Exposing WPA2 Paper
A new paper(1) discussing vulnerabilities on WPA2-PSK was released recently and many people have been interested in it, but have not gained access. By using a library, yes they still exist and are still useful, I was able to get access to the paper.
WPA2-PSK has a key length between 8 to 63 ASCII characters. They collected WPA2 handshakes using Aireplay deauthentication attack. Their method uses pre generated dictionary of 666,696 entries and Aircrack to bruteforce the password in their test. They wrote a program that would generate a dictionary of all possible 95 ASCII characters for the entire PSK key space. They also discuss ways to prevent this type of attack.
While the methodology is sound and I applaud anyone that publishes papers, but didnâ??t uncover a new flaw. WPA2 Rainbow tables(2) have been around for a while and you gain a huge speed advantages in this case. Pure brute forcing the entire ASCII passwords can be done without a pre generated dictionary and they didnâ??t discuss any speed trade-off by doing this. I would love to see a follow-up with comparisons.
Check with your library and see if they have it, or if they can do a interlibrary loan. What do you think of the paper?
Â
1. Tsitroulis, Achilleas, Dimitris Lampoudis, and Emmanuel Tsekleves. "Exposing WPA2 security protocol vulnerabilities." International Journal of Information and Computer Security 6.1 (2014): 93-107.
Â
--
Tom Webb
Comments
Let's see, you generate a random 63
character string to use for the
WPA2 share secret. That's 95^63
possible combinations or 10^124
possibilities. Would take the
NSA a few centuries to crack.
So what?
If you pick a stupid password you
get hacked. So what? You deserve
it.
Anonymous
May 3rd 2014
1 decade ago
"Although the time taken to break into a system rises with longer and longer passwords. However, it is the de-authentication step in the wireless setup that represents a much more accessible entry point for an intruder with the appropriate hacking tools. As part of their purported security protocols routers using WPA2 must reconnect and re-authenticate devices periodically and share a new key each time. The team points out that the de-authentication step essentially leaves a backdoor unlocked albeit temporarily. Temporarily is long enough for a fast-wireless scanner and a determined intruder."
Anonymous
May 3rd 2014
1 decade ago