Hashcat Developer Discovers Simpler Way To Crack WPA2 Wireless Passwords (hashcat.net) 150
New submitter Woodmeister shares a report: While looking for ways to attack the new WPA3 security standard, Hashcat developer Jens "Atom" Steube found a simpler way to capture and crack access credentials protecting WPA and WPA2 wireless networks. The attacker needs to capture a single EAPOL frame after requesting it from the access point, extract the PMKID from it by dumping the recieved frame to a file, convert the captured data to a hash format accepted by Hashcat, and run Hashcat to crack it. Once that's done, the attacker has the Pre-Shared Key (PSK), i.e. the password, of the wireless network. Depending on the length and complexity of the password and the power of the cracking rig, that last step could take hours or days. "The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame," Steube explained. This makes the attack much easier to pull off, as the attacker doesn't depend on another user and on being in range of both the user and the access point at the exact moment when the user connects to the wireless network and the handshake takes place.
Use good passwords (Score:5, Insightful)
A good password for wifi, since it doesn't really need to be memorized, is one generated by something like keepass2: 15 characters long random letters numbers and punctuation:
DHDukBDL04Pt2ZT
for example (note that is not a password I use, just one I randomly generated).
Since no-one actually has to type this in more than once per device, it's really not a major problem that you can't memorize it.
Re: (Score:3, Interesting)
Someone's going to need to translate the likely length of a crack. The quote "that last step could take hours or days" isn't all that helpful.
If we have a WPA2 (max) 63 printable ASCII character random password, is the crackable time of this attack still on the order of "a couple of days"?
i.e. can casual users mitigate this attack by just increasing their WPA2 password length? To what size?
Or is this attack some sort of end-around where the size of the WPA2 ascii key doesn't matter. It's not clear to me,
Re: (Score:2, Informative)
Basic combinatorics: (size of character set)^(number of characters in password) is the size of the key space. To span an equivalent key space with just ones and zeros, you need log2(size of key space) bits. There are 95 printable ASCII characters: log2(95^63)=413 bits. The actual key derived from the passphrase is just 128 bits long, so that's overkill. You can max out the key strength with just 22 randomly (!) chosen characters from uppercase+lowercase+numbers. If your password is not completely random (it
Re: (Score:1)
Oh, and the attack is still just brute force. In an offline brute force attack, you need something that tells you if the password you're trying is the/a right one (an "oracle"). The new attack makes it easier to find that thing that you "compare" against while brute forcing the password. It does not give the attacker any information about the password itself.
Re: (Score:2)
I posted this comment on the firehose submission. TL;DR with a good password it's still impractical to crack via brute force, all this does is make dictionary/rainbow table attacks a bit more practical by easing the gathering of the necessary data.
I had a look at this and it's interesting, but I wouldn't say that WPA2 is "cracked".
Previously you had to capture the handshake from a real user and then crack the crypto. The crypto wasn't bad but was vulnerable to dictionary attacks, rainbow tables and the like. But if you used a good key you were, and still are, quite secure.
This new attack means that the attacker doesn't have to wait for an authenticated user to connect any more. It fixes a lot of the problems that made cracking even weak passwords difficult, like the potentially large amount of time needed and the possibility of necessary packets failing to capture due to interference or poor signal. But crucially it doesn't affect the crypto, so you still need to do that very expensive offline attack on the key.
Re:Use good passwords (Score:4, Insightful)
Re: Use good passwords (Score:5, Insightful)
That's what a guest network is for. Enable it when they show up, disable it when they go away.
Re: Use good passwords (Score:5, Funny)
What am I, a network administrator? Who's got time for that
I give them my neighbor's SSID and password, which I've cracked. Problem solved.
Re: (Score:2, Informative)
and use VLANs to ensure the guest network doesn't have access to anything but the internet.
Re: (Score:3)
That's what a guest network is for. Enable it when they show up, disable it when they go away.
Trivially easy to do on some routers, like Apple’s Airport series. Too bad they discontinued them...
Re: (Score:2)
That's what a guest network is for. Enable it when they show up, disable it when they go away.
