Hacker News new | past | comments | ask | show | jobs | submit login

The article is about collecting WPA handshakes.

WPA handshakes do not tell you the network password.

You use e.g. hashcat to brute force the network password using a stored handshake.




No, it's not.

As a previous comment had pointed out before as well:

You wait for handshakes, fake a deauth packet of the handshaking client, spoof an access point with the same SID and wait for the deauth'd client to try a reconnect.

Voila, cleartext PSK without any bruteforcing.

And it's not solveable either. You can't use fingerprinting as this would make mesh lans and quick access point failover impossible.


> spoof an access point with the same SID

Pwnagotchi does not do this, despite your errant assertions. E.g. source code: https://github.com/evilsocket/pwnagotchi/blob/64e677f5df8f9b...

> Voila, cleartext PSK without any bruteforcing.

Pretending to be an access point and going through a handshake doesn't let you retrieve the pre-shared key. (Unless the client is vulnerable to downgrade attacks-- which hasn't been a big consideration in more than a decade). Evil twin attacks are powerful but don't achieve what you say.

The station sends to the access point a message authentication code based on nonces and the pairwise master key, which in turn is based on the "network password". It's produced using a series of HMACs and isn't an operation that can be inverted without brute force.

https://en.wikipedia.org/wiki/IEEE_802.11i-2004#/media/File:...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: