back to article Cracking the passwords of some WPA2 Wi-Fi networks just got easier

The folks behind the password-cracking tool Hashcat claim they've found a new way to crack some wireless network passwords in far less time than previously needed. Jens Steube, creator of the open-source software, said the new technique, discovered by accident, would potentially allow someone to get all the information they …

  1. Flakk Silver badge
    Trollface

    "WPA3 will be much harder to attack because of its modern key establishment protocol called Simultaneous Authentication of Equals (SAE).

    Well sure, until someone accidentally figures out how to hack that, too.

    1. Jeffrey Nonken Silver badge

      Nobody is claiming otherwise.

      Meantime, THIS technique won't work against it, and for the moment, it's secure.

  2. FBee

    Nice Model M KB in piccie

    IBM clicky keys rule!

    1. eswan

      Re: Nice Model M KB in piccie

      Looks at pic. Looks at desk.

      Better get your monitor calibrated.

      (Model M F5-F8 are greyish)

      1. Bluto Nash

        Re: Nice Model M KB in piccie

        I've got three - one at home, one at work, one as a spare that I'll never need, since they Just. Don't. Break. Ever. It is indeed the keyboard for those that type for a living, bar none.

        Gotta pop the keycaps off and wash them every year or so, but the mechanism itself has never failed or gotten erratic.

    2. Gene Cash Silver badge

      Re: Nice Model M KB in piccie

      Nope. Not a Model M.

      My Model M doesn't have the two recesses in the very bottom, and it has a ledge above the function keys (toward the camera)

      I have 12 in the bin over here, so I think that makes me the local expert. And NO, I'm NOT sharing.

      1. seven of five

        Re: Nice Model M KB in piccie

        Also the casing is wider.

        With a dozen Model M at your disposal: do you intend to live forever?

      2. Jess--

        Re: Nice Model M KB in piccie

        I only have four here, all with manufacturing stickers from 1988 on.

        one in use and three in case I ever actually manage to wear one out or break it.

        since I've been trying to kill this one for 30 years I suspect someone will be gaining 3 boxed model M keyboards in my will.

        looking at mine a little more closely it's now due for a decent clean...

        this involves popping off all the keys, sticking them in a pair of old football socks and putting them through the washing machine

        1. el_oscuro

          Re: Nice Model M KB in piccie

          Actually a really effective way to clean them is with denture cleaner. Leave your key caps in it overnight and 20 years of grime is just gone. Looks brand new.

        2. Surreal
          Coffee/keyboard

          Re: Nice Model M KB in piccie

          The handy little "phone cleaner" wipes or, if you've still got some socked away, alcohol-soaked tape head cleaning pads work great. No disassembly required!

          (Icon bears a striking similarity to the keyboard before me)

  3. John Brown (no body) Silver badge
    Joke

    works against WPA and WPA2-

    I'm glad I stuck with WEP now :-)

    1. Tomato Krill

      Re: works against WPA and WPA2-

      Pfft.

      Any fule kno that's extra work to setuo, I have mine Open but use MAC address allow list because that's like super duper secure and that...

  4. Palladium

    This probably be like all those uncountable Android security holes

    that somehow never gets any real attacks despite all the fearmongering.

    1. Mike 125

      Re: This probably be like all those uncountable Android security holes

      >>despite all the fearmongering.

      Yea, yea, like "Nooooo noooo, you fools, this is all Project Fear." It's magic: whatever problem gets labelled 'Project Fear', makes the problem disappear, irrespective of the actual evidence. Try it- it really works! Oh, you did.

      Hmmm. I wonder if anyone's applied this technique elsewhere...

      1. Version 1.0 Silver badge
        Pint

        Re: This probably be like all those uncountable Android security holes

        "Project Fear" again would be Project Refear ... now when I was younger (and they were cheaper) I use to love reefers ... these days I've moved to (icon).

        Sure, there are security holes everywhere and I take note of them but I don't let them rule my life. There are only two types of security vulnerabilities, those you know about, and those you don't.

  5. EnviableOne Bronze badge

    Looks like its deja vu all over again.

    WPA2 is broke, we need vendors to push WPA3 updates asap...

    Also wifi-alliance peoples, can we com up with something completley different to switch to after?

    Secure Wireless Access Protocol?

    1. Ugotta B. Kiddingme

      Re: "Secure Wireless Access Protocol?"

      Total Wireless Access Technology

      or, if you prefer

      Consolidated Universal Networking Technology

    2. gc23
      Trollface

      "Looks like its deja vu all over again."

      Deja moo: the feeling you're heard this BS before.

  6. theblackhand

    What has changed...

    My understanding is that this makes the capture of the interesting Wifi packets easier on newer Wifi kit, primarily due to being able to grab EAPOL packets without needing an existing client connected to the AP.

    If you are using any EAP based security with a session lifetime set to a reasonable level (i.e. EAP-TLS or PEAP with <2 hour session lifetime), this introduces no real increase in risk.

    If you are using WPA2 with a pre-shared keys, strongly consider moving to an EAP-based solution if you have servers running 24x7 and security is important.

    If you don't have that option, as long as you have an adequate Wifi password (i.e. 16+ characters, a mixture of numbers and symbols and nothing that appears in any of the common hacking dictionaries) you're still forcing an attacker to go through a brute force crack of a SHA-1 password (i.e. 2^69+ potential combinations).

    Feel free to correct anything I've misunderstood

    1. Sid James

      Re: What has changed...

      Exactly, you still need to brute force the hash of the key. A longer key will take longer to crack.

      Some estimates around the web state it'll take around 8 days for a 10 char key on a relatively powerful machine. That's going to come down quickly in the coming years as CPUs/GPUs get faster.

      1. theblackhand

        Re: What has changed...

        For the key, it will be hashed to a 160-bit value via an HMAC-SHA1 function.

        Pre-computing all possible 8 character passwords (assuming 96 characters possible from A-Z, a-z, 0-9 and 34 commonly used symbols on a standard keyboard - 96^2) requires 9.68 days on a single Nvidia GTX1080 @ ~8.6GH/second. (ref: SHA-1 hashes here https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40)

        The equivalent 10 digit password (96^10) would take 244 years to pre-compute. With distributed cracking, this is doable.

        By the time you get to 12 character passwords, you are likely safe for the next few years and 16 characters would allow for all but the most serious attempts at accessing a low value target and you are more likely to be affected by a weak password hash implementation than the password strength assuming you avoid anything covered by a dictionary attack.

        Note: all password lengths assume SHA-1 hashing as used in WPA2.

    2. Boothy

      Re: What has changed...

      This is one of the reasons I've always used a 63 character wifi key at home, as that was (If I remember correctly) the max number of characters you could use. I based that on the assumption the longer it was, the harder it would be to crack, so I maxed it.

      Pain to put in to a device for the first time, but once done, it's transparent. All my devices, other than mobile ones, are hardwired. i.e. If it has a port, I use it rather than wifi. Also no one else is given direct access to my wifi.

      If I have visitors staying over (like parents), I have a guest wifi AP with a shorter password (still over 12 characters), that only gets switched on when they visit, and off as soon as they've gone.

      1. Anonymous Coward
        Anonymous Coward

        Re: What has changed...

        @Booty The very same here, except the guest WAN is always on as that's my son's W10 laptop uses. It's not allowed on the main LAN.

    3. Roland6 Silver badge

      Re: What has changed...

      >My understanding is that this makes the capture of the interesting Wifi packets easier

      No change here.

      >primarily due to being able to grab EAPOL packets without needing an existing client connected to the AP.

      Err no. If there have been no clients successfully connecting to an AP, the AP will have no stored PMKID's to broadcast. Additionally, as a PMKID is unique to each client, there is no 'broadcast' PMKID for any given WiFi network, hence once again there is nothing for a new AP to broadcast. For this exploit to work, you need a client that has previously connected to the AP wanting to reassociate with that AP. As part of the reassociation process, the client hands over to the AP it's credentials, namely the PMKID it is holding for the AP to examine; it is at this point that you can grab the single packet containing the optional RSN IE field containing the PMKID...

      >If you are using any EAP ... If you are using WPA2

      If you don't have WiFi roaming/reassociation enabled - something that was considered a security risk back in 2007 then your network isn't vulnerable.

      If however you do have roaming enabled and this will be the case if you have enabled 802.11r capabilities things are different, particularly if you are using PSK...

      >If you don't have that option, as long as you have an adequate Wifi password

      The proof of concept uses an effective WiFi PSK of 6 alpha characters (password mask used: '?l?l?l?l?l?lt!' ie. <letter><letter><letter><letter><letter><letter>t! Note the "t!" effectively pads the 6 letters out to satisfy the 8 character minimum length requirement. Opinion is that true 8 character PSKs will take a lot longer to crack, however, to be 'safe' I agree 16 is good and 32 even better. Personally, from having used 32 character PSKs, I would suggest if you are considering using 64 character PSKs that it is probably better to go the whole hog and go to an 802.1x implementation.

  7. Roland6 Silver badge

    Steube explained. "We receive all the data we need in the first EAPOL frame from the AP."

    Are they sure about this?

    "When associating with an access point, the station determines if it has a valid PMK with the target access point by checking if it has a PMKSA that matches the target access point's MAC address. If such PMK does not exist, the station and the access point perform authentication using EAP. If the station determines that it shares a PMK with the target AP, then the station proposes the use of the PMK by including the PMKID in the RSN Information Element of the (Re)Association Request message. "

    Reading through a few of the blogs, this would in part explain why people are having varying levels of success in reproducing the results.

  8. Aodhhan Bronze badge

    Where have you been?

    This isn't a new technique. We've been using it for a while.

    -NSA-

    1. Anonymous Coward
      Anonymous Coward

      Re: Where have you been?

      Not quite, but the Artists formerly known as Tailored Access Operations and Special Collection Service have been using an exploit that's somewhat related for a bit when need be.

      Then again, its of limited use. Most targets worth collecting on aren't using Wi-Fi for anything important unless they're really blindingly stupid and every now and then, some are.

      V/r

      Signals Intelligence Collector

  9. Stuart Halliday

    Just in time for Router manufacturers to claim they can't add WPA3 and you'll need to buy a new Router?

    How convenient.

    1. Eddy Ito Silver badge

      Don't forget the new Wi-Fi card. Hell, might as well go with the whole computer since I'm pretty sure Windows 7 will never support WPA3 and with the lack of serviceability built into laptops today it'll mean replacement or using a USB dongle.

      For the router, I've been meaning to move to an OPNsense anyway.

  10. Howard Hanek
    Happy

    Quick Fix

    Use a MAC table of your devices and that will block all others. A little work but worth it.

    1. Charles 9 Silver badge

      Re: Quick Countermeasure

      Just impersonate one of the whitelisted MACs. Plenty of network devices out there allow you to set a custom MAC.

  11. Claptrap314 Bronze badge

    Huh.

    So my paranoia to use SecureRandom.base64() has just been validated? It was a nasty pain to type in 23 characters on my TV...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019