no faster WPA2 cracking? - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: General Talk (https://hashcat.net/forum/forum-33.html) +--- Thread: no faster WPA2 cracking? (/thread-1824.html) |
no faster WPA2 cracking? - qweasd - 12-10-2012 I know atom recently did a presentation on speeding up SHA1 hash generation which made me think that a similar thing was possible for WPA2 as it also uses SHA1. But then I saw this: https://twitter.com/solardiz/status/277914916894158849 Is this correct? RE: no faster WPA2 cracking? - epixoip - 12-10-2012 yes, that is correct. RE: no faster WPA2 cracking? - atom - 12-15-2012 The discovery I made let you exploit any SHA1 based hashtype. That means it does not matter if its salted, HMAC or iterated. But, and this is what Solar Designer is refering to, in case of an iterated algorithm it will only work on the first iteration. That means for WPA it is not relevant while for MySQL (which is iterated SHA1) it is, because its only doing 2 iterations. RE: no faster WPA2 cracking? - Rolf - 12-15-2012 So, technically, Solar Designer was wrong, it is usable with WPA2, it simply will not be practical, since you'll get a tiny increase(0.002%) in speed. But for algos with low iteration count(by low I mean, say, less than 50) it will matter. RE: no faster WPA2 cracking? - NeonFlash - 01-06-2013 has this weakness in SHA-1 algorithm been used to revise the kernels for various SHA1 based algorithms in the latest version of oclhashcat-plus? I think a lot of algorithms which are supported by oclhashcat-plus would benefit from this discovery. RE: no faster WPA2 cracking? - atom - 01-06-2013 It does not work for WPA. And as I said in the presentation I discovered this in early 2011. All oclHashcat versions already use it in these hashmodes that are compatible. RE: no faster WPA2 cracking? - undeath - 01-06-2013 reading atom's post just the second above yours is too hard i guess. RE: no faster WPA2 cracking? - NeonFlash - 01-06-2013 @undeath: My question was whether the latest version of oclhashcat-plus exploits the weakness in SHA-1 which was not mentioned in atom's post in this thread, if that's what you are referring to. @atom: Thank you for the confirmation. I will read your article and watch the presentation on this Topic. Nice discovery and interesting |