Hacker News new | past | comments | ask | show | jobs | submit login

It's unfair to say that there is no salting. The PMK is derived from the WiFi network name (SSID) as well as the password [1]. The SSID acts as a salt here. Not perfect as SSIDs are often not unique, but it's certainly better than no salting at all.

[1]: https://www.ins1gn1a.com/understanding-wpa-psk-cracking/




So stupid they don’t use the MAC as the salt.


I said "IF" there's no salting. In any case, I'd be less concerned about SSID's not being unique as I am about the fact that the SSID of a specific target is trivial to obtain and almost never changed.


> I'd be less concerned about SSID's not being unique as I am about the fact that the SSID of a specific target is trivial to obtain and almost never changed.

Salts don't need to be secret, only unique. In fact, in this case the unauthenticated client needs to be able to compute the PMK from the password alone, so you can't keep it on the AP.


This is why we have rainbow tables.


Rainbow tables don't work here because the password is salted.


A salt can't do it's job when it's reused.

There are WPA rainbow tables for common ssid's available online.

If your ssid is "Linksys" it takes only moments to look up a weak password.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: