

WPA-PSK Rainbow Tables: 1 million passwords for the top 1000 SSIDs - chaosmachine
http://www.renderlab.net/projects/WPA-tables/

======
zdw
This is why the first thing you do when you pull an wireless AP out of the box
is change the SSID to something unique.

Some vendors (Apple and a few others) add the last 3 octets of the device MAC
address to the SSID, which gets around this issue to some extent.

~~~
ErrantX
It is still quite surprising how predictable the chosen SSID is though. For
example we generate tables for common surnames plus suffix numbers because one
extremely common SSID is surname+house_number :)

So choose something definitely unique!

------
teilo
My SSIDs are in Greek and my passwords are all in Middle Welsh. Good luck with
that.

~~~
viraptor
Good luck with connecting from a phone ;)

~~~
teilo
Well, it's not so bad. I only use letters that are common to the Greek and
Latin alphabet. My Nexus One doesn't mind.

------
fragmede
This is pretty old. The interesting part is how they generated the tables. I
can't find the talk slides, but in short, a really expensive FPGA box. An fpga
box that could brute force a WPA2 password in a short matter of time.

[http://www.blackhat.com/html/bh-usa-06/bh-
usa-06-speakers.ht...](http://www.blackhat.com/html/bh-usa-06/bh-
usa-06-speakers.html#Hulton)

~~~
ErrantX
Yep, really really expensive FPGA box. We (the company I work for) have a few,
and they are stella but a little specialised (i.e. you can't trivially re-
purpose them).

At the moment we are experimenting with CUDA as a cheaper (ish) replacement -
with great success actually. It outperforms our main cluster (i.e. standard
CPU processing cluster) by a large margin and is much more versatile than the
FPGA solution.

------
nailer
Anyone ekes surprised WPA PSK didn't bother salting the hash with at least,
the network name or device serial? We had rainbow tables a decade ago for
Windows when Windows had this same issue.

------
Groxx
That's a rather frightening amount of spelling errors.

    
    
      alot: 2
      APs': 1
      beta's: 1
      concievable: 1
      concieving: 1
      CPU's: 1
      did'nt: 1
      dicovered: 1
      DVD's: 3
      effecient: 2
      effectivly: 2
      equasion: 1
      fortunatly: 1
      implimented: 1
      nessecary: 1
      repetative: 1
      subsiquient: 1
      thier: 3
      was'nt: 1
    

For a grand total of: _26_. From a cursory glance, using Google Docs' crappy
spellchecker to find them quickly. I didn't bother reading for grammar errors.

I am far from agreeing with everything Atwood says, but:
[http://www.codinghorror.com/blog/2008/11/we-are-typists-
firs...](http://www.codinghorror.com/blog/2008/11/we-are-typists-first-
programmers-second.html) and for God's sake, run a spell-check on your high-
profile page.

~~~
jrockway
Why? What does the author get out of it?

~~~
whimsy
Credibility, for one...

Personally, I find it hard to take someone seriously if they have problems
with basic spelling or grammar.

This is definitely a cognitive bias I possess. However, it has served as a
very good heuristic, so I haven't worked on getting rid of this bias. I
suspect many other people possess this cognitive bias.

~~~
jrockway
So then, build your own supercomputer for making rainbow tables?

I fail to see how you liking the author affects him in any way. He made some
rainbow tables. Click to download. Or don't.

~~~
whimsy
I guess I thought you were trying to generalize - I certainly was.

I think you're right: in this case, there's not much gain to be had.

------
amalcon
Perhaps I'm missing something here. The top 1000 SSIDs are mostly manufacturer
defaults, like "linksys", "NETGEAR", and things like that. A lot of others are
for public open systems ("Free Public WiFi", "tmobile", etc). Those aren't
going to be WPA'ed anyway.

How often do people really know enough to enable WPA, but not bother to change
the SSID? Purely anecdotally, I almost never see a secured network named
"linksys".

I don't really expect this table to help access many things.

~~~
chaosmachine
In an apartment complex, you'll find a lot of wifi routers set up by ISP
technicians. They come in, set up encryption for the customer, but leave the
SSID something common/obvious, like the family's last name, or just "Bell".

------
sagarun
What tools you folks use? i use cowpatty
<http://wirelessdefence.org/Contents/coWPAttyMain.htm>

~~~
iuguy
We've used Pyrit in a cluster configuration like this:
<http://beta.ivancover.com/wiki/index.php/Pyrit_setup> and a bunch of Nvidia
cards.

------
orenmazor
the top 1000 SSIDs? so the top would be things like default, linksys, etc.

I'm willing to be that most SSIDs that have 'default' set probably just have
the default SSID, but unique WPA settings.

unless things have changed since I last bought a router and routers ship with
some default WPA settings turned on.

------
nutjob123
Anyone remember the article from a few days ago about how windows computers
are passing the ssid "free public wifi" around?

