23

Can someone explain to me in what consists the Four-way Handshake in WPA-Personal (WPA with Pre-Shared Key), which informations are being sent between AP and client, how is it possible to find the AP Pre-Shared Key from these informations after we capture the Four-way Handshake.

Iszi
  • 26,997
  • 18
  • 98
  • 163
Leo92
  • 399
  • 1
  • 3
  • 6
  • You used the [tag:passwords] tag, is that because you wanted information specific to WPA-Personal (aka WPA-PSK)? – curiousguy Jul 28 '12 at 16:05
  • yes , I want to know how password is securely transfered between ap and station – Leo92 Jul 28 '12 at 17:52
  • So, your question is only about WPA-Personal (WPA-PSK), **not** WAP-Enterprise? – curiousguy Jul 29 '12 at 00:24
  • 1
    well I dont know exactly , I just want to know how to its wpa authentication work , so maybe both of them if its possible ? – Leo92 Jul 29 '12 at 18:11
  • For anyone looking, the answer on this question seems a bit more accurate: https://security.stackexchange.com/q/66008 The answers here make it sound difficult to retrieve the key, but the difficulty actually depends on the length/complexity of the PSK and can be trivial if it is weak. – multithr3at3d May 25 '20 at 14:16

3 Answers3

26

This book is a very good resource on wireless security. This section explains the details of the four-way handshake, but you really need to read the whole chapter to understand it.

Both WPA2-PSK and WPA2-EAP result in a Pairwise Master Key (PMK) known to both the supplicant (client) and the authenticator (AP). (In PSK the PMK is derived directly from the password, whereas in EAP it is a result of the authentication process.) The four-way WPA2 handshake essentially makes the supplicant and authenticator prove to each other that they both know the PMK, and creates the temporal keys used to actually secure network data.

Capturing the four-way handshake will not divulge the PMK or PSK (since capturing the handshake is trivial over wireless this would be a major vulnerability). The PMK isn't even sent during the handshake, instead it is used to calculate a Message Integrity Check (MIC). You basically need to perform a dictionary or bruteforce attack on the handshake until you find a password which results in the same MIC as in the packets.

mgorven
  • 596
  • 5
  • 11
  • So, just to be sure: "You basically need to perform a dictionary or bruteforce attack on the handshake until you find a password which results in the same MIC as in the packets." means that it only works for WPA2-PSK and not WPA2-EAP ? – Shuzheng Jan 19 '16 at 11:39
9

The four way handshake is actually very simple, but clever:

  1. The AP sends a value to the Client. (This is not protected in any way).
  2. The client generates a key and sends back its own random value and as code to verify that value using the value that the AP sent.
  3. The AP generates a key and if needed sends back a group key and another verification code.
  4. The Client sends back a message to confirm everything is okay.

It is actually really hard to crack the key using this method, it would take roughly 4 million years to break the key using brute force. If you still want to try I have attached a guide linking directly to the crack page, this guide also details how to find the handshake packets.

http://www.smallnetbuilder.com/wireless/wireless-howto/30278-how-to-crack-wpa--wpa2?start=4

deltaray
  • 143
  • 5
Con
  • 199
  • 1
  • I dont get it, in which part the password is being sent ? – Leo92 Jul 28 '12 at 15:29
  • 1
    Ahh, I did not realize you were talking about Pre-Shared Keys. As the name implies the key is pre-shared and entered, it is never actually sent across the network, traffic is just encrypted with the key before being sent to and from the Access Point. – Con Jul 28 '12 at 16:32
  • maybe i am confused about four way handshake , I just want to know how to authenticate to the ap ? if password is never sent , how its possible to get the password from the captured handshake brute forcing it or using similar ways ? – Leo92 Jul 28 '12 at 17:56
  • You can get an individual key from the handshake and a lot of complex computer work, but the only reason really to do that is to snoop on communications. If you just want to authenticate this guides maybe more for you http://www.aircrack-ng.org/doku.php?id=cracking_wpa – Con Jul 28 '12 at 18:26
  • FYI KRACK attack. https://www.krackattacks.com/ – Shankar Narayana Damodaran Jan 02 '18 at 06:06
7

what you normally configure on the UI is called a passphrase. The 256 bit Master key (PMK) is generated using a combination of passphrase and the SSID (the network name that u connect to). However this PMK is not exchanged during the handshake (well, both parties have that already). What is exchanged are a couple of Nonce values (random numbers). AP sends A-Nonce in message1. Station sends S-Nonce in message 2.

The session key is generated using a combination of things: The 2 Nonces + PMK + and Mac address.

From sniffer traces u can gather Macs, the SSID and the Nonces but not the PMK.

If you want to break that u ll need to break the encryption cipher that is used underneath (AES/RC4).

Good luck with that! and let me know if you manage it.

However if you already have the passphrase then there are tools that can give you the decrypted version of the packet capture. Wireshark or Omnipeek already have the provision for this (newer versions, just update).