Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hashcat Developer Discovers Simpler Way To Crack WPA2 Wireless Passwords (hashcat.net)

Posted by msmash on from the closer-look dept.

New submitter Woodmeister shares a report: While looking for ways to attack the new WPA3 security standard, Hashcat developer Jens "Atom" Steube found a simpler way to capture and crack access credentials protecting WPA and WPA2 wireless networks. The attacker needs to capture a single EAPOL frame after requesting it from the access point, extract the PMKID from it by dumping the recieved frame to a file, convert the captured data to a hash format accepted by Hashcat, and run Hashcat to crack it. Once that's done, the attacker has the Pre-Shared Key (PSK), i.e. the password, of the wireless network. Depending on the length and complexity of the password and the power of the cracking rig, that last step could take hours or days. "The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame," Steube explained. This makes the attack much easier to pull off, as the attacker doesn't depend on another user and on being in range of both the user and the access point at the exact moment when the user connects to the wireless network and the handshake takes place.

150 comments

  1. wireless tools are inferior to wired by Anonymous Coward · · Score: 0, Offtopic

    with wired tools, you have a way to pull them out of your ass if you stick them too far up

    #lifehacks

  2. Use good passwords by dlakelan · · Score: 4, Insightful

    A good password for wifi, since it doesn't really need to be memorized, is one generated by something like keepass2: 15 characters long random letters numbers and punctuation:

    DHDukBDL04Pt2ZT

    for example (note that is not a password I use, just one I randomly generated).

    Since no-one actually has to type this in more than once per device, it's really not a major problem that you can't memorize it.

    --
    ((lambda (x) (x x)) (lambda (x) (x x))) http://www.endpointcomputing.com a scientific approach to custom computing.
    1. Re:Use good passwords by Anonymous Coward · · Score: 0

      that won't stop hashcat from cracking your password

    2. Re:Use good passwords by omnichad · · Score: 1

      No, but it makes it take longer. If you're not the easiest target on the block it will at least stop casual leechers.

    3. Re:Use good passwords by Anonymous Coward · · Score: 1

      I target all of my neighbors. Any SSID within earshot. Hashcat crunches all of them in the background. It's not much effort.

    4. Re: Use good passwords by tysonedwards · · Score: 1

      Is that randomly generated password more secure than something like âoeEasiest-Target-4-Casual-Leechersâ which someone could easily remember?

      --
      Thirty four characters live here.
    5. Re:Use good passwords by Anonymous Coward · · Score: 0

      Or you could just use 6 dictionary words and have a stronger password that doesn't give people seizures when they try and type it on a phone.

    6. Re: Use good passwords by Anonymous Coward · · Score: 0

      Is that randomly generated password more secure than something like âoeEasiest-Target-4-Casual-Leechersâ which someone could easily remember?

      This. I'd prefer to change my passwd to random-political-thought than expand my random existing password.

    7. Re:Use good passwords by olsmeister · · Score: 1

      I whitelist the MAC addresses I allow to attach to my router.

    8. Re: Use good passwords by omnichad · · Score: 1

      Both are stronger than your neighbors'.

    9. Re:Use good passwords by gtwrek · · Score: 3, Interesting

      Someone's going to need to translate the likely length of a crack. The quote "that last step could take hours or days" isn't all that helpful.

      If we have a WPA2 (max) 63 printable ASCII character random password, is the crackable time of this attack still on the order of "a couple of days"?

      i.e. can casual users mitigate this attack by just increasing their WPA2 password length? To what size?

      Or is this attack some sort of end-around where the size of the WPA2 ascii key doesn't matter. It's not clear to me, but then again, I'm no security expert either...

    10. Re:Use good passwords by Anonymous Coward · · Score: 2, Insightful

      I sniff those too. Easy enough to spoof. Sometimes I have to wait for the impersonated device to be offline. Depends on the AP and the device.

    11. Re:Use good passwords by Anonymous Coward · · Score: 4, Interesting

      Very few of them, actually.

      Moreover, if some attacker is going to use this approach, (s)he is likely not looking for the easiest target on the block, but for the ones worthy of his/her attention because (s)he has specific plans. If someone a worthy target, the attacker just passes by the relevant house or office, collects the data, and patiently cracks it. It doesn't matter if it takes them 1 day or 50. If the target is worth and the crack is computationally feasible, they'll do it and wait as long as needed.

    12. Re:Use good passwords by Anonymous Coward · · Score: 0

      It's a good thing those can't be spoofed!

    13. Re:Use good passwords by Xenolith0 · · Score: 5, Informative

      MAC whitelists do NOTHING for security.

      First, anyone who can sniff the wifi traffic can see all the mac addresses.
      Second, in Linux you can change your MAC to whatever you want with one command:

      ip link set dev enp0s3 address DE:AD:BE:EF:CA:FE

    14. Re:Use good passwords by sims+2 · · Score: 1

      Ahahaha.

      I really hope you were being sarcastic.

      --
      Minimum threshold fixed. Thanks!
    15. Re:Use good passwords by skoskav · · Score: 3, Insightful

      You clearly never have guests over.

    16. Re:Use good passwords by Anonymous Coward · · Score: 0

      Only if there was some way to spoof MAC addresses.

    17. Re: Use good passwords by Anonymous Coward · · Score: 0

      yeahbutyouareafuckingmorontousethatpasswordinsteadofthisone

      Just sayin'.

    18. Re: Use good passwords by Anonymous Coward · · Score: 5, Funny

      What i have at home is a faraday cage with the router and a comfy chair inside it.

    19. Re: Use good passwords by c6gunner · · Score: 4, Insightful

      That's what a guest network is for. Enable it when they show up, disable it when they go away.

    20. Re: Use good passwords by Anonymous Coward · · Score: 5, Funny

      What am I, a network administrator? Who's got time for that

      I give them my neighbor's SSID and password, which I've cracked. Problem solved.

    21. Re:Use good passwords by Anonymous Coward · · Score: 0

      MAC whitelists are a meme feature. It's worthless.

      No, what you want is an OS and router with support for port-knocking.
      That way you can pretend to be a super hacker while watching cat videos on Youtube.

    22. Re:Use good passwords by Anonymous Coward · · Score: 1

      Actually it will stop hashcat from cracking the password. This attack is still just a brute force attack, which means you blindly try passwords until you find one that matches. 15 characters randomly chosen from uppercase letters + lowercase letters + numbers + punctuation create an effective key length of log2(26+26+10+10)^15) = 92 bits. That's enough to make finding the key practically impossible. Make it 21 characters long to get 129 bit key strength.

    23. Re: Use good passwords by Anonymous Coward · · Score: 2, Informative

      and use VLANs to ensure the guest network doesn't have access to anything but the internet.

    24. Re:Use good passwords by Anonymous Coward · · Score: 0

      Random letters and numbers are not more secure than 14 lowercase letters, an upper and any number, with those first 14 being the first 10,000 common English words.
      It simply isn't.
      You fell for a dumb meme than is Keepass2 and the rest of their kind.

      Dictionary attacks against this get zero feedback on a successful character guess. (at least I think so in this version, if not it's a shit spec and whoever designed it should be punched in 5 throats)
      They'll either get a successful connection or failed connection.
      This means you could use a quote from popular media and still probably get away with it as long as 2 random upper and number characters are used anywhere in it.

      Dictionary attacks are another dumb meme that people fall for. Dictionary attacks become useless when you get above a certain size.
      Once you do, it is essentially brute force again, except instead of a handful of characters, you have an entire dictionary to go through, which has a search space so SO much higher even if you use common 1,000 words.
      Dictionary attacks are only useful against common quotes, single words and password structures shared online or from leaked password databases.
      Beyond that they are pretty worthless.

    25. Re:Use good passwords by Petersko · · Score: 1

      Why would you limit yourself to 15 characters? Mine is 63 characters of gibberish. Cut/Paste from my phone's KeePass client.

      If you must give it to somebody, do it in email with no context. Knowing the password doesn't help when you don't know what network it's for.

    26. Re:Use good passwords by hawguy · · Score: 4, Insightful

      A good password for wifi, since it doesn't really need to be memorized, is one generated by something like keepass2: 15 characters long random letters numbers and punctuation:

      DHDukBDL04Pt2ZT

      for example (note that is not a password I use, just one I randomly generated).

      Since no-one actually has to type this in more than once per device, it's really not a major problem that you can't memorize it.

      It may not need to be memorized, but it does need to be typed into every Wifi device you own, sometimes through a clunky on screen or "scroll through the letters" LCD interface. So random string passwords are annoying enough that many people avoid them.

    27. Re: Use good passwords by Anonymous Coward · · Score: 3, Insightful

      might as well use ethernet, or tin cans with a string...

      R O

    28. Re:Use good passwords by Anonymous Coward · · Score: 2, Informative

      Basic combinatorics: (size of character set)^(number of characters in password) is the size of the key space. To span an equivalent key space with just ones and zeros, you need log2(size of key space) bits. There are 95 printable ASCII characters: log2(95^63)=413 bits. The actual key derived from the passphrase is just 128 bits long, so that's overkill. You can max out the key strength with just 22 randomly (!) chosen characters from uppercase+lowercase+numbers. If your password is not completely random (it contains words, you typed "randomly", etc.), then you need more characters.

    29. Re: Use good passwords by 93+Escort+Wagon · · Score: 2

      That's what a guest network is for. Enable it when they show up, disable it when they go away.

      Trivially easy to do on some routers, like Apple’s Airport series. Too bad they discontinued them...

      --
      #DeleteChrome
    30. Re: Use good passwords by Anonymous Coward · · Score: 0

      I saw once in a comic that adding psychological messages like:
      I'm so dissapointed of you, you could be ...
      At least could make the leechers think about it.

    31. Re:Use good passwords by marklark · · Score: 2

      Why couldn't I defeat port-knocking by watching for the connection behavior of successful users and then mimicking them? - spoofing MAC address, etc, if necessary.

    32. Re:Use good passwords by Anonymous Coward · · Score: 1

      Oh, and the attack is still just brute force. In an offline brute force attack, you need something that tells you if the password you're trying is the/a right one (an "oracle"). The new attack makes it easier to find that thing that you "compare" against while brute forcing the password. It does not give the attacker any information about the password itself.

    33. Re:Use good passwords by Anonymous Coward · · Score: 0

      Don't give advice about things you know nothing about. This is an offline attack. You can test a couple million passwords per second. You need strong passwords to make WPA/2 secure. A password consisting of "14 lowercase letters, an upper and any number" is not strong enough.

    34. Re:Use good passwords by The-Ixian · · Score: 2

      I just used an NFC tag to put the password in. Stuck the tag to a central location in the house and any guest can just tap their phone to the tag.

      --
      My eyes reflect the stars and a smile lights up my face.
    35. Re:Use good passwords by Bert64 · · Score: 1

      Password cracking tools have rules to take dictionaries and perform common substitutions like o->0, case toggling, appending of random characters and numbers, concatenating of words etc... They can also try many thousands or even millions of attempts per second depending on the algorithm and available processing power.

      A dictionary word with numbers or a couple of random chars appended will not last long.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    36. Re:Use good passwords by bjwest · · Score: 1

      You clearly never have guests over.

      My guests come to visit me for things like dinner and conversation, to watch a movie or play games, they don't come to leach off my internet sitting on the couch tweeting and facebooking.

      --

      --- Keep the choice with the user..
    37. Re:Use good passwords by Anonymous Coward · · Score: 0

      You could also post a QR code

      https://qifi.org/

    38. Re: Use good passwords by bjwest · · Score: 1

      That's what a guest network is for. Enable it when they show up, disable it when they go away.

      Trivially easy to do on some routers, like Apple’s Airport series. Too bad they discontinued them...

      Or buy a decent router you can upgrade to a third party firmware instead of using the crap from the manufacturer.

      --

      --- Keep the choice with the user..
    39. Re:Use good passwords by gtwrek · · Score: 1

      Is that what this crack is - a quicker (perhaps offline) tests of the randomly guessed (128 bit) password?

      If so, then nothing to see hear, move along. 128-bit passwords will be okay for a while longer, I think - even with an accelerated compare.

    40. Re:Use good passwords by Anonymous Coward · · Score: 0

      But I also limit my WiFi strength to 6 feet radius only.

    41. Re:Use good passwords by Anonymous Coward · · Score: 0

      It is a quicker way of getting a hash of the key. Previously, getting the hash required capturing a full four-frame handshake between a client and the router. Now the attacker can get the hash straight from the router (if some preconditions are satisfied). The test itself isn't quicker. The key is derived from the passphrase. To test a passphrase, a key is derived from it the same way the router would do it, and then it is hashed the same way the router would do it, and then the hash is compared to the hash you got from the router. If they match, you have a working passphrase.

    42. Re:Use good passwords by Swave+An+deBwoner · · Score: 1

      That suggests a benefit in periodically changing the passphrase then. So they'll have to start cracking it all over again from the beginning.

    43. Re: Use good passwords by skoskav · · Score: 1

      Completely agree about guest networks, but I still despise randomized alphanumeric passwords as a general policy. Comparing passwords using the zxcvbn library via https://www.bennish.net/passwo..., I note that "DHDukBDL04Pt2ZT" is about as secure as "my flemish glassblower costume", but only one of them allows me to go into another room and enter it into a new device.

      This password strategy works even better for Germanic languages which can construct a near-infinite amount of nonsensical compound words, which inconveniences dictionary attacks.

    44. Re:Use good passwords by F.Ultra · · Score: 1

      I use the full 63 key length in WPA2 with random characters. It's a royal pain when you buy new mobiles or other appliances that needs internet connectivity but that's the price you have to pay.

    45. Re:Use good passwords by skoskav · · Score: 1

      You're making it into a bit of a false dichotomy. My guest Wi-Fi is generally only used when sharing pictures/video or troubleshooting my family members' devices.

    46. Re:Use good passwords by Anonymous Coward · · Score: 0

      But I like sniffing all sorts of other things too some biological even.

    47. Re:Use good passwords by gregstumph · · Score: 1

      Mmmm... Dead beef.

    48. Re:Use good passwords by AHuxley · · Score: 1

      The math protected the encrypted network.
      The network was not secure when it first starts.
      The network has to communicate about shared keys when first connecting.
      That first, initial communication is altered by another computer in the middle.
      That will reset further communication and the computer in the middle is then trusted.
      That nonce “number used once” is then well in play before any long password.
      ie the middle has a trusted way in and has part of what is needed to later be trusted. The needed math to then work out what the user was encrypting is then much more easy.
      The data stream has an extra user.

      --
      Domestic spying is now "Benign Information Gathering"
    49. Re: Use good passwords by Anonymous Coward · · Score: 0

      Port knocking requires long term surveillance and and awareness of the existence of the knock. Which means you are already in the users building or you owned the ISP.

      Despite that, elaborate PN setups can involve third parties, delayed windows, etc. To hack my connection, you have to crack a couple of semi popular firewalls plus two different cloud VMs and only then will you even be able to use a stolen ssh key if you somehow had it.

      Latency is annoying at times, but security is worth it.

    50. Re: Use good passwords by Anonymous Coward · · Score: 0

      Or buy a tiny, shitty router and only plug it in when the guests need access.

    51. Re: Use good passwords by Anonymous Coward · · Score: 0

      I like sniffing queefs

    52. Re: Use good passwords by Anonymous Coward · · Score: 0

      >> and use VLANs to ensure the guest network doesn't have access to anything but the internet.

      Too much to ask considering that in the realword we get cases like Netgear removing something as basic as static IP leases. VLANs are almost exclusively an enterprise feature that won't come for free on consumer routers.

      If available for your hardware, DDWRT is a pain for VLAN configuration. Jailing your work Windows 10 machine would be TONS easier if DDWRT just had a checkbox to prevent bridging your wifi with your wired computers --when the client isolation checkbox is related logically.

    53. Re: Use good passwords by Bender0x7D1 · · Score: 3, Funny

      might as well use ethernet, or tin cans with a string...

      That would require multiple dongles if he has a Mac.

      --
      Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
    54. Re: Use good passwords by c6gunner · · Score: 1

      I'm aware of all this; the passwords I actually want/need to remember are all composed of at least 4 words, in at least two different languages. However the vast majority of my passwords (especially the ones I rarely have to type) are random alphanumeric strings stored in an encrypted container.

      Why? Because I have upwards of 100 accounts I've signed up for over the years, and I do not reuse passwords. No matter how "easy to remember" I might make them there's no way I'm memorising more than a dozen passwords, let alone 100+.

    55. Re: Use good passwords by Anonymous Coward · · Score: 0

      All that will do is seriously shorten your WiFi leash, the longer the password the more transmission and computation power is required of your WiFi router to keep a session going. Depending on your router YMMV; usually have to find that sweet spot between too many characters and random disconnects between devices located further away from the antenna.

    56. Re:Use good passwords by Anonymous Coward · · Score: 0

      MAC whitelists do NOTHING for security.

      First, anyone who can sniff the wifi traffic can see all the mac addresses.
      Second, in Linux you can change your MAC to whatever you want with one command:

      ip link set dev enp0s3 address DE:AD:BE:EF:CA:FE

      You can change the MAC in OS X and in Windows. It's not unique to Linux.

    57. Re: Use good passwords by Anonymous Coward · · Score: 0

      Bullshit

    58. Re:Use good passwords by AmiMoJo · · Score: 1

      I posted this comment on the firehose submission. TL;DR with a good password it's still impractical to crack via brute force, all this does is make dictionary/rainbow table attacks a bit more practical by easing the gathering of the necessary data.

      I had a look at this and it's interesting, but I wouldn't say that WPA2 is "cracked".

      Previously you had to capture the handshake from a real user and then crack the crypto. The crypto wasn't bad but was vulnerable to dictionary attacks, rainbow tables and the like. But if you used a good key you were, and still are, quite secure.

      This new attack means that the attacker doesn't have to wait for an authenticated user to connect any more. It fixes a lot of the problems that made cracking even weak passwords difficult, like the potentially large amount of time needed and the possibility of necessary packets failing to capture due to interference or poor signal. But crucially it doesn't affect the crypto, so you still need to do that very expensive offline attack on the key.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    59. Re:Use good passwords by Anonymous Coward · · Score: 0

      I prefer DE:AD:BA:B1:E5.

    60. Re:Use good passwords by AmiMoJo · · Score: 1

      Unless they have an iPhone, where the NFC can only be used for Apple Pay and nothing else.

      For lowly iPhone users a primitive QR code works, but of course you have to print a new one every time you change your wifi password.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    61. Re:Use good passwords by AmiMoJo · · Score: 1

      It may not need to be memorized, but it does need to be typed into every Wifi device you own, sometimes through a clunky on screen or "scroll through the letters" LCD interface.

      If the device's UI is that bad you have to wonder if their security is any better. Best to keep them off the network, or create a severely restricted second SSID just for them.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    62. Re:Use good passwords by AmiMoJo · · Score: 1

      That's not the threat that port knocking defends against. If someone can observe connections to your server then port knocking won't help you.

      If you have a port accepting incoming connections from the internet it will get hammered. People are scanning all the time, they will find it and throw every protocol and exploit imaginable at it.

      Port knocking allows you to simply drop all packets until you see the knock, which makes it look like your host is offline or at least properly firewalled. At the very least it offers protection against zero-day exploits from botnets and port scanning script kiddies.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    63. Re:Use good passwords by Ingenium13 · · Score: 1

      Most routers or APs allow you to have a guest network that's isolated from your personal network (via VLANs typically, but Asus routers seem to bridge the interfaces with the same address space and use ebtables to separate them from interacting). You can use a weaker password for guests. And allow traffic selectively between the subnets if you want (for example, I allow access to my networked printer for guests).

    64. Re:Use good passwords by lsatenstein · · Score: 1

      I have a password generator that is fairly simple.
      I uses the website info, my reserved word and a salt string as input to the sha1sum program. I upper case every alternate letter.

      That modified sha1sum output usually does the job. No two sites that I visit gets the same password string.

      --
      Leslie Satenstein Montreal Quebec Canada
    65. Re:Use good passwords by hawguy · · Score: 1

      It may not need to be memorized, but it does need to be typed into every Wifi device you own, sometimes through a clunky on screen or "scroll through the letters" LCD interface.

      If the device's UI is that bad you have to wonder if their security is any better. Best to keep them off the network, or create a severely restricted second SSID just for them.

      My printer has a 16 character LCD display and 5 buttons, that's all it needs, I don't want or need a better UI (and don't feel like paying any extra for it), and I don't see how I can make any assumptions between the quality of the UI and the security of the product.

      In any case, all of my non-computer devices do live on their own SSID. Yet I still want that SSID to be secure.

    66. Re: Use good passwords by Anonymous Coward · · Score: 0

      Old school bastard operator.

    67. Re:Use good passwords by Anonymous Coward · · Score: 0

      For guests I use a QR-code they can scan with their mobile phone. Automatically connects them to guest network without having to remember the password

    68. Re: Use good passwords by F.Ultra · · Score: 1

      Meanwhile any sane person would understand that the keys are never used directly by any device, instead a hash of the key is which means that every single one of your devices will always use a full 256-bit PSK regardless of if your passphrase is one character or 63 as mine is.

    69. Re: Use good passwords by Anonymous Coward · · Score: 0

      It is too easy to clone a mac address

  3. Bypassing login password by booting a different OS by WaffleMonster · · Score: 0

    While looking for ways to encrypt unencrypted data stored on my hard disk I discovered if you forget the password to your computer all files can still be accessed by mounting hard disk on a different system or by booting an alternate operating system from a USB stick.

    Stay tuned for full article, naming party and mascot imagery for new vulnerability I just "discovered".

  4. I don't use wireless by Anonymous Coward · · Score: 0

    I have CAT5 all over my house so none of this applies to me at all.

    1. Re:I don't use wireless by Anonymous Coward · · Score: 1

      CAT5 has been broken. You need to upgrade to CAT6.

    2. Re: I don't use wireless by Anonymous Coward · · Score: 0

      I use the apple wireless iCables with lan dongles, since i donÂt have the bluetooth catPods

    3. Re: I don't use wireless by Anonymous Coward · · Score: 0

      I love the new iCables, you just lay them on the floor between devices and not plug them in!

    4. Re:I don't use wireless by ArchieBunker · · Score: 1

      I'm still using 10BASE5!

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    5. Re:I don't use wireless by ls671 · · Score: 1

      Hey me too! A millennial technician came to my place when I was away to pick up a machine that was attached to the network. It was the machine at the end of the coax. He didn't put the end plug back at the end of the cable thus taking the whole network down then, he left with his machine :)

       

      --
      Everything I write is lies, read between the lines.
    6. Re:I don't use wireless by Anonymous Coward · · Score: 0

      Thinnet rulez!

    7. Re:I don't use wireless by psergiu · · Score: 1

      Hand in you geek badge when you exit.
      Confusing 10Base-2 with 10Base-5 is a big offense here on /.

      --
      1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
    8. Re:I don't use wireless by ls671 · · Score: 1

      Hand in you geek badge yourself buddy!

      What makes you think I confused anything???

      hint: vampire tap are optional

      https://en.wikipedia.org/wiki/...:

      As is the case with most other high-speed buses, segments must be terminated at each end. For coaxial-cable-based Ethernet, each end of the cable has a 50 ohm resistor attached. Typically this resistor is built into a male N connector and attached to the end of the cable just past the last device. With termination missing, or if there is a break in the cable, the signal on the bus will be reflected, rather than dissipated when it reached the end. This reflected signal is indistinguishable from a collision, and prevents communication.

      --
      Everything I write is lies, read between the lines.
    9. Re:I don't use wireless by ELCouz · · Score: 1

      WHOOOSH!

    10. Re: I don't use wireless by Anonymous Coward · · Score: 0

      I use 17-Base7 ! Primed for the win.

    11. Re: I don't use wireless by dohzer · · Score: 1

      Lay them on the floor? Dude... you need to use cable stands or your SNR will degrade. Make sure you connect them in the right direction to control the electron flow for maximum sound performance.

  5. May as well put this into WiFi driver by mi · · Score: 2

    If it is as easy as described, we may as well add the functionality to the WiFi-drivers:

    1. Searching for WiFi-networks
    2. Connecting to Boo, because it has the strongest signal
    3. Cracking Boo's preshared key
    4. Verifying Internet-connectivity
    5. Connected! (Profit!)
    --
    In Soviet Washington the swamp drains you.
    1. Re:May as well put this into WiFi driver by Anonymous Coward · · Score: 0

      Obligatory
      https://xkcd.com/416/

  6. Re: Bypassing login password by booting a differen by Anonymous Coward · · Score: 0

    The computer user password is not to protect against local access to the data.
    You need to encrypt the files or entire drive like you are planning.

  7. How does this apply to full length keys? by sims+2 · · Score: 1

    Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B

    64 character pseudo random hexadecimal key the max length supported by the standard.

    Is that still considered secure or would that only take a few days to crack?

    From what I read it looks like it should still be secure enough.

    --
    Minimum threshold fixed. Thanks!
    1. Re:How does this apply to full length keys? by TechyImmigrant · · Score: 4, Funny

      Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B

      It won't take very log. You've already given us the password.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    2. Re:How does this apply to full length keys? by Anonymous Coward · · Score: 1

      RTFA: "Luckily, protecting one’s WPA and WPA2 wireless networks against this attack is as easy as setting a complex, long and random password – and not using the one generated by the router."

    3. Re: How does this apply to full length keys? by c6gunner · · Score: 1

      It's no different than brute forcing any other 64 bit AES key. Hundreds of years using a single computer.

    4. Re:How does this apply to full length keys? by datavirtue · · Score: 1

      ...or you could just spoof the MAC of someone who has already authenticated and take their session. Preferably one who is sitting idle so they don't re-auth or call IT asking why they keep getting disconnected.

      --
      I object to power without constructive purpose. --Spock
    5. Re:How does this apply to full length keys? by IMightB · · Score: 4, Funny

      Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B

      It won't take very log. You've already given us the password.

      All I see is **********************

    6. Re:How does this apply to full length keys? by TechyImmigrant · · Score: 1

      Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B

      It won't take very log. You've already given us the password.

      All I see is **********************

      Take off the VR headset

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    7. Re:How does this apply to full length keys? by 93+Escort+Wagon · · Score: 1

      Yeah, this “discovery” still boils down to brute-forcing an encrypted password.

      I’m not worried about my WPA2 network.

      --
      #DeleteChrome
    8. Re: How does this apply to full length keys? by ls671 · · Score: 1

      Exactly, unless you have thousands of super computers at hand.

      Some providers have fixed length passwords by default (8 hex digits, I have seen some with 10 hex digits). Some people use common dictionary words as passwords. Those are trivial to crack.

      I have even seen providers using the first 8 hex digits of the mac address as wifi password. :)

      Apart from that, you are pretty much safe.

      --
      Everything I write is lies, read between the lines.
    9. Re:How does this apply to full length keys? by 93+Escort+Wagon · · Score: 1

      Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B

      It won't take very log. You've already given us the password.

      No, that’s the combination to his luggage - “Hunter2” is his WPA2 password.

      --
      #DeleteChrome
    10. Re:How does this apply to full length keys? by Anonymous Coward · · Score: 0

      hunter2

    11. Re:How does this apply to full length keys? by whoever57 · · Score: 1

      Have fun typing that in using the on-screen keyboard of a cellphone.

      --
      The real "Libtards" are the Libertarians!
    12. Re:How does this apply to full length keys? by ls671 · · Score: 1

      If I remember correctly, this is not going to work. It isn't like stealing an http session cookie. Again, if I remember correctly, you need to know the wifi password to send valid traffic and/or to negotiate a valid temporary key in order to send valid traffic.

      Anybody feels like confirming this?

      --
      Everything I write is lies, read between the lines.
    13. Re: How does this apply to full length keys? by Anonymous Coward · · Score: 0

      It's no different than brute forcing any other 64 bit AES key. Hundreds of years using a single computer.

      Single computer? Single CPU? Single computer with 2048 GPU cores?

    14. Re:How does this apply to full length keys? by Anonymous Coward · · Score: 0

      No worries, I got this, bham!:
      Have0fun1typing2that3using4the5onscreen6keyboard7of8a9cellphone
      Equally strong and trivial to remember.

      Random != stronger. It's only better in a "you can smash my knees in all you want I literally don't know the password" scenario. But that also gets your knees smashed in, so better is highly subjective.

    15. Re: How does this apply to full length keys? by lgw · · Score: 2

      Exactly, unless you have thousands of super computers at hand.

      How important is cracking that password? It's quite easy to get 10000 cores working in parallel for $80 per core-year.

      If you're satisfied with it costing more to crack your password than it would cost for the attacker to just get his own Internet service, a medium-strong password is fine.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    16. Re: How does this apply to full length keys? by ls671 · · Score: 1

      So, what is your point with regards to what I wrote? 10000 cores might or might not qualify as 1 super-computer but this seems irrelevant.

      By the way, cores suck at cracking WPA/WPA2 passwords. Hashcat uses GPUs for maximum efficiency.

      --
      Everything I write is lies, read between the lines.
    17. Re: How does this apply to full length keys? by Khyber · · Score: 0

      What do you think a GPU is made of? Huge fucking arrays of 'cores'

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    18. Re: How does this apply to full length keys? by edtice1559 · · Score: 1

      I think you are missing the point of cracking the password. It's not to get internet access. It's to sniff traffic on the network. If you sniff traffic on my home network you could watch This Is Us for free which isn't much of a gain. But if the network is home to higher value targets, getting a wireless connection is a gold mine as you will already be behind the firewall.

    19. Re:How does this apply to full length keys? by gtwrek · · Score: 1

      Make a QR-code of the SSID/ (long) password. It's a standard QR field. Print it out and have available for anyone in your house to quickly snap, and you're done.

      Of course there's readily available QR software for this on the web. But then using a web QR generator requires one upload their password out in the open to a random third party. I recommended a locally run QR generator.

    20. Re: How does this apply to full length keys? by ls671 · · Score: 2

      Exactly! The GP mentioned 10,000 cores like it was a big deal so I assumed that he meant CPU cores.

      The smallest Amazon P2 instance has 2500 GPU cores, the biggest has 40,000 GPU cores.

      Re-read the GP post and try to fit the price he mentioned with GPU cores offered by Amazon.

      https://aws.amazon.com/ec2/ins... .9$/2500*24*365 = 3.15360

      3.15$ by GPU core a year, not 80$ per core a year! So IMHO he meant CPU cores.

      Feel free to review my numbers, I did this quickly.

      Cheers,

      --
      Everything I write is lies, read between the lines.
    21. Re: How does this apply to full length keys? by lgw · · Score: 1

      Pedantic much?

      My point was just that anyone these days can grab may thousands of servers to crunch anything parallelizable, and it's not even that expensive. Supercomputers are no longer exotic.

      And of course anything that depends on SHA-256 is even easier - you can pick up a box that can do 1 trillion hashes per second for ~$200, thanks to bitcoin.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    22. Re:How does this apply to full length keys? by Anonymous Coward · · Score: 0

      Random is stronger, as you would know if you had a clue about what entropy is and how to calculate the entropy of a passphrase.

    23. Re: How does this apply to full length keys? by Swave+An+deBwoner · · Score: 1

      And you'll be able to capture all of the encrypted (SSH, TLS) traffic?

    24. Re: How does this apply to full length keys? by Anonymous Coward · · Score: 0

      You will still not have a result before the heat death of the universe if the passphrase is random and long enough. Don't bring linear scaling to an exponential fight.

    25. Re:How does this apply to full length keys? by serviscope_minor · · Score: 1

      That's funny, it looks like hunter2 to me!

      --
      SJW n. One who posts facts.
    26. Re:How does this apply to full length keys? by 14erCleaner · · Score: 2

      That used to be my password (or something very similar). It was a pain because I couldn't tell the 0 and O characters apart, and had to try a few dozen times to get it right each time.

      --
      Have you read my blog lately?
    27. Re: How does this apply to full length keys? by c6gunner · · Score: 1

      Yes.

    28. Re: How does this apply to full length keys? by Bert64 · · Score: 1

      Why would it cost anything? If an attacker is willing to perform illegal intrusions onto your wifi network, they're not going to balk at compromising someone else's systems to use for password cracking so it wouldn't be the attacker who's paying for those cpu cycles.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    29. Re:How does this apply to full length keys? by sims+2 · · Score: 1

      I had that problem too using a random 63 character standard password but there are just too many characters that look the same under most fonts.

      So I switched to a 64 character hexidecimal password.
      Hexidecimal is limited to characters A-F and 0-9
      So no o 0 problem anymore as hexidecimal doesn't have "o"s.

      An alternative is just using a password generator that avoids using easily mistaken characters.

      --
      Minimum threshold fixed. Thanks!
    30. Re:How does this apply to full length keys? by sims+2 · · Score: 1

      I think this would only work for bypassing a MAC address filter.

      WPA2 uses a 4 way handshake or something meaning its not possible for a computer to carry on a conversation with the network without knowing the key.

      WPA2 isn't just authentication it's also encryption.
      It's the diffrence between using a site that uses https only for the login page (only initial authentication secured) and a site that uses https for all pages (fully encrypted).

      --
      Minimum threshold fixed. Thanks!
    31. Re:How does this apply to full length keys? by sims+2 · · Score: 1

      It's much easier to type on a cellphone than a 63 character random standard password like: IZvmnyD.GI2HCv*SK!nkB2%JYFLV6y:p%QD;Zz6fS,7PH45pDW7E3PzEXZ=wl5;

      Uppercase, lowercase is that an I, l, | or 1? o, O or 0?

      --
      Minimum threshold fixed. Thanks!
    32. Re: How does this apply to full length keys? by edtice1559 · · Score: 1

      If you have unfettered access to the network and some basic skills, you will get in pretty deep. Capturing encrypted traffic won't be of much value. Your next step will be to try to gain access to one of the hosts. Even if all of the hosts are completely patch on day one, you can just be patient. All it takes is one exploit that you know about before the target and you've then gained additional access. If the target is an organization, there are likely many hosts and you only need to find one additional vulnerability now that you are behind a firewall. Probably takes zero skill. Rote use of nmap and metasploit will likely get you there. Boring for sure. I would lose my mind But some people actually find this type of exploitation fun.

    33. Re: How does this apply to full length keys? by lgw · · Score: 1

      There's still an opportunity cost. Any botnet an attacker may control could be rented out or used to mine altcoin. Or, for a government attacker, there are always competing priorities.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    34. Re: How does this apply to full length keys? by ls671 · · Score: 1

      Well, be nice with him. Although expectations are low, some people win the lottery so he might find it early, who knows?

      --
      Everything I write is lies, read between the lines.
    35. Re: How does this apply to full length keys? by Swave+An+deBwoner · · Score: 1

      I was thinking of "home" networks, not organizations. One would expect an "enterprise" organization to not be using WPA2/PSK but maybe something a little harder to defeat, but it's probably true that many just use a $50 router they bought "to keep expenses down".

    36. Re:How does this apply to full length keys? by ls671 · · Score: 1

      yep, yep, yep, well said!

      Cheers,

      --
      Everything I write is lies, read between the lines.
  8. Re: Bypassing login password by booting a differen by Anonymous Coward · · Score: 0

    Amazing that people do not understand this....

  9. Re:Bypassing login password by booting a different by Anonymous Coward · · Score: 3, Insightful

    You don't seem to understand this attack at all. It makes it possible to precompute the password to a WPA2-PSK network without having to wait for a valid client to authenticate against the network in the first place.

    So you can just walk around an apartment block with your phone asking each AP for the needed packet. Go back home, crack it all offline and come back doing automated attacks on every network. Each visit takes a few minutes each time instead of having to wait for a valid authorized client for each network. Can be dronified of course for extra flare.

    This breaks WPA2-PSK by making attacks trivial to do. I wonder how the Enterprise versions hold up.

  10. Re:Bypassing login password by booting a different by barakn · · Score: 1

    Your sarcasm detector is broken.

    --
    "I'm so moist I'm sticking to the leather." -Kermit the Frog on The Late Late Show
  11. Re: Bypassing login password by booting a differen by c6gunner · · Score: 1

    This breaks WPA2-PSK by making attacks trivial to do

    No, it doesn't; it merely makes it more vulnerable for users who aren't following good password guidelines (which, admittedly, is most of them).

    WPA2 supports a maximum password length of 64 characters; if your target is using a password of sufficient complexity then the attack is going to be impossible rather than trivial.

  12. The AP gives out the PSK? by Anonymous Coward · · Score: 0

    It seems to me that this means the router provides the hash of the PSK when first making the connection? Seems like an obvious oversight, I
    m sure most security exchange protocols aren't handing out hashes of the key, but instead use a MAC. I hope this is fixed in WPA3.

  13. Just use a pass phrase, already by alispguru · · Score: 2

    The password for my home network is a correctly capitalized and punctuated sentence.

    Everyone on my network can spell, and knows where the shift key is, even the guests.

    --

    To a Lisp hacker, XML is S-expressions in drag.
  14. Session encryption? by Anonymous Coward · · Score: 0

    Why wasn't stronger encryption used to protect the hashed Pre Shared Key? For a strong enough password it doesn't matter who gets the hash, but for a weak password, it's a big deal.

  15. Simpler way ... by fahrbot-bot · · Score: 2

    ... obviously involves a $5 wrench.

    --
    It must have been something you assimilated. . . .
  16. Re: Bypassing login password by booting a differen by WaffleMonster · · Score: 4, Informative

    Was having fun with analogy.

    The computer user password is not to protect against local access to the data.

    PSK algorithm is not designed to protect against offline brute force campaigns. Well known property of PSK. It's why people have always had to chose increasingly absurdly long passwords to secure their APs.

    You need to encrypt the files or entire drive like you are planning.

    You need to use a secure authentication protocol like what's included with WPA3 to avoid susceptibility to offline brute force campaigns.

    Only for WPA3 they chose a crappy authentication protocol out of the gate opting for a balanced PAKE when better (augmented) versions are readily available on similar terms.

    Difference between balanced and augmented is a bit like the difference between a password file stored as plaintext or hashed.

    If it's hashed (augmented) and stolen someone needs to crack it before they can login as you. If it's plaintext (balanced) as what was selected for WPA3 they can login as you immediately without cracking it.

    A lifetime ago Cisco released an undocumented authentication protocol for username/password wireless authentication (LEAP) that was quickly revealed in all ways that mattered to essentially be MSCHAPv1.

    At the time of release shortcomings of MSCHAPv1 were well known. Surely someone must have known yet they went ahead and did it anyway. While not nearly as egregious the same theme is being repeated with WPA3. Better algorithms with better properties are readily available yet they elect to go forward with the inferior one anyway.

  17. Re: Bypassing login password by booting a differen by Khyber · · Score: 1

    I wonder if taking a two-pronged approach to this would work better. Hashcat plus the same AES-busting technique used to break the password on Julian Assange's Insurance files. First reduce the possible keyspace with the AES busting technique, then Hashcat the remainder.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  18. Run an open wifi by mea2214 · · Score: 2

    ...and you never have to worry about password or any of this BS. My open wifi in a densely populated neighborhood has been running for 6 1/2 years getting around 30 unique visitors/day, 200 unique visitors/month. Why are people so stingy with their wifi? Most everything is encrypted end to end nowadays.

    1. Re:Run an open wifi by Anonymous Coward · · Score: 1

      Because if someone uses your Wi-Fi for illegal purposes you will be the one getting visited by the police. You may be innocent of committing any crime, but you will spend time and money explaining yourself and be on the local cop's radar forever.

    2. Re:Run an open wifi by piers_downunder · · Score: 2

      If I'm already doing illegal things, then locking down the password points the finger directly at me. At least in an open network, I have plausible deniability.

    3. Re:Run an open wifi by Anonymous Coward · · Score: 0

      Maybe because its the dumbest idea ever and all traffic over public wifi can be trivially intercepted?

      https://www.wifipineapple.com
      https://scotthelme.co.uk/wifi-pineapple-karma-sslstrip/

      100 bucks and I could harvest everything from you and anyone else stupid enough to connect.

      Shocking that this has got to a score of 3 so far...

    4. Re:Run an open wifi by Anonymous Coward · · Score: 0

      Why are people so stingy with their wifi?

      Because I don't like lag spikes in online games.

      I can feel it when someone next room loads one of those megabyte-sized html pages that infest the interwebs these days.

      It's enough to get me killed in the game.

    5. Re:Run an open wifi by strikethree · · Score: 1

      I used to do this. I am not in a position to do it currently.

      I had realtors and police as the main users. I would see them park outside of my house. It felt good to share and nobody abused the privilege. This is how society should be.

      As a security oriented person, I had limits and filters in place in case anyone decided to get too "uppity", but nobody ever hit any of those.

      --
      "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
  19. Re:Bypassing login password by booting a different by KClaisse · · Score: 1

    Here's a fun piece of information! On Windows 10, if you boot from a live linux distro and rename sethc.exe to sethc.exe.bak and copy cmd.exe to sethc.exe. Now when you reboot, at the Windows 10 login screen you can get an administrator-level command prompt by hitting the shift key 5 times. \o/

    Security at its finest.

  20. Re:Bypassing login password by booting a different by Anonymous Coward · · Score: 0

    What kind of people are creeping around on /. these days???

  21. Re:Bypassing login password by booting a different by WaffleMonster · · Score: 1

    You don't seem to understand this attack at all.

    I don't care about the distinctions. All irrelevant as far as I'm concerned.

    It makes it possible to precompute the password to a WPA2-PSK network without having to wait for a valid client to authenticate against the network in the first place.

    So what? Being patient or deauth yields same result. Hurdle to successful compromise has not substantially changed has it? Brute force campaign required in either scenario is substantially more labor intensive.

    This breaks WPA2-PSK by making attacks trivial to do.

    No more or less trivial than brute force campaign required to crack the password.

  22. Length of the passphrase is most important by raymorris · · Score: 1

    The length of a passphrase is most important. Using punctuation or not doesn't make as much difference. That's true of passphrases generally.

    For WPA2 specifically, it ends up being turned into a 128-bit key, which is 22 random keyboard characters. You can easily get the same 128 bits by using a few words, especially non-dictionary words such as Greystone or Jamerican.

    1. Re:Length of the passphrase is most important by Highdude702 · · Score: 1

      Correct, length is the major factor, its good to have some punctuation and special characters, it helps to add years to the brute force with the length, and seeing as its only for a wifi password i doubt anybody is going to point any kind of cracking/mining rig at it for any length of time. I use a self generated 18 character password that is easy for me to remember but to normal people looks completely random. i dont even think i own enough gpu's to brute force it if i gave hashcat half of the password before the life of the gpu's are up.

  23. Good Luck by nehumanuscrede · · Score: 1

    If you can brute force my passphrase via Hashcat, you DESERVE to get access to my network.

    Well, the Wi-Fi segment anyway. All my networks are isolated from each other. Wi-Fi traffic isn't allowed to talk with anything on the local network. Not even other clients.

    The key you need to brute force:

    Thirty two characters long. Upper / lower case, numbers and symbols.

    Doing the math tells me I have nothing to worry about from Hashcat any time soon.

    It's far more likely folks will resort to means other than brute force to obtain my key. Assuming access to my network is important enough for someone to try.

    Which, it's not.

  24. Want a secure wifi? by ebvwfbw · · Score: 1

    Use radius. Problem solved.

  25. Re: Bypassing login password by booting a differen by strikethree · · Score: 1

    Surely someone must have known yet they went ahead and did it anyway. While not nearly as egregious the same theme is being repeated with WPA3. Better algorithms with better properties are readily available yet they elect to go forward with the inferior one anyway.

    This has been a common theme since wireless encryption has been a thing. I am reminded of a saying: Once is happenstance. Twice is suspicious. Three times is enemy action.

    We have achieved the enemy action stage.

    --
    "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen