Questions tagged [wpa2-psk]

80 questions
46
votes
2 answers

WPA2 ephemeral key derivation

I'm trying to learn how ephemeral keys in WPA2 4-way handshake are derived. Starting from 4 EAPOL packets sniffing, I successfully derived PMK and PTK reading ANonce, SNonce, and knowing ASCII-PSK and the SSID. From PTK I derived, by splitting it,…
spazio dati
  • 561
  • 3
  • 4
42
votes
7 answers

Why is HTTP data sent in clear text over password-protected Wifi?

In my home I have a router protected with WPA2-PSK (WPA2 Personal), using the passphrase. When I try to log in to a page over the Internet (this page does not use HTTPS to log me in), all my data is sent in clear text (since I can see the password I…
darias
  • 407
  • 1
  • 5
  • 8
33
votes
3 answers

How safe are Wi-Fi Hotspots? Because WPA 2 is compromised, is there any other security protocol for Wi-Fi?

WPA 2 can be cracked using Aircrack-ng in Kali Linux. Is there any other security protocol for Wi-Fi which is not compromised?
RaJ
  • 525
  • 1
  • 4
  • 8
26
votes
2 answers

What are the difference between WPA2-PSK and WPA2-EAP-PSK?

What are the differences between WPA2-PSK and WPA2 EAP-PSK? What are the pros and cons of using one configuration or the other?
boos
  • 1,066
  • 2
  • 10
  • 21
15
votes
2 answers

How does WPA2-PSK prevent evil twin password phishing?

Let's say we have a WPA2-PSK secured AP and there are several clients like smartphones and notebooks that automatically connect to it. Now if someone was to create another AP that looked completely the same from the outside (same channel, same…
Forivin
  • 979
  • 1
  • 11
  • 17
12
votes
3 answers

If WPA2-PSK is insecure, what other options do home users have?

from what I'm reading online it seems that one can land attacks and successfully crack a WPA2-PSK wifi network, is that true and if it is, how home users can secure their networks? I seen an application on android that can reveal the wifi password…
mohas
  • 223
  • 2
  • 6
11
votes
9 answers

Wifi penetration testing: Why aireplay-ng de-authentication does not work?

I am trying to pentest the security of the password of my wireless network. It is a WPA2 with pre-shared-keys. My current computer is connected to the wifi router and I try to de-auth my own machine. Steps 1) I created a monitoring interface: sudo…
Jon
  • 513
  • 1
  • 4
  • 11
8
votes
1 answer

Get WPA-Passphrase from HEX key and SSID?

Using this as an example for WPA key calculation (link): Network SSID: linksys54gh WPA passphrase: radiustest Hexadecimal key: 9e9988bde2cba74395c0289ffda07bc41ffa889a3309237a2240c934bcdc7ddb I get a hexadecimal key. I would like to know if…
PeeS
  • 215
  • 1
  • 2
  • 8
8
votes
3 answers

Extract WPA PSK from airodump-ng output file

How can I get the PSK hash in plain text from a airodumnp-ng .cap file ? Example : Hash : af8cfcf3c66d6e279d3fcb43e78569e872446e24f5f190350637fa174d9ece63 I understand aircrack-ng -J file.hccap file2.cap generates the .hccap ( format hashcat…
Zodiac
  • 105
  • 2
  • 8
7
votes
2 answers

Does a WPA2-PSK authentication only succeed if both parties know the pre-shared key?

Normally people think of WiFi authentication as the client proving to the AP that it knows the pre-shared key. But does the AP also prove to the client that it knows the pre-shared key? Is it fundamentally impossible for a connection to be…
RomanSt
  • 1,180
  • 9
  • 25
7
votes
1 answer

Why crack WEP or WPA/WPA2 PSK when it can be sniffed through monitor mode capture?

I am pretty new to the domain of wireless security and am trying to understand the various techniques used for compromising wireless networks. There are a few things that I am not able to correlate and need help understanding them. (I understand…
qre0ct
  • 1,492
  • 3
  • 19
  • 30
7
votes
3 answers

Can someone explain in simple steps how WPA2-Enterprise authentication and encryption happens?

When I try asking this question on other websites I get massive downvotes and am told "We're not doing your homework. Use google." Also I sometimes get banned. Anyways, I've searched tens of pages of google and still can't get a grasp on it. There's…
Newlo Newly
  • 145
  • 1
  • 1
  • 6
7
votes
1 answer

Attack WPA password with hashcat - Settings and resources for "german" passwords?

I'd like to prove to a friend of mine that his wifi is insecure and learn something about password cracking on the way. The guy I am talking about does not believe in strong passwords but in SSID hiding and mac address filtering. As you know this is…
wedi
  • 173
  • 1
  • 5
6
votes
1 answer

WPA/WPA2 attacks

How does someone attack a WPA/WPA2 wireless network? I have read on the two main approaches: dictionary and rainbow tables. How do you use rainbow tables in conjunction with your tool of choice? I went over to Free Rainbow tables…
leni1
  • 61
  • 1
  • 1
  • 2
6
votes
2 answers

Why WPA2 Client Devices Respond to Any Deauths

A great number of attack methods for WPA2 involve getting a handshake capture. To capture one the fastest way involves sending deauthentication packets to the client forcing him to initiate the handshake while you capture the entire transaction with…
NULL
  • 503
  • 1
  • 5
  • 13
1
2 3 4 5 6