Wireless Security
Re: Fwd: Re: The Skinny On How Not To Write An Article About WPA-PSK Nov 16 2010 01:19PM
Joshua Wright (jwright hasborg com) (1 replies)
Re: The Skinny On How Not To Write An Article About WPA-PSK Nov 16 2010 02:22PM
Grant Moerschel (gm wavegard com)
Josh is right on point and I was not specific enough in my original reply.
It is important to underscore that to decrypt a user A's data, user A's
EAPOL 4-way is needed within the capture. Same for user's B, C, D, etc. To
get an EAPOL you either wait for it to naturally happen or force it with
interference or deauth. Thanks Josh.

gm
--
Grant Moerschel
CISSP, CWNA
WaveGard, Inc.
703.568.5077
--

On 11/16/10 8:19 AM, "Joshua Wright" <jwright (at) hasborg (dot) com [email concealed]> wrote:

>> WPA PSK is per user crypto keys based on SSID + Passphrase + the 4-way
>> handshake each user performs. Therefore each user gets unique keys. So
>>no.
>> --
>> Grant Moerschel
>> CISSP, CWNA
>> WaveGard, Inc.
>> 703.568.5077
>
>Grant's initial statement about WPA/2 PSK using per-user crypto keys is
>correct, but he failed to connect a few important points together.
>
>WPA/2 PSK uses a PSK to derive the Pairwise Master Key (PMK) which
>includes the SSID as part of the derivation function. Each user on the
>network shares the same PSK.
>
>When the user logs into the network, they complete the 4-way handshake,
>exchanging nonces and deriving the Pairwise Transient Key (PTK). The
>PTK breaks down into multiple sub-keys, including the Pairwise Temporal
>Key which is used to encrypt and decrypt data.
>
>If the attacker knows the PSK (or the PMK; knowledge of the PSK is not
>required) and they observe a user logging into into the network, they
>can compute the victim's PTK and decrypt all the victim's traffic. This
>is supported by Wireshark and Aircrack-ng's airdecap-ng, where you can
>specify the PSK or the PMK and the tool will use the 4-way handshake to
>derive the decryption key and decrypt all traffic.
>
>I'm not sure why Grant indicated that unique keys precludes the attack
>Paul described; users do get unique keys, and since the root of the key
>derivation function (the PSK) is known to everyone, the subsequent keys
>hold no value.
>
>-Josh

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus