Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
1
00:00:01,237 --> 00:00:02,500
In the previous lectures,
2
2
00:00:02,500 --> 00:00:06,310
we've seen how to crack the WEP encryption in minutes
3
3
00:00:06,310 --> 00:00:09,423
even if the target network is not busy.
4
4
00:00:10,350 --> 00:00:11,940
Now in the next lectures,
5
5
00:00:11,940 --> 00:00:16,543
we will talk about cracking WPA and WPA2.
6
6
00:00:17,790 --> 00:00:19,610
First of all before we start talking
7
7
00:00:19,610 --> 00:00:21,850
about how to crack these encryptions,
8
8
00:00:21,850 --> 00:00:24,140
it is very important to understand
9
9
00:00:24,140 --> 00:00:26,990
that both of them are very very similar,
10
10
00:00:26,990 --> 00:00:28,800
the only difference between them
11
11
00:00:28,800 --> 00:00:32,560
is the encryption used to ensure message integrity.
12
12
00:00:32,560 --> 00:00:35,470
WPA uses TKIP
13
13
00:00:35,470 --> 00:00:39,513
and WPA2 uses an encryption called CCMP.
14
14
00:00:40,490 --> 00:00:43,660
In any case, this does not affect the methods
15
15
00:00:43,660 --> 00:00:48,250
that we're gonna use to crack WPA and WPA2.
16
16
00:00:48,250 --> 00:00:51,030
Therefore, all of the methods that I'm gonna show you
17
17
00:00:51,030 --> 00:00:55,600
from now on, will work on both WPA and WPA2.
18
18
00:00:57,530 --> 00:01:00,408
Now both of these encryptions came after WEP
19
19
00:01:00,408 --> 00:01:04,203
and they were designed to address the weaknesses in it.
20
20
00:01:05,070 --> 00:01:08,140
Therefore both of them are much more secure
21
21
00:01:08,140 --> 00:01:10,463
and cracking them is more challenging.
22
22
00:01:11,450 --> 00:01:14,910
So, before we start talking about how to crack them,
23
23
00:01:14,910 --> 00:01:19,700
I want to cover a feature that if enabled and misconfigured,
24
24
00:01:19,700 --> 00:01:22,570
can be exploited to recover the key
25
25
00:01:22,570 --> 00:01:25,883
without having to crack the actual encryption.
26
26
00:01:26,820 --> 00:01:29,270
The feature is called WPS.
27
27
00:01:29,270 --> 00:01:32,870
It allows devices to connect the network easily
28
28
00:01:32,870 --> 00:01:36,840
without having to enter the key for the network.
29
29
00:01:36,840 --> 00:01:38,470
So it was designed to simplify
30
30
00:01:38,470 --> 00:01:42,980
the process of connecting printers and such devices.
31
31
00:01:42,980 --> 00:01:45,580
You can actually see a WPS button
32
32
00:01:45,580 --> 00:01:48,550
on most wireless-enabled printers.
33
33
00:01:48,550 --> 00:01:50,000
If this button is pressed
34
34
00:01:50,000 --> 00:01:53,470
and then you press the WPS button on the router,
35
35
00:01:53,470 --> 00:01:56,670
you'll notice that the printer will connect to the router
36
36
00:01:56,670 --> 00:01:59,720
without you having to enter the key.
37
37
00:01:59,720 --> 00:02:01,950
This way, the authentication is done
38
38
00:02:01,950 --> 00:02:04,510
using an eight-digit PIN.
39
39
00:02:04,510 --> 00:02:06,910
So you can think of this, as a password
40
40
00:02:06,910 --> 00:02:08,720
made up of only numbers
41
41
00:02:08,720 --> 00:02:11,693
and the length of this password is only eight.
42
42
00:02:12,560 --> 00:02:13,870
So this actually gives us
43
43
00:02:13,870 --> 00:02:16,830
a relatively small list of possible passwords
44
44
00:02:16,830 --> 00:02:20,120
and we can try all of these possible passwords
45
45
00:02:20,120 --> 00:02:22,203
within a relatively short time.
46
46
00:02:23,100 --> 00:02:24,620
Once we get this PIN,
47
47
00:02:24,620 --> 00:02:29,217
it can be used to recover the actual WPA or WPA2 key.
48
48
00:02:30,990 --> 00:02:32,730
So as you can see with this method
49
49
00:02:32,730 --> 00:02:36,130
we are not exploiting WPA or WPA2,
50
50
00:02:36,130 --> 00:02:38,650
we are actually exploiting a feature
51
51
00:02:38,650 --> 00:02:42,450
that can be enabled on these encryptions.
52
52
00:02:42,450 --> 00:02:45,360
So for this to work, first of all we need WPS
53
53
00:02:45,360 --> 00:02:49,300
to be enabled on the network because it can't be disabled.
54
54
00:02:49,300 --> 00:02:51,740
Also it needs to be misconfigured,
55
55
00:02:51,740 --> 00:02:53,600
so it needs to be configured
56
56
00:02:53,600 --> 00:02:56,130
to use a normal PIN authentication
57
57
00:02:56,130 --> 00:02:59,070
and not a Push Button Authentication .
58
58
00:02:59,070 --> 00:03:01,510
If Push Button Authentication is used,
59
59
00:03:01,510 --> 00:03:05,230
then the router will refuse any PINs that we try
60
60
00:03:05,230 --> 00:03:09,150
unless the WPS button is pressed on the router.
61
61
00:03:09,150 --> 00:03:11,070
Therefore, the method will not work
62
62
00:03:11,070 --> 00:03:13,703
if push button or PBC is enabled.
63
63
00:03:14,610 --> 00:03:18,110
So in most modern routers, PBC comes enabled
64
64
00:03:18,110 --> 00:03:21,630
by default or WPS will be disabled by default
65
65
00:03:21,630 --> 00:03:26,630
so this method might not work but because WPA and WPA2
66
66
00:03:26,940 --> 00:03:29,140
are so secure and so challenging,
67
67
00:03:29,140 --> 00:03:33,057
it is always a good idea to check if WPS is enabled
68
68
00:03:33,057 --> 00:03:35,250
and tried the method that I'm gonna show you
69
69
00:03:35,250 --> 00:03:36,680
to crack the network.
70
70
00:03:36,680 --> 00:03:39,350
If it fails, then you can try the other methods
71
71
00:03:39,350 --> 00:03:42,063
that I'm gonna show you after the next lecture.
6145
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.