0

We all know that the client device and WiFi AP will perform the 4 way handshake to generate the session key (PTK). Here is the recap of the 4 way handshake.

1.Client device<-----ANonce-----WiFi AP

2.Client device------SNonce---->WiFi AP

3.Client device<--Install PTK---WiFi AP

4.Client device--------OK------->WiFi AP

I understand why Anonce and Snonce has to share to each other, they need to create a Initialization vector to increase the randomization of the PTK. PTK is actually the session key.

PTK=PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))

My problem is that all those components here can be sniffed by another client device in the same network who share the same PMK(pre-shared key). Mac address of AP is no secret, mac address of another device in the same network can be sniffed too. Anonce and Snonce can be captured, the only problem is to distinguish it is nonce, but anyway it can be done. PMK is shared to all the member.

so all the member in the same network(in the same network means using the same PMK)can calculate the PTK, even PTK is not transmitted in the air.

We all know wpa-psk is vulnerable but it should not be that vulnerable. Even no need to do brutte force!!!!!! I believe i must miss some concept. Hoped someone can help

Alex Tse
  • 3
  • 2
  • Is this related question helpful? [Why crack WEP or WPA/WPA2 PSK when it can be sniffed through monitor mode capture?](/q/84312/129883) – Fire Quacker Aug 06 '20 at 16:52
  • thx, it is related but not point to my question. – Alex Tse Aug 06 '20 at 17:00
  • How do you figure you'd calculate the PTK or anything without brute force? It's unclear what you think the issue is. – multithr3at3d Aug 07 '20 at 03:34
  • thx @multithr3at3d – Alex Tse Aug 07 '20 at 04:19
  • for example we are in same office, and we all have the same pw(PSK)(PMK) to login in to the same SSID(WiFi AP). If i am a hacker, i will sniff to the Anounce(generate by AP) and Snonce(generated by you) package when you try to login to the network. As all wifi signal can be captured in the air, Anounce and Snonce is not encrypted. For Mac address of AP, it is well known as i also need to connect to the AP. The only concern the the Mac address of yours but i believe it is not hard to find it, right? – Alex Tse Aug 07 '20 at 04:29
  • so now the situation is i can capture all the components (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA)) , so i will be able to generate your PTK?? – Alex Tse Aug 07 '20 at 04:30
  • You are correct that MAC addresses are not secret. So are you saying you are worried about the case where the attacker already knows the _PSK_? Or an attacker with no knowledge of the _PSK_? – multithr3at3d Aug 07 '20 at 13:58
  • i am worrying about for example, i and my colleagues are in same office, and we are given the same PMK to access the wifi network. Then they actually are able to sniff my data. Attack doesn't have PSK then it is not my concern, i worry about who share the same PMK/PSK with me. – Alex Tse Aug 07 '20 at 15:03

2 Answers2

0

Security for WPA PSK effectively revolves around the secrecy of the key. Anybody who has the key is allowed to connect to the network, and can also decrypt the traffic in the correct circumstances. As long as the key is strong and not shared with the entire world, it is considered reasonably secure for many use cases.

Even if you couldn't decrypt the wireless traffic passively, being able to connect to the network is even more beneficial for an attacker, since a variety of attacks can be launched from there to accomplish the same and more (albeit more noisily). So it could be said that passive decryption with knowledge of the PSK is not a vulnerability since you already have the keys to the kingdom at that point.

If this issue is unacceptable for your threat model, you can use WPA2/WPA3 enterprise instead, which removes the issue of shared keys entirely.

multithr3at3d
  • 12,355
  • 3
  • 29
  • 42
0

so all the member in the same network(in the same network means using the same PMK)can calculate the PTK, even PTK is not transmitted in the air.

Yes they can. Anyone who knows the Pre-Shared Key/PMK/password can calculate the PTK. But this isn't the threat model WPA is designed to defend against. WPA is meant to prevent an unauthorized person from accessing a network (and its resources) and/or intercepting network communications. If you have the PSK/password, you are supposedly already authorized to connect to the network. To secure communications between two hosts, something like TLS should be used.

We all know wpa-psk is vulnerable but it should not be that vulnerable. Even no need to do brute force!!!!!!

Brute force is used to crack the PSK/password. If you already have it, there is no point in brute-forcing it.

nobody
  • 11,251
  • 1
  • 41
  • 60
  • Er... web is ok, facebook is ok, they all use https.....but what about email? email content always transmitted without encryption... – Alex Tse Aug 07 '20 at 15:05
  • 2
    @AlexTse SMTP, POP3, IMAP all can be used with TLS. Again this is not the job of WPA. WPA is meant to secure the network, not the communications. In any case, Wireless security can only secure communications inside your local network. If your communications are unencrypted, once they leave your local network and enter the internet, they can be sniffed by all the routers they pass through. – nobody Aug 07 '20 at 15:29
  • Client-server email communications have been encrypted for a long long time, and currently [over 90%](https://transparencyreport.google.com/safer-email/overview) of the server-server SMTP is protected by TLS, too. – Esa Jokinen Aug 09 '20 at 05:18