meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, August 6th 2018

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 6 August 2018

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New WPA Attack; Fake Techsupport Better Targeting; HP Printer Updates

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, August 6, 2018 edition of the San San Antonio's StormCast. My name is Johannes Ulrich and the time recording from San Antonio, Texas.

0:12.5

Well, looks like we have a new attack against WPA and WPA 2. This latest attack comes from Jens Stoibbet, the creator of Hachcat.

0:23.6

Not everybody using WPA is vulnerable. This particular issue does require that a specific feature is enabled with WPA and this feature is typically associated with fast roaming.

0:41.4

Now, there's still not a lot of details about this particular attack.

0:45.4

Really all we have is that Yenz captured this frame with this particular WPA option

0:52.0

and then used it to derive the Parvise Master key and then of course use that

0:58.4

with Hashcat to prude force the passphrase. But in short, what's happening here is that the

1:04.9

access point advertises Paralyze Master Key ID. Now the idea behind this feature is that if you keep switching

1:14.3

between a couple different access points as you're roaming in a larger wireless network,

1:19.9

then when you're getting back to a prior access point, well, this prior access point will

1:24.7

basically tell you I cached our keys and it's still good to go.

1:29.6

And that's really what the fast roaming part here is all about.

1:32.9

We're trying to make it faster to reconnect to the access point without having to renegotiate all of these keys.

1:41.0

But the problem here is that in order to implement this feature, they're including this

1:47.0

Parvise Master key ID and to calculate it, the only thing they do is they take the key itself

1:53.0

and then they hash it using SHA-1H-Mack hash and as key, they're essentially just using the client and the access point mac address.

2:04.9

So this makes it trivial to then get to the Parvise Master key, which then is the starting point

2:11.3

for the Prut Force attack. Now the Prut Force attack is not simple. The hash actually requires 4,096 iterations of PDKDF2, which is not a very fast hash to calculate.

2:25.6

But in the end, you're back to relying on strong passwords, which we know is always dangerous.

2:32.8

So recommendations so far, I think the best thing to start out with is make sure you use

2:39.4

a large, hard to guess password for WPA.

2:43.8

Now overall, WPA, WPA to buy itself is really not recommended. You should do something like even TLS in order

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.