How compute WPA key?

0

WPA2, the actual encryption standard that secures all modern wifi networks, has been cracked... This challenge has nothing to do with the way that the WPA2 was cracked, however is is about computing the 64-digit hexadecimal key that corresponds to a given WPA-PSK pass-phrase.

A wireless network with WPA-PSK encryption requires a pass-phrase to be entered to get access to the network. Most wireless drivers accept the pass-phrase as a string of at most 63 characters, and internally convert the pass-phrase to a 256-bit key. However, some systems also allow the key to be entered directly in the form of 64 hexadecimal digits. So the challenge is to calculate the 64-digit hexadecimal key that corresponds to a given pass-phrase.

The hexadecimal key is computed from the pass-phrase and the network SSID (an SSID is a unique ID that consists of 32 characters).

Details of the calculation

For WPA-PSK encryption, the binary key is derived from the pass-phrase according to the following formula: Key = PBKDF2(pass-phrase, SSID, 4096, 256)

The function PBKDF2 is a standardized method to derive a key from a pass-phrase. It is specified in RFC2898 with a clear explanation on how to compute it. The function needs an underlying pseudo-random function. In the case of WPA, the underlying function is HMAC-SHA1.

SHA1 is a function that computes a 160-bit hash from an arbitrary amount of input data. It is clearly explained in RFC3174. HMAC is a standardized method to turn a cryptographic hash function into a keyed message authentication function. It is specified in RFC2104.

To summarize, the key derivation process involves iterating a HMAC-SHA1 function 4096 times, and then doing that again to produce more key bits.

Inputs

  • SSID a string of at most 32 characters (e.g. stackexchange)
  • pass-phrase a string of at most 63 characters (e.g. <ra(<@2tAc<$)

Output any reasonable output of the 64 hexadecimal digits

  • e.g. 24343f69e98d3c08236a6db407584227cf2d1222b050e48f0cf25dee6563cd55
  • it is the result of the previous inputs

This is , so please make your program as short as possible!

mdahmoune

Posted 8 years ago

Reputation: 2 605

Question was closed 8 years ago

1Just to double check, is 24343f69e98d3c08236a6db407584227cf2d1222b050e48f0cf25dee6563cd55 the output of the inputs stackexchange and <ra(<@2tAc<$? And are we allowed to output bytes instead of hexadecimal digits? – Okx – 8 years ago

@Okx Yes it is a complete example – mdahmoune – 8 years ago

1Downvoted because output format is too strict. – Okx – 8 years ago

1Can you add a walk-through of how stackexchange and <ra(<@2tAc<$ become 24343f69e98d3c08236a6db407584227cf2d1222b050e48f0cf25dee6563cd55? – Adám – 8 years ago

@Okx is it okay for you for a less restricted output? – mdahmoune – 8 years ago

@mdahmoune Output formats on challenges should generally be flexible, because adding bytes just to conform to the output format is annyoing – Okx – 8 years ago

@Okx I edited the challenge – mdahmoune – 8 years ago

1I like the challenge (from an infosec enthusiast's perspective) but I think it's too restrictive language-wise. Most golflangs just don't have a built-in SHA algorithm, so you'd have to implement that, to be able to create the HMAC function, and only then you'd be able to make a function to solve the challenge, which is both very convoluted and kinda misses the point of codegolfing. – J. Sallé – 8 years ago

@J.Salle how can make the challenge more accessible for other languages? – mdahmoune – 8 years ago

6@J.Salle many golfing langs can't access the internet or read JSON easily, and yet we post [tag:stack-exchange-api] challenges, besides, I think implementing the algorithm is part of the fun, and having a challenge which golfing langs may not win is always refreshing... – Socratic Phoenix – 8 years ago

1I think it's a good challenge, so I'm not downvoting this challenge, but I'm not upvoting it, either. Ideally, challenges should be self-contained with no external links required. While it's very unlikely that the IETF will go away anytime soon, and I don't expect the entire algorithms to be spelled out here, some of the explanation from the RFCs could be migrated over to here to make the challenge even better. – AdmBorkBork – 8 years ago

@AdmBorkBork please feel free to edit the challenge... – mdahmoune – 8 years ago

4@ close voters -- so, what makes this challenge "too broad"? Is it too broad for requiring "too much work" in languages that don't have PBKDF-2 in their standard libraries? I'd personally like to see a submission in such a language (or, maybe, provide one myself) :o – Felix Palmen – 8 years ago

Answers

5

C# (.NET Core) lambda expression, 88 82 81 bytes

Takes input as byte arrays (curried, see comments), returns key as byte array.

p=>s=>new System.Security.Cryptography.Rfc2898DeriveBytes(p,s,4096).GetBytes(32);

Try it online!

Felix Palmen

Posted 8 years ago

Reputation: 3 866

@someone as I/O is relaxed, I have a complete new version operating on byte arrays ... updating. – Felix Palmen – 8 years ago

2You could just do System.Security.Cryptography.Rfc2898DeriveBytes and save on the using-statement. – Emigna – 8 years ago

82 bytes. – Ian H. – 8 years ago

@Emigna thanks, that was kind of silly ;) – Felix Palmen – 8 years ago

Use currying to save one more byte (Func<byte[],Func<byte[],byte[]>> f = p=>s=>...; call as f(p)(s)). – my pronoun is monicareinstate – 8 years ago

@someone is there some reference about the scoring rules for lambda expressions? I know currying and will happily use it, but think it's a bit silly to spend a lot more bytes for the type information -- is this information definitely not to be scored? – Felix Palmen – 8 years ago

I didn't yet see anyone complaining about currying, so it should be okay. – my pronoun is monicareinstate – 8 years ago

currying is used and referenced in the tips section:https://codegolf.stackexchange.com/a/85053/15214 (btw I use your answer as example)

– aloisdg moving to codidact.com – 8 years ago

4

Java, 192 88 + 36 = 124 bytes

36 bytes for import de.rtner.security.auth.spi.*;

a is the SSID taken as a byte array, b is the password taken as a string. Outputs byte array. Requires PBKDF2.

a->b->new PBKDF2Engine(new PBKDF2Parameters("HmacSHA1","UTF-8",a,4096)).deriveKey(b,32);

Old answer:

Takes SSID as char array and password as byte array. Outputs byte array.

a->b->{try{return javax.crypto.SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new javax.crypto.spec.PBEKeySpec(a,b,4096,256)).getEncoded();}catch(Exception e){return null;}}

Try it online!

Okx

Posted 8 years ago

Reputation: 15 025

Why do you need to catch the exception? – my pronoun is monicareinstate – 8 years ago

@someone SecretKeyFactory#getInstance throws NoSuchAlgorithmException – Okx – 8 years ago

Does java require a try-catch for everything that throws exceptions? – my pronoun is monicareinstate – 8 years ago

@someone Yes, If it's declared in the method. Not always though, for example you can get a NullPointerException if you do something like String s = null; s.isEmpty(); (which will throw a NPE) which doesn't need to be caught (but still can be), as in the String#isEmpty method declaration, it doesn't say it throws NullPointerException. – Okx – 8 years ago

Asked: 8 years ago

Viewed: 301 times

Active: 8 years ago