Trivially easy to do on some routers, like Apple’s Airport series. Too bad they discontinued them...
Or buy a decent router you can upgrade to a third party firmware instead of using the crap from the manufacturer.
Re: (Score:2)
Completely agree about guest networks, but I still despise randomized alphanumeric passwords as a general policy. Comparing passwords using the zxcvbn library via https://www.bennish.net/passwo... [bennish.net], I note that "DHDukBDL04Pt2ZT" is about as secure as "my flemish glassblower costume", but only one of them allows me to go into another room and enter it into a new device.
This password strategy works even better for Germanic languages which can construct a near-infinite amount of nonsensical compound words, whic
Re: Use good passwords (Score:2)
I'm aware of all this; the passwords I actually want/need to remember are all composed of at least 4 words, in at least two different languages. However the vast majority of my passwords (especially the ones I rarely have to type) are random alphanumeric strings stored in an encrypted container.
Why? Because I have upwards of 100 accounts I've signed up for over the years, and I do not reuse passwords. No matter how "easy to remember" I might make them there's no way I'm memorising more than a dozen passw
Just use a pass phrase, already (Score:3)
The password for my home network is a correctly capitalized and punctuated sentence.
Everyone on my network can spell, and knows where the shift key is, even the guests.
Re: (Score:3)
I just used an NFC tag to put the password in. Stuck the tag to a central location in the house and any guest can just tap their phone to the tag.
Re: (Score:2)
Unless they have an iPhone, where the NFC can only be used for Apple Pay and nothing else.
For lowly iPhone users a primitive QR code works, but of course you have to print a new one every time you change your wifi password.
Re: (Score:2)
You clearly never have guests over.
My guests come to visit me for things like dinner and conversation, to watch a movie or play games, they don't come to leach off my internet sitting on the couch tweeting and facebooking.
Re: (Score:2)
Re: (Score:2)
Most routers or APs allow you to have a guest network that's isolated from your personal network (via VLANs typically, but Asus routers seem to bridge the interfaces with the same address space and use ebtables to separate them from interacting). You can use a weaker password for guests. And allow traffic selectively between the subnets if you want (for example, I allow access to my networked printer for guests).
Re: (Score:2)
Why would you limit yourself to 15 characters? Mine is 63 characters of gibberish. Cut/Paste from my phone's KeePass client.
If you must give it to somebody, do it in email with no context. Knowing the password doesn't help when you don't know what network it's for.
Re:Use good passwords (Score:5, Insightful)
A good password for wifi, since it doesn't really need to be memorized, is one generated by something like keepass2: 15 characters long random letters numbers and punctuation:
DHDukBDL04Pt2ZT
for example (note that is not a password I use, just one I randomly generated).
Since no-one actually has to type this in more than once per device, it's really not a major problem that you can't memorize it.
It may not need to be memorized, but it does need to be typed into every Wifi device you own, sometimes through a clunky on screen or "scroll through the letters" LCD interface. So random string passwords are annoying enough that many people avoid them.
Re: (Score:2)
It may not need to be memorized, but it does need to be typed into every Wifi device you own, sometimes through a clunky on screen or "scroll through the letters" LCD interface.
If the device's UI is that bad you have to wonder if their security is any better. Best to keep them off the network, or create a severely restricted second SSID just for them.
Re: (Score:2)
It may not need to be memorized, but it does need to be typed into every Wifi device you own, sometimes through a clunky on screen or "scroll through the letters" LCD interface.
If the device's UI is that bad you have to wonder if their security is any better. Best to keep them off the network, or create a severely restricted second SSID just for them.
My printer has a 16 character LCD display and 5 buttons, that's all it needs, I don't want or need a better UI (and don't feel like paying any extra for it), and I don't see how I can make any assumptions between the quality of the UI and the security of the product.
In any case, all of my non-computer devices do live on their own SSID. Yet I still want that SSID to be secure.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The network was not secure when it first starts.
The network has to communicate about shared keys when first connecting.
That first, initial communication is altered by another computer in the middle.
That will reset further communication and the computer in the middle is then trusted.
That nonce “number used once” is then well in play before any long password.
ie the middle has a trusted way in and has part of what is needed to later be trusted. Th
Re: (Score:2)
I have a password generator that is fairly simple.
I uses the website info, my reserved word and a salt string as input to the sha1sum program. I upper case every alternate letter.
That modified sha1sum output usually does the job. No two sites that I visit gets the same password string.
Re: (Score:2)
No, but it makes it take longer. If you're not the easiest target on the block it will at least stop casual leechers.
Re: (Score:1)
I target all of my neighbors. Any SSID within earshot. Hashcat crunches all of them in the background. It's not much effort.
Re: (Score:1)
Re: (Score:2, Insightful)
I sniff those too. Easy enough to spoof. Sometimes I have to wait for the impersonated device to be offline. Depends on the AP and the device.
Re:Use good passwords (Score:5, Informative)
MAC whitelists do NOTHING for security.
First, anyone who can sniff the wifi traffic can see all the mac addresses.
Second, in Linux you can change your MAC to whatever you want with one command:
Re: Use good passwords (Score:5, Funny)
What i have at home is a faraday cage with the router and a comfy chair inside it.
Re: (Score:3, Insightful)
might as well use ethernet, or tin cans with a string...
R O
Re: Use good passwords (Score:4, Funny)
might as well use ethernet, or tin cans with a string...
That would require multiple dongles if he has a Mac.
Re: (Score:2)
Ahahaha.
I really hope you were being sarcastic.
Re: (Score:3)
Why couldn't I defeat port-knocking by watching for the connection behavior of successful users and then mimicking them? - spoofing MAC address, etc, if necessary.
Re: (Score:2)
That's not the threat that port knocking defends against. If someone can observe connections to your server then port knocking won't help you.
If you have a port accepting incoming connections from the internet it will get hammered. People are scanning all the time, they will find it and throw every protocol and exploit imaginable at it.
Port knocking allows you to simply drop all packets until you see the knock, which makes it look like your host is offline or at least properly firewalled. At the very least
Re: Use good passwords (Score:2)
Re: (Score:2)
Both are stronger than your neighbors'.
Length of the passphrase is most important (Score:2)
The length of a passphrase is most important. Using punctuation or not doesn't make as much difference. That's true of passphrases generally.
For WPA2 specifically, it ends up being turned into a 128-bit key, which is 22 random keyboard characters. You can easily get the same 128 bits by using a few words, especially non-dictionary words such as Greystone or Jamerican.
Re: (Score:2)
Correct, length is the major factor, its good to have some punctuation and special characters, it helps to add years to the brute force with the length, and seeing as its only for a wifi password i doubt anybody is going to point any kind of cracking/mining rig at it for any length of time. I use a self generated 18 character password that is easy for me to remember but to normal people looks completely random. i dont even think i own enough gpu's to brute force it if i gave hashcat half of the password bef
Re:Use good passwords (Score:4, Interesting)
Very few of them, actually.
Moreover, if some attacker is going to use this approach, (s)he is likely not looking for the easiest target on the block, but for the ones worthy of his/her attention because (s)he has specific plans. If someone a worthy target, the attacker just passes by the relevant house or office, collects the data, and patiently cracks it. It doesn't matter if it takes them 1 day or 50. If the target is worth and the crack is computationally feasible, they'll do it and wait as long as needed.
Re: (Score:2)
That suggests a benefit in periodically changing the passphrase then. So they'll have to start cracking it all over again from the beginning.
Re: (Score:1)
Actually it will stop hashcat from cracking the password. This attack is still just a brute force attack, which means you blindly try passwords until you find one that matches. 15 characters randomly chosen from uppercase letters + lowercase letters + numbers + punctuation create an effective key length of log2(26+26+10+10)^15) = 92 bits. That's enough to make finding the key practically impossible. Make it 21 characters long to get 129 bit key strength.
Re: (Score:2)
Password cracking tools have rules to take dictionaries and perform common substitutions like o->0, case toggling, appending of random characters and numbers, concatenating of words etc... They can also try many thousands or even millions of attempts per second depending on the algorithm and available processing power.
A dictionary word with numbers or a couple of random chars appended will not last long.
Bypassing login password by booting a different OS (Score:1)
While looking for ways to encrypt unencrypted data stored on my hard disk I discovered if you forget the password to your computer all files can still be accessed by mounting hard disk on a different system or by booting an alternate operating system from a USB stick.
Stay tuned for full article, naming party and mascot imagery for new vulnerability I just "discovered".
Re: (Score:3, Insightful)
You don't seem to understand this attack at all. It makes it possible to precompute the password to a WPA2-PSK network without having to wait for a valid client to authenticate against the network in the first place.
So you can just walk around an apartment block with your phone asking each AP for the needed packet. Go back home, crack it all offline and come back doing automated attacks on every network. Each visit takes a few minutes each time instead of having to wait for a valid authorized client for eac
Re: Bypassing login password by booting a differen (Score:2)
This breaks WPA2-PSK by making attacks trivial to do
No, it doesn't; it merely makes it more vulnerable for users who aren't following good password guidelines (which, admittedly, is most of them).
WPA2 supports a maximum password length of 64 characters; if your target is using a password of sufficient complexity then the attack is going to be impossible rather than trivial.
Re: (Score:2)
I wonder if taking a two-pronged approach to this would work better. Hashcat plus the same AES-busting technique used to break the password on Julian Assange's Insurance files. First reduce the possible keyspace with the AES busting technique, then Hashcat the remainder.
Re: (Score:2)
You don't seem to understand this attack at all.
I don't care about the distinctions. All irrelevant as far as I'm concerned.
It makes it possible to precompute the password to a WPA2-PSK network without having to wait for a valid client to authenticate against the network in the first place.
So what? Being patient or deauth yields same result. Hurdle to successful compromise has not substantially changed has it? Brute force campaign required in either scenario is substantially more labor intensive.
This breaks WPA2-PSK by making attacks trivial to do.
No more or less trivial than brute force campaign required to crack the password.
Re: (Score:2)
Security at its finest.
Re: (Score:2)
Your sarcasm detector is broken.
Re: Bypassing login password by booting a differen (Score:5, Informative)
Was having fun with analogy.
The computer user password is not to protect against local access to the data.
PSK algorithm is not designed to protect against offline brute force campaigns. Well known property of PSK. It's why people have always had to chose increasingly absurdly long passwords to secure their APs.
You need to encrypt the files or entire drive like you are planning.
You need to use a secure authentication protocol like what's included with WPA3 to avoid susceptibility to offline brute force campaigns.
Only for WPA3 they chose a crappy authentication protocol out of the gate opting for a balanced PAKE when better (augmented) versions are readily available on similar terms.
Difference between balanced and augmented is a bit like the difference between a password file stored as plaintext or hashed.
If it's hashed (augmented) and stolen someone needs to crack it before they can login as you. If it's plaintext (balanced) as what was selected for WPA3 they can login as you immediately without cracking it.
A lifetime ago Cisco released an undocumented authentication protocol for username/password wireless authentication (LEAP) that was quickly revealed in all ways that mattered to essentially be MSCHAPv1.
At the time of release shortcomings of MSCHAPv1 were well known. Surely someone must have known yet they went ahead and did it anyway. While not nearly as egregious the same theme is being repeated with WPA3. Better algorithms with better properties are readily available yet they elect to go forward with the inferior one anyway.
Re: (Score:2)
Surely someone must have known yet they went ahead and did it anyway. While not nearly as egregious the same theme is being repeated with WPA3. Better algorithms with better properties are readily available yet they elect to go forward with the inferior one anyway.
This has been a common theme since wireless encryption has been a thing. I am reminded of a saying: Once is happenstance. Twice is suspicious. Three times is enemy action.
We have achieved the enemy action stage.
May as well put this into WiFi driver (Score:3)
If it is as easy as described, we may as well add the functionality to the WiFi-drivers:
How does this apply to full length keys? (Score:2)
Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B
64 character pseudo random hexadecimal key the max length supported by the standard.
Is that still considered secure or would that only take a few days to crack?
