WPA-2 Hash Cracking
[Back] WPA-2 produces a hash value as part of the four-way handshake. The password can thus be cracked using a dictionary attack:
Within WPA-2 we aim to create an initial pairing between the client and the access point, and then to identify them without giving away the password which has been used. In the initial authentication we the client will either use pre-shared key (PSK), or use an EAP exchange through 802.1X (EAPOL). The EAPOL exchange requires the usage of an authentication server. After this phase a shared secret key is created, and is known as the Pairwise Master Key (PMK). This uses PBKDF2-SHA1 as a hashing method, as the PBKDF2 part makes difficult to crack the hash (as there are a number of rounds used to slow down the hashing process). Within PSK, the PSK is defined with the PMK, but within EAPOL, the PMK is derived from EAP parameters. Generally EAPOL is more difficult to crack than using PSK. The PMK is generated from the PSK with:
PMK = PBKDF2(HMAC−SHA1, PSK, SSID, 4096, 256)
and where we use the SHA1 hashing function with HMAC as the message authentication code. In this case the PMK is generated from 4096 iterations of the hashing method and creates a 256-bit PMK. A simple Python script to generate the PMK is:
from pbkdf2 import PBKDF2 ssid = 'home' phrase = 'qwerty123' print "SSID: "+ssid print "Pass phrase: "+phrase print "Pairwise Master Key: " + PBKDF2(phrase, ssid, 4096).read(32).encode("hex"))
and a sample run is:
SSID: home Pass phrase: qwerty123 Pairwise Master Key: bbaf585c301dc4d4024523535f42baf04630f852e2b01979ec0401edcdf 0e9c8
Within WPA-2 we get the four-way handshake process, and which is illustrated in Figure 1. It is designed so that the access point and wireless client can prove that they know each other by showing that the know the PSK/PMK, without ever releasing the key. They must the encrypt messages to each other, and if they can decrypt them, then they have successfully authenticated each other. In this way we can protect against a malious spoof access point which is broadcasting the valid looking SSID.
Overall the PMK will last for the complete authenticaiton of the devices, and should be used sparenly. Thus the four-way handshake uses a derive key known as the Pairwise Transient Key (PTK), and which is generated from the PMK, a client nouce (ANounce), an access point nouce (SNouce), and the MAC addresses of the client and the access point (AP). These are then put into a pseudo random function, and generate a GTK (Group Temporal Key). The GTK is then used to decrypt multicast and broadcast traffic.
The details of the handshake are thus:
- AP sends a nonce to the STA (ANonce). The client creates the PTK.
- Client nonce (SNonce) to AP and a Message Integrity Code (MIC), and which includes the authentication.
- The AP creates PTK and sends the GTK, along with a sequence number together and an MIC.
- The client sends a confirmation to the AP.
The following shows a demo of the cracking of the four-way handshake: