Cracking Wi-Fi Protected Access (WPA), Part 2
In part 1 of this series, we looked at the internals of WPA as compared to WEP, and saw how this wireless protection method can be cracked with only four packets of data. With a solid understanding of how keys are created, transmitted, validated, and then used to set up the encryption between two wireless devices, we're ready to investigate how WPA can be cracked.
Starting the Crack
First, it's important to note the efforts that the designers of WPA went through to secure WPA. The four-way handshake was designed to occur over an insecure channel using plaintext, but still provide a means of authenticating and initializing a secure connection between two devices. At no time is any key actually transmitted over the air. The pre-shared key (PSK) is first converted to a primary master key (PMK), which is then used to create the primary transient key (PTK). The PTK is broken down into several parts, one of which is the MIC (Message Authentication Code) Key. This value is then used to create a message digest value (hash) that is appended to each packet for validation. Note that a hash, by definition, cannot be used to re-create the original data. As a result, at no time is sensitive data exposed to an attacker.
The problem isn't directly related to the algorithm or WPA initialization process, but is instead tied to the simple fact that the process can be reproduced. This fact, combined with the reality that most users select poor passwords, provides an opportunity that can be exploited.
To illustrate how the attack works, let's dissect a successful crack using a program written by Joshua Wright, who has made headlines with his security research. His work prompted Cisco to release a warning about the insecurities of LEAP, and eventually lead to the release of EAP-Fast. Mr. Wright also produced the first publicly available WPA cracking tool for Linux. While KisMAC had this ability for several months prior to the release of coWPAtty, the use of that tool requires a Mac.