802.11 Wireless Attacks  Home ToC Prev Up Next 
802.11
Attacks
O/S/M Vulnerabilities
WEP Encryption
Passive Attacks
Active Attacks
IV Reply Attack
Bit-flipping Attack
ManInTheMiddle
MITM Attack
Cisco LEAP
LEAP weaknesses
LEAP attack
ICV issue
+Passive WPA PSK
WPA PSK attacks
PSK attack tools
Conclusion
  

Passive WPA PSK

  • Each station may have its own PSK (pre-shared key)

  • When no 802.1X is used, the PSK is used directly as the Pairwise Master Key (PMK). When PSK is passphrase, then PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256);

  • The PTK (Pairwise Transient Key) is a keyed-HMAC function using the PMK on the two MAC addresses and the two nonces from the first two packets of the 4-Way Handshake unique for each session
Copyright © 2005 Pavol Lupták, OpenWeekend 2005  Prev Next