Why can rogue access points not be created to get WPA passkey?

(Brian Waltse) #1

I was wondering, why can rougeAPs not capture wpa passkeys.

I know that several wireless cards have the ability to create an access point, and after a user connects they can be phished and spoofed. I know that they cannot currently capture passwords because it requires a 4 way handshake, and your AP must already know the passphrase. What i am wondering is since the AP must compare the passwords in some way, why can an access point not have a password of all like " Password=’*’ " and then send the passphrase to the user. Even if this was a “re-invent the wheel” situation wouldn’t it be worth it?
This makes me wonder if a hacker could re-invent other services to get protected data.

(Harry) #2
  1. A ‘*’ is semantically a regular expression which means “everything” but to resolve it to everything either there should be an underlying subset of some values, or some strings being provided in real time to include in an empty subset. neither of which is the case in a 4 way handshake.

  2. Even if an asterik(*) works. It would mean any random password WILL WORK for any random WiFi access point. if that’s true, then the whole ourpose of WiFi security is defeated even before switching to an encryption mechanism.

  3. Now the real thing, The passphrase you enter is passed to a function named PBKDF2(Password Based Key Derivation Function, 2 for WPA2). The password is then hashed with the Access Point name (SSID) and SSID length. and it is then hashed using sha-256, over 4096 iterations of the same hash is done. and the output is a 256-bit key called the PSK or Pre Shared Key (wpa_passphrase will give you one). Since the passphrase and SSID along with the SSID length makes the whole psk unique. there is really no way left for the ‘*’ for amy hacker to implement or use.
    that’s why all the alternatives to get the key, wither hashed or plain text. But there is really no room for any regular expression in the process. else there is no need for WPA2. open wireless was perfectly fine to use.

KALI -- Genpmk cmd error