0

I don't totally understand how the WPS protocol works but why cannot a user get the hash of the WPS pin from the router and crack it in the same way a WPA2 handshake is cracked? (Not pixiewps but bruteforce 8 number keyspace)

A client does not enter the pin like with WPA2, but doesn't the AP send the hash of the PIN to the client in Ehash-1 and 2?

NULL
  • 503
  • 1
  • 5
  • 13
  • 1
    Who told you WPS with PIN is secure? [Because it isn't](http://www.howtogeek.com/176124/wi-fi-protected-setup-wps-is-insecure-heres-why-you-should-disable-it/) – Philipp Feb 03 '17 at 14:57

1 Answers1

1

The hash of the WPS PIN doesn't leave the router. It is stored on the router.

Client and router perform a Diffie-Hellman key exchange and then use hashes of the PIN and the exchanged keys to prove to each other knowledge of the PIN. The only way to obtain the PIN is to obtain physical access to the router and somehow extract it from its memory.

But that doesn't mean WPS with PIN is secure. Most wifi routers don't rate-limit the amount of PIN entries. WPS pin's are limited to 8 digits of 0-9. That's already weak, but it gets even weaker because the 8th digit is just a checksum calculated from the other 7 and the access point already gives a feedback when the first 4 digits of the pin are correct. That means WPS with PIN can often be brute-forced in about a day.

A more secure variant of WPS is the push-button method where you press a physical button on the router and then have a few minutes to connect new devices. You just need to hope that :

  1. no attacker comes around in that time window and
  2. no attacker gets physical access to your wifi router and
  3. your router actually allows you to deactivate WPS with PIN while still allowing WPS with push-button. Many don't.

Bottom-line: If you want a secure home WiFi network, specifically look for a WiFi router which does not support WPS or at least allows to disable it.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • My router locks out for 12 hours after 3 pin attempts so I should be safe right? Its not vulnerable to the pixiedust attack either. – NULL Feb 03 '17 at 16:48
  • @NULL 6 attacks a day means about 2 years to crack the first 4 digits and then about 3 month to crack the next 3. You should be safe if you change the key every year. This, of course, assumes that the router locks down completely and can't be fooled by trying again with a differently spoofed MAC address. – Philipp Feb 03 '17 at 16:59
  • @NULL actually the forked version of reaver retireves the WPS hash which can then be attempted to crack with pixiewps OFFLINE. However, the noise from reaver was already made. On top of it, reaver needs both a good signal and a clean signal which means as less interference on the channel as possible to even get the hash. – user633551 Feb 04 '17 at 11:47