From what I read it looks like it should still be secure enough.
Re:How does this apply to full length keys? (Score:5, Funny)
Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B
It won't take very log. You've already given us the password.
Re:How does this apply to full length keys? (Score:5, Funny)
Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B
It won't take very log. You've already given us the password.
All I see is **********************
Re: (Score:2)
Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B
It won't take very log. You've already given us the password.
All I see is **********************
Take off the VR headset
Re: (Score:2)
That's funny, it looks like hunter2 to me!
Re: (Score:2)
Like: 112364AB5F777752452A57CAC066DE0737DE451E0CC21BE86D01278A6050297B
It won't take very log. You've already given us the password.
No, that’s the combination to his luggage - “Hunter2” is his WPA2 password.
Re: (Score:3)
Re: (Score:2)
I had that problem too using a random 63 character standard password but there are just too many characters that look the same under most fonts.
So I switched to a 64 character hexidecimal password.
Hexidecimal is limited to characters A-F and 0-9
So no o 0 problem anymore as hexidecimal doesn't have "o"s.
An alternative is just using a password generator that avoids using easily mistaken characters.
Re: (Score:1)
RTFA: "Luckily, protecting one’s WPA and WPA2 wireless networks against this attack is as easy as setting a complex, long and random password – and not using the one generated by the router."
Re: How does this apply to full length keys? (Score:2)
It's no different than brute forcing any other 64 bit AES key. Hundreds of years using a single computer.
Re: (Score:2)
Exactly, unless you have thousands of super computers at hand.
Some providers have fixed length passwords by default (8 hex digits, I have seen some with 10 hex digits). Some people use common dictionary words as passwords. Those are trivial to crack.
I have even seen providers using the first 8 hex digits of the mac address as wifi password. :)
Apart from that, you are pretty much safe.
Re: (Score:3)
Exactly, unless you have thousands of super computers at hand.
How important is cracking that password? It's quite easy [amazon.com] to get 10000 cores working in parallel for $80 per core-year.
If you're satisfied with it costing more to crack your password than it would cost for the attacker to just get his own Internet service, a medium-strong password is fine.
Re: (Score:2)
So, what is your point with regards to what I wrote? 10000 cores might or might not qualify as 1 super-computer but this seems irrelevant.
By the way, cores suck at cracking WPA/WPA2 passwords. Hashcat uses GPUs for maximum efficiency.
Re: (Score:1)
What do you think a GPU is made of? Huge fucking arrays of 'cores'
Re: (Score:3)
Exactly! The GP mentioned 10,000 cores like it was a big deal so I assumed that he meant CPU cores.
The smallest Amazon P2 instance has 2500 GPU cores, the biggest has 40,000 GPU cores.
Re-read the GP post and try to fit the price he mentioned with GPU cores offered by Amazon.
https://aws.amazon.com/ec2/ins... [amazon.com] .9$/2500*24*365 = 3.15360
3.15$ by GPU core a year, not 80$ per core a year! So IMHO he meant CPU cores.
Feel free to review my numbers, I did this quickly.
Cheers,
Re: (Score:2)
Pedantic much?
My point was just that anyone these days can grab may thousands of servers to crunch anything parallelizable, and it's not even that expensive. Supercomputers are no longer exotic.
And of course anything that depends on SHA-256 is even easier - you can pick up a box that can do 1 trillion hashes per second for ~$200, thanks to bitcoin.
Re: (Score:2)
Well, be nice with him. Although expectations are low, some people win the lottery so he might find it early, who knows?
Re: (Score:2)
Re: (Score:2)
And you'll be able to capture all of the encrypted (SSH, TLS) traffic?
Re: (Score:2)
Re: (Score:2)
I was thinking of "home" networks, not organizations. One would expect an "enterprise" organization to not be using WPA2/PSK but maybe something a little harder to defeat, but it's probably true that many just use a $50 router they bought "to keep expenses down".
Re: (Score:2)
Why would it cost anything? If an attacker is willing to perform illegal intrusions onto your wifi network, they're not going to balk at compromising someone else's systems to use for password cracking so it wouldn't be the attacker who's paying for those cpu cycles.
Re: (Score:2)
There's still an opportunity cost. Any botnet an attacker may control could be rented out or used to mine altcoin. Or, for a government attacker, there are always competing priorities.
Re: How does this apply to full length keys? (Score:2)
Yes.
Re: (Score:2)
Re: (Score:2)
If I remember correctly, this is not going to work. It isn't like stealing an http session cookie. Again, if I remember correctly, you need to know the wifi password to send valid traffic and/or to negotiate a valid temporary key in order to send valid traffic.
Anybody feels like confirming this?
Re: (Score:2)
I think this would only work for bypassing a MAC address filter.
WPA2 uses a 4 way handshake or something meaning its not possible for a computer to carry on a conversation with the network without knowing the key.
WPA2 isn't just authentication it's also encryption.
It's the diffrence between using a site that uses https only for the login page (only initial authentication secured) and a site that uses https for all pages (fully encrypted).
Re: (Score:2)
yep, yep, yep, well said!
Cheers,
Re: (Score:2)
Yeah, this “discovery” still boils down to brute-forcing an encrypted password.
I’m not worried about my WPA2 network.
Re: (Score:2)
Have fun typing that in using the on-screen keyboard of a cellphone.
Re: (Score:1)
Make a QR-code of the SSID/ (long) password. It's a standard QR field. Print it out and have available for anyone in your house to quickly snap, and you're done.
Of course there's readily available QR software for this on the web. But then using a web QR generator requires one upload their password out in the open to a random third party. I recommended a locally run QR generator.
Re: (Score:2)
It's much easier to type on a cellphone than a 63 character random standard password like: IZvmnyD.GI2HCv*SK!nkB2%JYFLV6y:p%QD;Zz6fS,7PH45pDW7E3PzEXZ=wl5;
Uppercase, lowercase is that an I, l, | or 1? o, O or 0?
Simpler way ... (Score:3)
Run an open wifi (Score:3)
Re: (Score:2)
I used to do this. I am not in a position to do it currently.
I had realtors and police as the main users. I would see them park outside of my house. It felt good to share and nobody abused the privilege. This is how society should be.
As a security oriented person, I had limits and filters in place in case anyone decided to get too "uppity", but nobody ever hit any of those.
Re: (Score:2)
Good Luck (Score:2)
If you can brute force my passphrase via Hashcat, you DESERVE to get access to my network.
Well, the Wi-Fi segment anyway. All my networks are isolated from each other. Wi-Fi traffic isn't allowed to talk with anything on the local network. Not even other clients.
The key you need to brute force:
Thirty two characters long. Upper / lower case, numbers and symbols.
Doing the math tells me I have nothing to worry about from Hashcat any time soon.
It's far more likely folks will resort to means other than brute
Re: (Score:1)
CAT5 has been broken. You need to upgrade to CAT6.
Re: (Score:2)
I'm still using 10BASE5!
Re: (Score:2)
Hey me too! A millennial technician came to my place when I was away to pick up a machine that was attached to the network. It was the machine at the end of the coax. He didn't put the end plug back at the end of the cable thus taking the whole network down then, he left with his machine :)
Re: (Score:2)
Hand in you geek badge when you exit. /.
Confusing 10Base-2 with 10Base-5 is a big offense here on
Re: (Score:2)
Hand in you geek badge yourself buddy!
What makes you think I confused anything???
hint: vampire tap are optional
https://en.wikipedia.org/wiki/... [wikipedia.org]:
As is the case with most other high-speed buses, segments must be terminated at each end. For coaxial-cable-based Ethernet, each end of the cable has a 50 ohm resistor attached. Typically this resistor is built into a male N connector and attached to the end of the cable just past the last device. With termination missing, or if there is a break in the cable, the signal on the bus will be reflected, rather than dissipated when it reached the end. This reflected signal is indistinguishable from a collision, and prevents communication.
Re: (Score:2)
Re: (Score:2)
Lay them on the floor? Dude... you need to use cable stands or your SNR will degrade. Make sure you connect them in the right direction to control the electron flow for maximum sound performance.