Hacker News new | past | comments | ask | show | jobs | submit login

Yes it can find passwords. First it kicks someone off the network by pretending to be the router, then when the person tries to reconnect it sees the handshake information and password.



So WiFi authentication is trivially crackable? What should I do to protect my network?


Use enterprise authentication with PKI instead of PSK (you'll have to give each device a certificate)

Everything else is trivial to compromise if a sufficiently motivated person wants to access it.


A shared passphrase with sufficient entropy is not trivial to compromise [1]

My WiFi router was programmed with a 55 bit key in the factory. (Represented as a 11 letter alphanumeric word).

[1]: https://hashcat.net/wiki/doku.php?id=combination_count_formu...


It is with the strategy used by this device.

You don't need to bruteforce the password if another device tells you what it is.

Read the article if you don't believe it.


The article is about collecting WPA handshakes.

WPA handshakes do not tell you the network password.

You use e.g. hashcat to brute force the network password using a stored handshake.


No, it's not.

As a previous comment had pointed out before as well:

You wait for handshakes, fake a deauth packet of the handshaking client, spoof an access point with the same SID and wait for the deauth'd client to try a reconnect.

Voila, cleartext PSK without any bruteforcing.

And it's not solveable either. You can't use fingerprinting as this would make mesh lans and quick access point failover impossible.


> spoof an access point with the same SID

Pwnagotchi does not do this, despite your errant assertions. E.g. source code: https://github.com/evilsocket/pwnagotchi/blob/64e677f5df8f9b...

> Voila, cleartext PSK without any bruteforcing.

Pretending to be an access point and going through a handshake doesn't let you retrieve the pre-shared key. (Unless the client is vulnerable to downgrade attacks-- which hasn't been a big consideration in more than a decade). Evil twin attacks are powerful but don't achieve what you say.

The station sends to the access point a message authentication code based on nonces and the pairwise master key, which in turn is based on the "network password". It's produced using a series of HMACs and isn't an operation that can be inverted without brute force.

https://en.wikipedia.org/wiki/IEEE_802.11i-2004#/media/File:...



Isn't that link telling people how to crack a password?

What can we glean about how to secure a password?


WPA2 cracking is usually done with rainbow tables generated based on some dictionary and its mutations, basically don't have a dictionary password and you should be secure from /most/ attackers.


Your passsword should be made up of dictionary words though. If you do the math an 8 word sentence from the 10k most common words (just lowercase) is equivalent to a 16 character password from a full set of 100 characters and far easier to remember. Use some exotic words and punctuation and have a few random special characters in there and it is far far superior. WPA2 has a minimum of 8 characters and would take the same time to check every character as it would to check all combos of 4 lowercase words from the 10k most common set.


WiFi passwords aren't typed in frequently and can trivially be written down on the home router itself, CorrectHorseBatteryStaple has lower entropy than a random one of a bit smaller length.


Wifi passwords are typed all the time if you have any friends that come over. And typing randomly generated special characters on a mobile device is especially awful.


No, they aren't if you create a nice QR code for people to scan.


You should have your friends on a guest network instead, have this on a DMZ, and tell them to use a VPN over such guest network.


Rainbow tables aren't really applicable to WPA2 due to the way offline cracking is done.

You would have to pre-generate them for each possible SSID. You're much better off using a small targeted dictionary with rules.


You are absolutely correct, it's usually indeed dictionary-based but there are rainbow tables as well http://www.renderlab.net/projects/WPA-tables/


As much as a tutorial on how leaving your front door open lets burglars in your house.


It does NOT see plaintext password [0].

A sufficiently high entropy password will keep you secure against this attack.

0. https://security.stackexchange.com/questions/66008/how-exact...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: