Cracking the passwords of some WPA2 Wi-Fi networks just got easier The folks behind the password-cracking tool Hashcat claim they've found a new way to crack some wireless network passwords in far less time than previously needed. Jens Steube, creator of the open-source software, said the new technique, discovered by accident, would potentially allow someone to get all the information they …
I've got three - one at home, one at work, one as a spare that I'll never need, since they Just. Don't. Break. Ever. It is indeed the keyboard for those that type for a living, bar none.
Gotta pop the keycaps off and wash them every year or so, but the mechanism itself has never failed or gotten erratic.
I only have four here, all with manufacturing stickers from 1988 on.
one in use and three in case I ever actually manage to wear one out or break it.
since I've been trying to kill this one for 30 years I suspect someone will be gaining 3 boxed model M keyboards in my will.
looking at mine a little more closely it's now due for a decent clean...
this involves popping off all the keys, sticking them in a pair of old football socks and putting them through the washing machine
>>despite all the fearmongering.
Yea, yea, like "Nooooo noooo, you fools, this is all Project Fear." It's magic: whatever problem gets labelled 'Project Fear', makes the problem disappear, irrespective of the actual evidence. Try it- it really works! Oh, you did.
Hmmm. I wonder if anyone's applied this technique elsewhere...
"Project Fear" again would be Project Refear ... now when I was younger (and they were cheaper) I use to love reefers ... these days I've moved to (icon).
Sure, there are security holes everywhere and I take note of them but I don't let them rule my life. There are only two types of security vulnerabilities, those you know about, and those you don't.
My understanding is that this makes the capture of the interesting Wifi packets easier on newer Wifi kit, primarily due to being able to grab EAPOL packets without needing an existing client connected to the AP.
If you are using any EAP based security with a session lifetime set to a reasonable level (i.e. EAP-TLS or PEAP with <2 hour session lifetime), this introduces no real increase in risk.
If you are using WPA2 with a pre-shared keys, strongly consider moving to an EAP-based solution if you have servers running 24x7 and security is important.
If you don't have that option, as long as you have an adequate Wifi password (i.e. 16+ characters, a mixture of numbers and symbols and nothing that appears in any of the common hacking dictionaries) you're still forcing an attacker to go through a brute force crack of a SHA-1 password (i.e. 2^69+ potential combinations).
Feel free to correct anything I've misunderstood
Exactly, you still need to brute force the hash of the key. A longer key will take longer to crack.
Some estimates around the web state it'll take around 8 days for a 10 char key on a relatively powerful machine. That's going to come down quickly in the coming years as CPUs/GPUs get faster.
For the key, it will be hashed to a 160-bit value via an HMAC-SHA1 function.
Pre-computing all possible 8 character passwords (assuming 96 characters possible from A-Z, a-z, 0-9 and 34 commonly used symbols on a standard keyboard - 96^2) requires 9.68 days on a single Nvidia GTX1080 @ ~8.6GH/second. (ref: SHA-1 hashes here https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40)
The equivalent 10 digit password (96^10) would take 244 years to pre-compute. With distributed cracking, this is doable.
By the time you get to 12 character passwords, you are likely safe for the next few years and 16 characters would allow for all but the most serious attempts at accessing a low value target and you are more likely to be affected by a weak password hash implementation than the password strength assuming you avoid anything covered by a dictionary attack.
Note: all password lengths assume SHA-1 hashing as used in WPA2.
This is one of the reasons I've always used a 63 character wifi key at home, as that was (If I remember correctly) the max number of characters you could use. I based that on the assumption the longer it was, the harder it would be to crack, so I maxed it.
Pain to put in to a device for the first time, but once done, it's transparent. All my devices, other than mobile ones, are hardwired. i.e. If it has a port, I use it rather than wifi. Also no one else is given direct access to my wifi.
If I have visitors staying over (like parents), I have a guest wifi AP with a shorter password (still over 12 characters), that only gets switched on when they visit, and off as soon as they've gone.
>My understanding is that this makes the capture of the interesting Wifi packets easier
No change here.
>primarily due to being able to grab EAPOL packets without needing an existing client connected to the AP.
Err no. If there have been no clients successfully connecting to an AP, the AP will have no stored PMKID's to broadcast. Additionally, as a PMKID is unique to each client, there is no 'broadcast' PMKID for any given WiFi network, hence once again there is nothing for a new AP to broadcast. For this exploit to work, you need a client that has previously connected to the AP wanting to reassociate with that AP. As part of the reassociation process, the client hands over to the AP it's credentials, namely the PMKID it is holding for the AP to examine; it is at this point that you can grab the single packet containing the optional RSN IE field containing the PMKID...
>If you are using any EAP ... If you are using WPA2
If you don't have WiFi roaming/reassociation enabled - something that was considered a security risk back in 2007 then your network isn't vulnerable.
If however you do have roaming enabled and this will be the case if you have enabled 802.11r capabilities things are different, particularly if you are using PSK...
>If you don't have that option, as long as you have an adequate Wifi password
The proof of concept uses an effective WiFi PSK of 6 alpha characters (password mask used: '?l?l?l?l?l?lt!' ie. <letter><letter><letter><letter><letter><letter>t! Note the "t!" effectively pads the 6 letters out to satisfy the 8 character minimum length requirement. Opinion is that true 8 character PSKs will take a lot longer to crack, however, to be 'safe' I agree 16 is good and 32 even better. Personally, from having used 32 character PSKs, I would suggest if you are considering using 64 character PSKs that it is probably better to go the whole hog and go to an 802.1x implementation.
Are they sure about this?
"When associating with an access point, the station determines if it has a valid PMK with the target access point by checking if it has a PMKSA that matches the target access point's MAC address. If such PMK does not exist, the station and the access point perform authentication using EAP. If the station determines that it shares a PMK with the target AP, then the station proposes the use of the PMK by including the PMKID in the RSN Information Element of the (Re)Association Request message. "
Reading through a few of the blogs, this would in part explain why people are having varying levels of success in reproducing the results.
Not quite, but the Artists formerly known as Tailored Access Operations and Special Collection Service have been using an exploit that's somewhat related for a bit when need be.
Then again, its of limited use. Most targets worth collecting on aren't using Wi-Fi for anything important unless they're really blindingly stupid and every now and then, some are.
V/r
Signals Intelligence Collector
Don't forget the new Wi-Fi card. Hell, might as well go with the whole computer since I'm pretty sure Windows 7 will never support WPA3 and with the lack of serviceability built into laptops today it'll mean replacement or using a USB dongle.
For the router, I've been meaning to move to an OPNsense anyway.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
