Wireless Security
Re: Fwd: Re: The Skinny On How Not To Write An Article About WPA-PSK Nov 16 2010 01:19PM
Joshua Wright (jwright hasborg com)
> WPA PSK is per user crypto keys based on SSID + Passphrase + the 4-way
> handshake each user performs. Therefore each user gets unique keys. So no.
> --
> Grant Moerschel
> WaveGard, Inc.
> 703.568.5077

Grant's initial statement about WPA/2 PSK using per-user crypto keys is
correct, but he failed to connect a few important points together.

WPA/2 PSK uses a PSK to derive the Pairwise Master Key (PMK) which
includes the SSID as part of the derivation function. Each user on the
network shares the same PSK.

When the user logs into the network, they complete the 4-way handshake,
exchanging nonces and deriving the Pairwise Transient Key (PTK). The
PTK breaks down into multiple sub-keys, including the Pairwise Temporal
Key which is used to encrypt and decrypt data.

If the attacker knows the PSK (or the PMK; knowledge of the PSK is not
required) and they observe a user logging into into the network, they
can compute the victim's PTK and decrypt all the victim's traffic. This
is supported by Wireshark and Aircrack-ng's airdecap-ng, where you can
specify the PSK or the PMK and the tool will use the 4-way handshake to
derive the decryption key and decrypt all traffic.

I'm not sure why Grant indicated that unique keys precludes the attack
Paul described; users do get unique keys, and since the root of the key
derivation function (the PSK) is known to everyone, the subsequent keys
hold no value.


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus