Re: 80211R (FT) WPA/WPA2 PSK PMKID attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Aug 07, 2018 at 05:47:01PM +0200, Janusz Dziedzic wrote:
> Regarding article:
> https://hashcat.net/forum/thread-7717.html

This has a bit vague description of the attack and some of the terms
used are not really accurate. It seems to describe an alternative way of
initiating a dictionary attack on WPA/WPA2-PSK passphrase using PMKID
instead of the more commonly used EAPOL-Key frames captured from a 4-way
handshake from an authorized station. The PMKID being in the PMKID KDE
(not RSN element) in EAPOL-Key msg 1/4 Key Data field.

This does not describe significant difference to the actual offline
dictionary attack. That said, there is some difference in the number of
needed SHA1 operations since PMKID can be derived in a single HMAC-SHA1
operation from PMK while Key MIC calculation requires first deriving
PTK(KCK) and then Key MIC.

In addition, it is not very clear how common it is for deployed APs to
send out the PMKID in EAPOL-Key msg 1/4. Based on some of the reports,
that is not really the behavior of majority of implementations.

> Does it mean FT-PSK is not secure anymore?

I don't see FT-PSK being discussed here. The "roaming" in the
description seems to be referring to use PMKSA caching, not FT.

Use of weak passphrases with either WPA-PSK or FT-PSK is more or less as
secure (or insecure, as it may be more appropriate to say here) against
dictionary attacks as they are with the use of a valid 4-way handshake
capture to trigger that attack. Use of a properly random passphrase/PSK
makes that dictionary attack impractical due to the computation need.

> Base on article someone with:
> 4 x GeForce GTX 1080
> get PSK in 1 minute?

That is an example based on a very weak passphrase and the attacker
actually knowing the last two characters of it.. In other words, this is
just showing how long it takes to run a dictionary (or maybe even full
brute force) attack against six unknown characters. That is not a good
example to use to estimate how long it would take to recover any unknown
passphrase (minimum eight characters) and certainly not for any properly
random passphrase.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux