Tuesday, October 28, 2008

pyrit - A tool to estimate the real-world security

Advances in attacking WPA-PSK

Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocol that today de-facto protects public WIFI-airspace. The project's goal is to estimate the real-world security provided by these protocols. Pyrit does not provide binary files or wordlists and does not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.

Pyrit's implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. The performance gain for real-world-attacks is in the range of three orders of magnitude which urges for re-consideration of the protocol's security. Exploiting the computational power of GPUs, this is currently by far the most powerful attack against one of the world's most used security-protocols.

Pyrit compiles and runs fine on Linux and MacOS X. None of the BSD systems were tested but all posix systems should be fine anyway. I don't care about Windows; drop me a line (read: patch) if you make Pyrit work without copying half of GNU in binary form...

Refer here to read more details and to download or refer here to read their blog.

No comments: