Questions tagged [wpa2]
Security protocol (IEEE 802.11i) developed by the Wi-Fi Alliance to protect wireless networks.
330 questions
1
vote
1
answer
119
views
Wifi Handshake Hijack
In a normal wifi network, after authentication we associate and then perform a handshake (WPA2: 4-way handshake, WPA3: dragonfly handshake) with the AP. How does a client now know that the frames ...
- 13
1
vote
1
answer
343
views
In WPA handshake brute force attack, how can attacker find PMK if MIC is performed using only HALF of PTK?
Brute force attack against WPA is the most common attack against WPA/WPA2 networks. Attacker captures the 4-way handshake that allows the authentication key to be cracked offline.
During the 4-way ...
- 197
1
vote
0
answers
56
views
Chop Chop attack decrypting ARP results in multicast traffic takeover only
I read about chop chop attack and how it is used to decrypt packets on a WPA TKIP network, by chopping off byte by byte and bruteforcing the byte to trigger MIC failure. In case of MIC failure, would ...
- 11
1
vote
0
answers
290
views
aireplay-ng --deauth never finds BSSID available
I've been trying to crack wifi wpa2 handshake using airodump-ng and aireplay-ng.
I'm using alfa awus-036acs adapter.
sudo airodump-ng wlan0
sudo airodump-ng --bssid MAC ADDR of AP --channel 1 -w ...
0
votes
1
answer
117
views
GTK and 4 way handshake
GTK is transferred at 3 message.
https://www.wifi-professionals.com/2019/01/4-way-handshake
What is for GTK key in 4 way handshake while PTK exists?
- 1
1
vote
1
answer
103
views
What is a logical threshold in terms of users or devices to migrate from WPA personal to WPA enterprise?
I have a question in particular about WPA's Enterprise versus Personal without discussing the specifics of WPA2/WPA3.
I've encountered quite a few situations where the Personal version of WPA2/WPA3 ...
- 7,135
3
votes
1
answer
823
views
Is WPA2-Enterprise a more secure protocol designed to protect WiFi communication compared to WPA3-Personal?
Perhaps an unconventional comparison. If we ignore device compatibility for a moment and compare security features of WPA3(-three)-Personal with WPA2(-two)-Enterprise. Which is most secure and why is ...
- 7,135
2
votes
1
answer
574
views
Using public WPA2 Enterprise credentials for public Wi-Fi
In South Korea, I've seen a couple of public Wi-Fi networks advertise a "secure" option. Stickers on public buses in Seoul and the captive portal login page for unencrypted Wi-Fi instruct ...
- 123
0
votes
1
answer
177
views
Is it possible to fully protect a home Wi-Fi network from remote attacks?
I've read that some ways to secure a home Wi-Fi network include encrypting the network using WPA2 Personal, and changing the default administrative username, password, and network name. But I'm not ...
- 1
0
votes
0
answers
177
views
How to secure old routers with WPA2 and with old firmware?
There are many old routers that support WPA2 that hadn't had a firmware update released since around 2010. Is it possible to secure their WPA2 implementation considering the more recent ...
- 2,069
0
votes
1
answer
2k
views
Does WPA/WPA2 mixed mode have weak security even if I always connect using WPA2-AES?
My Wi-Fi access point is in "WPA/WPA2 mixed mode", which allows devices to connect to it using either WPA, WPA2-TKIP, or WPA2-AES. My Apple® smartphones and tablet computers are warning that ...
- 963
4
votes
1
answer
1k
views
Is brute force for SSH similar to cracking WPA2 handshake?
I heard recently that WPA2 passwords can be brute forced if somebody captures handshake (which is not very difficult). Can somebody tell if a similar method exists for cracking SSH traffic? I mean ...
- 143
0
votes
2
answers
756
views
My Linux Mint just accessed a wifi network WPA2 without knowing the password [closed]
I brought my personal notebook to work. Asked the IT technician to access the WiFi on it (it's a federal institution of health research, lots of biological risks involved). Then he noticed that the ...
1
vote
0
answers
76
views
Force A Reply WPA/WPA2
I am working on an open source project, and am currently stumped.
Let’s say I have a client connect to a wireless WPA network I am not authenticated to the wireless network I just have a wireless card ...
- 11
0
votes
1
answer
610
views
How is WPA-PSK authentication done?
When I try connecting to wireless networks (with no RADIUS server), I enter the password and it goes through an authentication process. After the station successfully connects to the access point, a 4-...
0
votes
1
answer
2k
views
Airodump-ng shows AP as OPN and WPA2 at the same time. What does it mean?
The result of airodump-ng lists some AP's as both OPN and WPA2. How does the authentication work in that case?
12:34:56:78:AB:CD, 2011-09-09 15:29:47, 2022-10-21 16:09:05, 1, WPA2 OPN, CCMP, MGT, -75,...
- 11
2
votes
1
answer
3k
views
Speed up cracking a wpa2.hccapx file in hashcat
I'm trying to do a brute force with Hashcat on windows with a GPU cracking a wpa2.hccapx handshake. Based on my research I know the password is 10 characters, a mix of random lowercase + numbers only
...
- 21
0
votes
1
answer
332
views
WPA2 Enterprise Authentication Certificate Security
While reading up about WPA2-Enterprise, it states that it is more preferred over WPA2-Personal as it allows authentication via digital certificates which prevents over-the-air attacks.
However, I am ...
0
votes
0
answers
450
views
How can I add some probable Keywords to hashcat, so I can Brute-Force attack a WPA2 Network faster
I´m trying to brute force attack a WPA2 Network with Hashcat and a wpa2.hccpax file, but when I do it says that it can take 45years to brute force it. So I had the idea that probably the network I´m ...
1
vote
0
answers
3k
views
How does the WPA2 crack work with Hashcat 22000 format hash lines?
I'm trying to understand the format and functionality of WPA2 hash lines that start with WPA*02* used with -m 22000 on hashcat.
The way I understand it, this format was created as an improvement and ...
- 203
1
vote
1
answer
218
views
Under what circumstances can WPA be cracked?
can someone please tell me under what circumstances can WPA be cracked? i'll appreciate it.
- 41
3
votes
1
answer
429
views
Why does a 20-character key make WPA Personal more secure?
Can someone tell me why a 20-character key makes WPA Personal more secure? That really confuses me.
- 41
1
vote
1
answer
4k
views
How is the MIC (message integrity code) generated in WPA2?
We know that in WPA2's four-way handshake, a MIC is generated in order verify the supplicant (client). But how it is generated? Is something hashed to get the MIC? The PTK (pairwise transient key) ...
- 13
1
vote
0
answers
345
views
What is Received Sequence Counter(RSC) in WPA authentication
In WPA 4-way handshake and in Message 3 (while GTK transfer), A RSC (Received sequence Number ) sent by the Authenticator (AP) to the supplicant.
The only information I found about RSC is that it's ...
- 11
1
vote
2
answers
549
views
Hacking WPA/WPA2 passwords
Is there another method apart from using a wordlist to crack WPA/WPA2 passwords? because it's not going to work for all cases. Even using the biggest wordlist ever, there are cases where there won't ...
- 11
0
votes
2
answers
6k
views
Why do WEP, WPA, WPA2 need TKIP, AES, CCMP?
Okay so im looking into understanding more about Wireless security. One thing i have not be able to understand is what does WEP, WPA and WPA2 do without the help of TKIP, CCMP, and AES, and what do ...
- 58
2
votes
0
answers
270
views
802.11s with SAE vs WPA-RSN (802.11i) on a MESH network
I'm investigating a protection options for a mesh network (p2p). The amount of nodes is constantly changing and possibly owned by different entities.
We are thinking between 802.11s with SAE (...
- 121
5
votes
2
answers
13k
views
Recommended length for WPA-2 password in 2020
I'm auditing my network setup and trying to determine an appropriate password length with a random set of digits and numbers. I found a Security Stack exchange answer but it was written in 2012 and ...
1
vote
1
answer
3k
views
How does the EAP-TLS handshake work, exactly?
I'm trying to understand EAP-TLS authentication, but I'm struggling to understand a few bits:
Before the supplicant sends any certificates to the server, it usually verifies the server's identity.
...
- 11
0
votes
2
answers
604
views
WPA2-EAP-TLS with global client certificate
Is security compromised if every client uses the same client certificate to authenticate with WPA2-EAP-TLS?
In essence, we want to provide an open wifi network, but want to ensure users cannot see ...
- 103
5
votes
2
answers
4k
views
What does WPA2 traffic look like to a packet sniffer that is not connected to the network?
Imagine there is a wireless network using WPA2, and an attacker has come along with his wireless card in monitor mode. What will the packets from that network look like? Is any information disclosed i....
- 83
0
votes
1
answer
1k
views
Using MAC Filtering in addition to WPA2 Encryption
I've been trying to find some answers regarding using MAC filtering on my router in addition to having WPA2 encryption but I couldn't find any clear ones. I understand that using MAC filtering solely ...
1
vote
3
answers
3k
views
Does WPA2 use TKIP or not?
I am writing my master's thesis about WLANs, and there is something what I don't really understand. This may be a dumb question but I didn't find a clear explanation.
WPA uses encryption TKIP. WPA2 ...
- 113
1
vote
1
answer
558
views
With WiFi now having protected management frames, is it still worth attempting an evil twin attack?
I was trying to aireplay'ng my home WiFi but I understood that with the new generation of APs, there is a system of protected management frames. So I'm asking, is it still worth it to perform an evil ...
- 29
-1
votes
1
answer
2k
views
wifi cracking using a network adapter which doesn't support packet injection
I'm trying to crack my wifi (WPA-CCMP) password to test its strength and security, I'm using the commview for wifi and aircrack-ng software on windows 10. I've three laptops, Windows 10 (64bit) with ...
- 3
1
vote
3
answers
534
views
How can wireless password cracking be detected?
Our team was hired for a red team engagement for a client. A part of the engagement is attempting to crack the WiFi passwords of their office APs. However, we obviously want to stay undetected. What ...
- 885
2
votes
0
answers
29
views
How can I crack WPA2 hash with some limitations? [duplicate]
I want to crack an 8 character password, but I know this password doesn't contain more than 4 symbols, 4 uppercase letters, 4 lowercase letters and 4 numbers, and it contains at least 2 symbols, 2 ...
- 21
0
votes
1
answer
2k
views
What level of vulnerability has this WPA2 system?
I designed a WiFi host whose password contains a truncated SHA256 hash of a password + the time it was set.
For example, “password2019-12-25-12:59” hashed to “acd2775f” which is
truncated to 8 ...
- 95
4
votes
1
answer
1k
views
Connect with a WPA2 hash instead of cracking it
When stealing a WPA2 hash from a packet, why do you need to use brute force to find out the original password instead of just sending the router the hash itself and connect with it to the router?
- 41
1
vote
0
answers
142
views
Is this the signature of a KRACK attack?
A router (or one spoofing as a router) unilaterally sent to a client an EAPOL packet 1 of 4, and then immediately sent 5 packets of EAPOL packet 3 of 4.
Is this the signature of a KRACK attack? And ...
- 121
0
votes
0
answers
507
views
How could a WPA2 WiFi with a 40+ character random password have been penetrated
I can confirm an intrusion from an unknown MAC address (identified as a Realtek device), getting a new, valid IP from the DHCP pool, and using the network for roughly 1 hour.
The network is WPA2 - 1 ...
- 121
1
vote
1
answer
765
views
Is WPA2 TKIP+AES with WPS disabled and strong keys secure? What about WPA2 Enterprise against a RADIUS server?
With all the recent vulnerabilities in WPA2 and so many low quality posts/articles in the internet about WPA2 security I am not being able to fully understand the risks of WPA2.
Is WPA2 Personal ...
- 111
0
votes
0
answers
56
views
Full Picture of Cracking Coffee Traffic [duplicate]
I'm trying to get a full answer to an interview question I got asked a while ago that keeps coming back to haunt me at night. Hoping that I can get a clearer picture of it here, or at least a link to ...
-1
votes
1
answer
121
views
Is it beneficial to know the first char of a wpa2 hash [duplicate]
All I will need to check is AAAAAAAA - AZZZZZZZ.
So I will only have to check the A's but will checking the A's be faster knowing the first char , I can't see why it would be as it would have to ...
- 109
1
vote
1
answer
6k
views
How long to crack an 8 character WPA2 hash if first char is known
I know the first char is A and it's all upper alphanumeric. Is there a way to estimate how long a mid level single GPU using hashcat would take to crack it?
- 109
-5
votes
1
answer
3k
views
Has Wi-Fi hacking gotten almost impossible?
I have read about Wi-Fi password cracking for a while and used different tools my self, such as:
Airodump for monitoring
Aicrack for getting key from cap files for WEP/WPA/WPA2
Reaver for WPS
Bully ...
- 1
2
votes
2
answers
490
views
How can I secure Wifi against these specific attacks?
I have found myself in a situation where I need to setup a somewhat secure Wifi network. I am primarily concerned about these attacks, however I welcome any advice about other attacks that I should be ...
- 225
0
votes
0
answers
445
views
Why doesn't the fluxion attack steal credentials when authenticating to the network?
I ask this question because i am not happy with the answer here
In a normal attack such as fluxion.
You send DEAUTH packets to the victim wifi.
Clone their access point and host an open wifi.
Let the ...
- 3,814
1
vote
2
answers
310
views
WPA2 Security for Security System/IoT
How safe are WiFi modules/devices for use in security systems or even IoT?
How effective are dictionary and brute-force attacks in cracking WPA2? Online tutorials I've seen such as this claim to be ...
- 983
1
vote
2
answers
2k
views
Why do evil twin attacks against WiFi use a captive portal?
I was recently the victim of an evil twin attack on my WiFi network, probably by the new upstairs neighbors. It prompted me, with a captive portal, saying there had been an update and I needed to ...
- 123