Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hashcat Developer Discovers Simpler Way To Crack WPA2 Wireless Passwords (hashcat.net)

Posted by msmash on from the closer-look dept.

New submitter Woodmeister shares a report: While looking for ways to attack the new WPA3 security standard, Hashcat developer Jens "Atom" Steube found a simpler way to capture and crack access credentials protecting WPA and WPA2 wireless networks. The attacker needs to capture a single EAPOL frame after requesting it from the access point, extract the PMKID from it by dumping the recieved frame to a file, convert the captured data to a hash format accepted by Hashcat, and run Hashcat to crack it. Once that's done, the attacker has the Pre-Shared Key (PSK), i.e. the password, of the wireless network. Depending on the length and complexity of the password and the power of the cracking rig, that last step could take hours or days. "The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame," Steube explained. This makes the attack much easier to pull off, as the attacker doesn't depend on another user and on being in range of both the user and the access point at the exact moment when the user connects to the wireless network and the handshake takes place.

15 of 150 comments (clear)

  1. Use good passwords by dlakelan · · Score: 4, Insightful

    A good password for wifi, since it doesn't really need to be memorized, is one generated by something like keepass2: 15 characters long random letters numbers and punctuation:

    DHDukBDL04Pt2ZT

    for example (note that is not a password I use, just one I randomly generated).

    Since no-one actually has to type this in more than once per device, it's really not a major problem that you can't memorize it.

    --
    ((lambda (x) (x x)) (lambda (x) (x x))) http://www.endpointcomputing.com a scientific approach to custom computing.
    1. Re:Use good passwords by gtwrek · · Score: 3, Interesting

      Someone's going to need to translate the likely length of a crack. The quote "that last step could take hours or days" isn't all that helpful.

      If we have a WPA2 (max) 63 printable ASCII character random password, is the crackable time of this attack still on the order of "a couple of days"?

      i.e. can casual users mitigate this attack by just increasing their WPA2 password length? To what size?

      Or is this attack some sort of end-around where the size of the WPA2 ascii key doesn't matter. It's not clear to me, but then again, I'm no security expert either...

    2. Re:Use good passwords by Anonymous Coward · · Score: 4, Interesting

      Very few of them, actually.

      Moreover, if some attacker is going to use this approach, (s)he is likely not looking for the easiest target on the block, but for the ones worthy of his/her attention because (s)he has specific plans. If someone a worthy target, the attacker just passes by the relevant house or office, collects the data, and patiently cracks it. It doesn't matter if it takes them 1 day or 50. If the target is worth and the crack is computationally feasible, they'll do it and wait as long as needed.

    3. Re:Use good passwords by Xenolith0 · · Score: 5, Informative

      MAC whitelists do NOTHING for security.

      First, anyone who can sniff the wifi traffic can see all the mac addresses.
      Second, in Linux you can change your MAC to whatever you want with one command:

      ip link set dev enp0s3 address DE:AD:BE:EF:CA:FE

    4. Re:Use good passwords by skoskav · · Score: 3, Insightful

      You clearly never have guests over.

    5. Re: Use good passwords by Anonymous Coward · · Score: 5, Funny

      What i have at home is a faraday cage with the router and a comfy chair inside it.

    6. Re: Use good passwords by c6gunner · · Score: 4, Insightful

      That's what a guest network is for. Enable it when they show up, disable it when they go away.

    7. Re: Use good passwords by Anonymous Coward · · Score: 5, Funny

      What am I, a network administrator? Who's got time for that

      I give them my neighbor's SSID and password, which I've cracked. Problem solved.

    8. Re:Use good passwords by hawguy · · Score: 4, Insightful

      A good password for wifi, since it doesn't really need to be memorized, is one generated by something like keepass2: 15 characters long random letters numbers and punctuation:

      DHDukBDL04Pt2ZT

      for example (note that is not a password I use, just one I randomly generated).

      Since no-one actually has to type this in more than once per device, it's really not a major problem that you can't memorize it.

      It may not need to be memorized, but it does need to be typed into every Wifi device you own, sometimes through a clunky on screen or "scroll through the letters" LCD interface. So random string passwords are annoying enough that many people avoid them.

    9. Re: Use good passwords by Anonymous Coward · · Score: 3, Insightful

      might as well use ethernet, or tin cans with a string...

      R O

    10. Re: Use good passwords by Bender0x7D1 · · Score: 3, Funny

      might as well use ethernet, or tin cans with a string...

      That would require multiple dongles if he has a Mac.

      --
      Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
  2. Re:Bypassing login password by booting a different by Anonymous Coward · · Score: 3, Insightful

    You don't seem to understand this attack at all. It makes it possible to precompute the password to a WPA2-PSK network without having to wait for a valid client to authenticate against the network in the first place.

    So you can just walk around an apartment block with your phone asking each AP for the needed packet. Go back home, crack it all offline and come back doing automated attacks on every network. Each visit takes a few minutes each time instead of having to wait for a valid authorized client for each network. Can be dronified of course for extra flare.

    This breaks WPA2-PSK by making attacks trivial to do. I wonder how the Enterprise versions hold up.

  3. Re:How does this apply to full length keys? by TechyImmigrant · · Score: 4, Funny

    Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B

    It won't take very log. You've already given us the password.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  4. Re:How does this apply to full length keys? by IMightB · · Score: 4, Funny

    Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B

    It won't take very log. You've already given us the password.

    All I see is **********************

  5. Re: Bypassing login password by booting a differen by WaffleMonster · · Score: 4, Informative

    Was having fun with analogy.

    The computer user password is not to protect against local access to the data.

    PSK algorithm is not designed to protect against offline brute force campaigns. Well known property of PSK. It's why people have always had to chose increasingly absurdly long passwords to secure their APs.

    You need to encrypt the files or entire drive like you are planning.

    You need to use a secure authentication protocol like what's included with WPA3 to avoid susceptibility to offline brute force campaigns.

    Only for WPA3 they chose a crappy authentication protocol out of the gate opting for a balanced PAKE when better (augmented) versions are readily available on similar terms.

    Difference between balanced and augmented is a bit like the difference between a password file stored as plaintext or hashed.

    If it's hashed (augmented) and stolen someone needs to crack it before they can login as you. If it's plaintext (balanced) as what was selected for WPA3 they can login as you immediately without cracking it.

    A lifetime ago Cisco released an undocumented authentication protocol for username/password wireless authentication (LEAP) that was quickly revealed in all ways that mattered to essentially be MSCHAPv1.

    At the time of release shortcomings of MSCHAPv1 were well known. Surely someone must have known yet they went ahead and did it anyway. While not nearly as egregious the same theme is being repeated with WPA3. Better algorithms with better properties are readily available yet they elect to go forward with the inferior one anyway.