Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Wireless Security » WPA
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Forum Guidelines ·Wireless Security FAQ ·Keith's FAQ
MAC Address always sent in the clear & is possible to clone »
AuthorAll Replies

docrice

join:2008-03-31
Fremont, CA

reply to Lasko
Re: WPA

I'd like to clarify this a bit since people tend to be vague on this particular area. The WPA passphrase is used in conjunction with the SSID value and the SSID length, the hash of which results in the Pairwise Master Key (PMK). This is the first-stage secret that the station and AP share. The secret element, of course, is the passphrase because everything else is out in the open.

With both the station and AP having calculated the same PMK, the next step is to perform a 4-way handshake which involves each side sending a dynamically-generated nonce value. Each side uses these values, along with the hardware addresses of both nodes, to calculate the Pairwise Transient Key (PTK). The PTK is composed of multiple sub-keys such as the EAPOL Key Encryption Key (KEK), EAPOL Key Confirmation Key (KCK), as well as the Temporal Key (TK).

It's the stuff that makes up the PTK which does the actual encryption, namely the Temporal Key for unicast packets. The 4-way handshake is exposed clear text. If you capture the WPA session setup traffic during 802.11 and WPA negotiation, you can see these nonce values being passed along with the GTK and any ACKs.

Attackers need to figure out two things to crack WPA traffic: the PMK value and the session-specific 4-way handshake nonce values. Therefore, protecting the PMK in a pre-shared key environment by selecting a strong passphrase is crucial because everything else can be seen via monitor mode on a 802.11-capable network interface.
to forum · permalink · · 2008-06-18 04:12:19 · Reply to this
Forums » Up and Running » Security » Wireless SecurityMAC Address always sent in the clear & is possible to clone »

Saturday, 22-Nov 05:25:27 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2008 dslreports.com.
page compression OFF
Most commented news this week
· [198] Obama FCC Selection Team Won't Make AT&T Happy
· [107] DSL's Not Dead Yet
· [85] Zone Alarm Pro Free Just For Today
· [80] Harvard Law Professor Sues RIAA
· [80] Storm Reviews Come Rolling In
· [68] CRTC Rules Against Indie ISPs In Throttling Dispute
· [67] New Xbox 360 'Experience' Goes Live
· [56] Just 26% of U.S. Broadband Users Faster Than 5Mbps
· [51] Cable Grabbing 71% Of New Broadband Customers
· [50] Friday Open Thread
Most people now reading
· CRTC ruling coming Thursday Nov 20 [TekSavvy]
· [WotLK] Championing explained [World of Warcraft]
· Pentagon Hit by Unprecedented Cyber Attack [Security]
· Is there any point now in switching? [TekSavvy]
· Appliance repair bill question. [Home Repair & Improvement]
· [northeast] 20/20 not available any more? [Verizon Fiber Optics]
· [WotLK] Frost/Arcane Mage Build Thoughts [World of Warcraft]
· Rocky - time to offer VPN service to all your customers [TekSavvy]
· Core 2 Duo E8400 vs. Core 2 Quad Q6600 [PC gaming Tech]
· [WotLK] Zygor's Leveling Guide Vs QuestHelper Addon [World of Warcraft]