID it would require not 33GB but 330TB of storage. That still would not be anywhere near 100% chance against unique SSID and strong password.

    While PMK is generated only using SSID and password, thing you can catch over the air is challenge-response with PMK, which is salted with 2 mac addresses and 2 nonces. I personally don't see here how rainbow tables should help. Even if you use evil twin attack, one mac and one nonce is still controlled by the station.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM