(09/01/2011 05:38 PM)ZiNgA BuRgA Wrote:  WPA was made to fix problems in WEP.
I doubt a rainbow table would work - you're not cracking a hash.

If it's not a dictionary, you could try a hybrid attack if your app supports it.  Beyond that, try passwords they're likely to use.

Does WPA use passwords though?  I thought they just used hex formatted keys, not passwords...

(09/01/2011 05:29 PM)Barcelona Wrote:   lol ive only bruteforced a rar file

Must've been the easiest RAR (ie crappiest password).  RAR encryption is relatively secure.

It actually is a hash, but it's salted by the ssid, which is why rainbow tables only work with common ssid's such as Netgear or Linksys. This one was Mark423 :/ What's a hybrid attack? Aircrack encodes the password with the salt and compares it to the hash captured in the 4-way handshake. I've got it to work other times :/

Quote:Problem is, it's a very slow process. Each passphrase is hashed 4096 times with SHA-1 and 256 bits of the output is the resulting hash. This is then compared to the hash generated in the initial key exchange. Alot of computing power is required for this. My dopey little P3/700 laptop only tests about 12 passphrases/second.

To complicate matters, the key hash can be different depending on the network it's implimented on. The SSID and the SSID length is seeded into the passphrase hash. This means that the passphrase of 'password' will be hashed differently on a network with the SSID of 'linksys' than it will on a network with the SSID of 'default'.

Source
EDIT: John the Ripper(JtR) takes a wordlist provided, and adds numbers and substitutes symbols for letters etc, which is what I'm running now. Is that a hybrid attack?