To all my English readers: I am happy to announce, that NetAcademia will be offering online Certified Ethical Hacker Courses in English – having me as your instructor. Here is a little sneak peek into the course, so you know how it will look like:
Nowadays I am digging deeper and deeper into WiFi security by only using the official 802.11 standard documentation. Pretty interesting and neat stuff, makes my brain go really fast and spit out many ideas. Of course, 99% of these ideas are totally stupid and pointless, but the remaining 1% is something I am proud of. For example the Known Plain Text Attack against WPA2 which Lukas Lueg and I did together is something pretty cool…
So I kept reading and reading, and look what I found out: for WPA/WPA2 you don’t need the password to connect…Why? Because you can use the PMK instead of it. Standard defined pass-the-hash. I tried it, and it works.
You don’t believe me? Well, try it out for yourself:
Generate your WiFi PMK by using this page. Then copy-paste the PMK into Windows when it is asking for the WLAN password….oops, it works :).
So what does this mean?
First all the hash databases we have been using could be smaller by around 1/8 (no need to store the password, so we save HDD space), and if you wanna recover the password from the PMK you can use real-rainbowtables, since we have a hash and wanna get the pw. Kinda liking it :).
Just the numbers: a password is 8-byte-long (talking about an 8-character-password), a PMK is 65 bytes, so truly around 1/8 could be spared.