Wireless Access

Reply
Occasional Contributor II

WPA2 Vulnerability PMKID hashcat

I was reading through a forum thread a about a vulnerability to WPA2 that was found by hashcat while researching WPA3 security.

https://hashcat.net/forum/thread-7717.html

 

On page two of that forum it says there is a Weaponized script for the vulnerability.

https://github.com/stryngs/scripts/tree/master/pmkid2hashcat

 

Are Aruba APs vulnerable?

Are there ways to mitigate these attacks and still use PSK?

Who tests these types of vulnerabilities at Aruba?

 

Thanks,

 Job

 

Re: WPA2 Vulnerability PMKID hashcat


@jobc wrote:

I was reading through a forum thread a about a vulnerability to WPA2 that was found by hashcat while researching WPA3 security.

https://hashcat.net/forum/thread-7717.html

 

On page two of that forum it says there is a Weaponized script for the vulnerability.

https://github.com/stryngs/scripts/tree/master/pmkid2hashcat

 

Are Aruba APs vulnerable?

Are there ways to mitigate these attacks and still use PSK?

Who tests these types of vulnerabilities at Aruba?

 

Thanks,

 Job

 If you are running Aruba APs in the enterprise, you should be using WPA2-Enterprise which is not vulnerable, according to the comments.

 

Likely just WPA2-Personal is vulnerable.


 


Bruce Osborne - Wireless Engineer
ACCP, ACMP

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks

Occasional Contributor II

Re: WPA2 Vulnerability PMKID hashcat

I did not see the post about PSK-Enterprise not being vulnerable thanks for pointing that out.

I understand the best practice of using PSK-Enterprise versus PSK-Personal. There are many shops that do not want to go to the expense of setting up and administering a Radius server.

 

Still, I am interested in notifying engineers at Aruba which would be responible for patching this.

 

Also, it seems prudent to identify any workarounds.

Obviously, setting up PSK-Enterprise is one. Do you have a link to any how to's that streamline this process?

 

Thanks,

 Job

Moderator

Re: WPA2 Vulnerability PMKID hashcat

I will copy here the same thing that I posted on an internal message board:

 

There has been a lot of discussion the past few days about a new way to attack WPA2-PSK networks. See https://hashcat.net/forum/thread-7717.html. We've had a few customers looking for an Aruba response. I'm not sure that we'll write up anything formal on this - there have been a large number of attacks against WPA2-PSK over the years and this isn't fundamentally anything new that changes the security story.

For those who don't want to dig into the details - previously to attack WPA2-PSK you needed to capture a client doing a 4-way handshake, and then you could brute force or dictionary attack the PSK. To capture the 4-way handshake you could either wait for a client to show up, or you could deauth a currently-connected client and watch it reassociate. The new attack makes it possible to do the attack without needing a client to observe, so it makes the attack more efficient.

The fundamental security issue here is the use of a weak PSK. If you have a weak PSK, your network is vulnerable to having an attacker discover the PSK. The new attack doesn't change that. If a customer wants a response from Aruba, our consistent response over the past 15 years has been "Use a strong PSK". Length of the PSK is the most important factor - ideally you should configure a long PSK in hex for the best possible strength. But people don't like long hex PSKs, and like to use something that a human can remember. In that case, use a long sentence/passphrase, with punctuation, spaces, etc. Such a passphrase makes it very unlikely that a PSK cracking attack will work.

I use WPA2-PSK at home. People are welcome to try to crack my key. I am not worried about the security of it.

The ultimate answer to this is WPA3. Aruba (Dan Harkins) created the SAE protocol which eliminates the possibility of doing PSK cracking.

---
Jon Green, ACMX, CISSP
Security Guy
Moderator

Re: WPA2 Vulnerability PMKID hashcat

 wrote:

 

 

Still, I am interested in notifying engineers at Aruba which would be responible for patching this.

 

 


There is no patch.  This is baked into the standards and is just how things work.  The "patch" is to not use a weak PSK...

---
Jon Green, ACMX, CISSP
Security Guy
Moderator

Re: WPA2 Vulnerability PMKID hashcat

It's also worth having a look at https://www.ins1gn1a.com/understanding-wpa-psk-cracking/, to understand the underlying issues here.

---
Jon Green, ACMX, CISSP
Security Guy
Occasional Contributor II

Re: WPA2 Vulnerability PMKID hashcat

Jon, That is the information I was lacking. When you say long can you define that? Usually, I am looking for something that is 15 plus characters. Is that long enough?

 

Thanks,

 Job

Moderator

Re: WPA2 Vulnerability PMKID hashcat

 


@jobc wrote:

Jon, That is the information I was lacking. When you say long can you define that? Usually, I am looking for something that is 15 plus characters. Is that long enough?

