2

While preparing for the CompTIA Security+ certification, I learned that a problem with the 8-digit WPS PIN is that checking is split into two sets of 4-digits, and also that the last digit is a check digit so it's really one 4-digit number and one 3-digit number that have to be guessed separately by an adversary as described here:

https://www.neowin.net/amp/the-wps-wifi-protected-setup-flaw-explained/

All that has to happen now is the first 4 have to be found first. 4 digits only have a 10,000 possible number combination. Once the first 4 numbers are found, the router proclaims "You"ve found the first four" giving, in essence, a checkpoint at which to save the progress before finding the last 4. So instead of having to guess an 8 digit combination, all that has to be guessed now is two 4 digit combinations and that takes considerably less time.

What I'm struggling to understand is why someone would design such a thing in the first place.

Obvious oversights and visible vulnerabilities aside, are there any possible advantages in the way the WPS PIN was designed that would be worth considering in the future, and if so, what are the advantages and what would be proper safeguards in order to limit the risk?

(In the case of the WPS PIN, we were told more recent devices now limit to a certain number of guesses before accepting any more attempts.)

jia103
  • 121
  • 2
  • 3
    History has shown that often people perform tasks they don't have the necessary skills or education for. – Robert Apr 24 '22 at 20:30
  • 2
    @Robert What a nice way to say that they just have been stupid. :-) – Marcel Apr 25 '22 at 06:06
  • I almost wonder if someone thought it was a good idea based on what was done with NTLM splitting the 14-character password into two separate 7-character halves as described here (https://www.thebitmill.com/articles/nt_password.html). I first recall hearing about this many years ago and how it didn't turn out well. – jia103 Apr 25 '22 at 14:21

0 Answers0