 

Thanks,

 Job


I would feel reasonably good with 15 characters personally, especially if it consists of special characters, spaces, etc.  Really, the rules that apply to good passwords also apply to PSKs.  It's hard to give a definite answer here because the technology of password cracking is always advancing (GPU acceleration, cloud-based distributed cracking, rainbow tables, etc.)

 

My own PSK at my house is over 30 characters.  It's an English sentence, so easy to remember.

---
Jon Green, ACMX, CISSP
Security Guy
Contributor II

Re: WPA2 Vulnerability PMKID hashcat

 

Firstly, I would to say that this is hashcat stuff is new to me so I may be (am?) doing this wrong but it appears that unless you are using dictionary based PSK's it would seem that it may take a (very) long time to decrypt an 8 digit PSK if you get hashcat to use all of the alpha numeric and special character options.

Ps I only have access to some older GPU's (2xHD7700 and 1x GTX660) so 3 newer ones would be faster (but I don’t know by how much).

 

Session..........: hashcat
Status...........: Running
Hash.Type........: WPA-PMKID-PBKDF2
Hash.Target......: c1b8f6e1f057e8e25189a8f848ef7568*20a6cd88c802*94652...63726b
Time.Started.....: Thu Aug 09 19:51:03 2018 (13 secs)
Time.Estimated...: Next Big Bang (> 10 years)
Guess.Mask.......: '?a?a?a?a?a?a?a?a' [10]
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:    35342 H/s (71.94ms) @ Accel:64 Loops:32 Thr:1024 Vec:1
Speed.Dev.#2.....:    45742 H/s (55.24ms) @ Accel:128 Loops:32 Thr:256 Vec:1
Speed.Dev.#3.....:    45742 H/s (55.24ms) @ Accel:128 Loops:32 Thr:256 Vec:1
Speed.Dev.#*.....:   126.8 kH/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 983040/6634204312890625 (0.00%)
Rejected.........: 0/983040 (0.00%)
Restore.Point....: 327680/6634204312890625 (0.00%)
Candidates.#1....: 'O_ !!!!!' -> '@-yginer'
Candidates.#2....: 'r0qwoner' -> 'kF+19999'
Candidates.#3....: '(ZDERINE' -> 'ux+19999'

 

If I set hashcat to only bruteforce using number then it is quicker.

 

Numbers only

Session..........: hashcat

Status...........: Running

Hash.Type........: WPA-PMKID-PBKDF2

Hash.Target......: c1b8f6e1f057e8e25189a8f848ef7568*20a6cd88c802*94652...63726b

Time.Started.....: Thu Aug 09 19:58:32 2018 (9 secs)

Time.Estimated...: Thu Aug 09 20:11:44 2018 (13 mins, 3 secs)

Guess.Mask.......: '?d?d?d?d?d?d?d?d' [10]

Guess.Queue......: 1/1 (100.00%)

Speed.Dev.#1.....:    35324 H/s (71.97ms) @ Accel:64 Loops:32 Thr:1024 Vec:1

Speed.Dev.#2.....:    45697 H/s (55.24ms) @ Accel:128 Loops:32 Thr:256 Vec:1

Speed.Dev.#3.....:    45698 H/s (55.24ms) @ Accel:128 Loops:32 Thr:256 Vec:1

Speed.Dev.#*.....:   126.7 kH/s

Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts

Progress.........: 655360/100000000 (0.66%)

Rejected.........: 0/655360 (0.00%)

Restore.Point....: 0/100000000 (0.00%)

Candidates.#1....: '23456789' -> '79561123'

Candidates.#2....: '25580456' -> '71512200'

Candidates.#3....: '21512200' -> '76865434'

 

 Also note that all the examples I found on the web have part of the the psk in the guess mask already.

 

For example;

./hashcat -m 16800 test.16800 -a 3 -w 3 '?l?l?l?l?l?re!123'

 

As I understand it thier mask will randomise the first 6 characters and always append re!123 in their example, so I would expect thier result to be quick.

 

Lastly do home grade routers have 802.11r enabled by default (or even support it).

Occasional Contributor I

Re: WPA2 Vulnerability PMKID hashcat

That's why a long WPA2-PSK goes a long way, i.e. it would take infeasibly long to brute force a long PSK composed of just lowercase letters and digits (26+10=36 chars set). You can even make it harder by using a charsets of upper, lower, digits and some special chars (26+26+10+10?=72 chars set). Depending on the GPU hashrate, hashcat wiki has a nice estimation of the time it takes to brute force such PSK.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: