{"id":31,"date":"2011-06-28T11:27:29","date_gmt":"2011-06-28T11:27:29","guid":{"rendered":"http:\/\/domonkos.tomcsanyi.net\/?p=31"},"modified":"2011-07-16T23:32:40","modified_gmt":"2011-07-16T23:32:40","slug":"minek-a-jelszo-why-do-you-need-a-password","status":"publish","type":"post","link":"https:\/\/domonkos.tomcsanyi.net\/?p=31","title":{"rendered":"Minek a jelsz\u00c3\u00b3? \/ Why do you need a password?"},"content":{"rendered":"

Mostans\u00c3\u00a1g, hogy el\u00c3\u00a9gg\u00c3\u00a9 elkezdtem \u00c3\u00a9rdekl\u00c5\u2018dni a WPA\/WPA2 biztons\u00c3\u00a1g ir\u00c3\u00a1nt mindenf\u00c3\u00a9le \u00c3\u00b6tleteim t\u00c3\u00a1madnak. Egy r\u00c3\u00a9sz\u00c3\u00bck teljesen baroms\u00c3\u00a1g (nyilv\u00c3\u00a1n a nagy r\u00c3\u00a9sze), azonban egy-kett\u00c5\u2018 ak\u00c3\u00a1r \u00c3\u00a9rtelmes is lehet. Ilyen volt ugye a WPA2 Known Plain Text attack amit Luaks Lueggel csin\u00c3\u00a1ltunk, ez sz\u00c3\u00adntiszta optimaliz\u00c3\u00a1l\u00c3\u00a1s volt, szimpl\u00c3\u00a1n a szabv\u00c3\u00a1ny alapj\u00c3\u00a1n.<\/p>\n

Az\u00c3\u00b3ta tov\u00c3\u00a1bbmentem az olvas\u00c3\u00a1sban, \u00c3\u00a9s r\u00c3\u00a1j\u00c3\u00b6ttem, hogy a jelsz\u00c3\u00b3ra baromira nincs sz\u00c3\u00bcks\u00c3\u00a9g\u00c3\u00bcnk a WPA-ban, mert a szabv\u00c3\u00a1ny defin\u00c3\u00adci\u00c3\u00b3ja megengedi a PMK haszn\u00c3\u00a1lat\u00c3\u00a1t a jelsz\u00c3\u00b3 helyett….ez az \u00c3\u00bagynevezett built-in pass-the-hash…<\/p>\n

Nem hiszed el? Pr\u00c3\u00b3b\u00c3\u00a1ld ki!
\nEzzel gener\u00c3\u00a1ld le<\/a> a saj\u00c3\u00a1t WiFi h\u00c3\u00a1l\u00c3\u00b3zatodra a PMK-t, majd Ctrl + C, Ctrl + V a Windows Wireless jelsz\u00c3\u00b3 mezej\u00c3\u00a9be. Connect….\u00c3\u00a9s hopp, fent vagy a h\u00c3\u00a1l\u00c3\u00b3zaton!<\/p>\n

Mi a jelent\u00c5\u2018s\u00c3\u00a9ge?
\nA jelenlegi hash-adatb\u00c3\u00a1zisokat nagyj\u00c3\u00a1b\u00c3\u00b3l 7\/8 akkor\u00c3\u00a1ra lehet cs\u00c3\u00b6kkenteni m\u00c3\u00a9retben, hiszen a jelsz\u00c3\u00b3t nem kell elt\u00c3\u00a1rolni, valamint ha valaki vissza akarja fejteni a kapott mester-kulcsb\u00c3\u00b3l a jelsz\u00c3\u00b3t, akkor m\u00c3\u00a1r haszn\u00c3\u00a1lhat val\u00c3\u00b3di rainbow-t\u00c3\u00a1bl\u00c3\u00a1kat (hiszen hashb\u00c5\u2018l megy\u00c3\u00bcnk a jelsz\u00c3\u00b3 fel\u00c3\u00a9).<\/p>\n

Sz\u00c3\u00a1mokkal: egy jelsz\u00c3\u00b3 8 byte hossz\u00c3\u00ba (ha 8 karakteres ugyeb\u00c3\u00a1r), egy PMK 65 byte-os, azaz t\u00c3\u00a9nyleg k\u00c3\u00b6r\u00c3\u00bclbel\u00c3\u00bcl 1\/8-al kevesebb helyre lesz sz\u00c3\u00bcks\u00c3\u00a9g\u00c3\u00bcnk.<\/p>\n

 <\/p>\n

Nowadays I am digging deeper and deeper into WiFi security by only using the official 802.11 standard documentation. Pretty interesting and neat stuff, makes my brain go really fast and spit out many ideas. Of course, 99% of these ideas are totally stupid and pointless, but the remaining 1% is something I am proud of. For example the Known Plain Text Attack against WPA2 which Lukas Lueg and I did together is something pretty cool…<\/p>\n

So I kept reading and reading, and look what I found out: for WPA\/WPA2 you don’t need the password to connect…Why? Because you can use the PMK instead of it. Standard defined pass-the-hash. I tried it, and it works.
\nYou don’t believe me? Well, try it out for yourself:
\nGenerate your WiFi PMK by using this page.<\/a> Then copy-paste the PMK into Windows when it is asking for the WLAN password….oops, it works :).<\/p>\n

So what does this mean?
\nFirst all the hash databases we have been using could be smaller by around 1\/8 (no need to store the password, so we save HDD space), and if you wanna recover the password from the PMK you can use real-rainbowtables, since we have a hash and wanna get the pw. Kinda liking it :).<\/p>\n

Just the numbers: a password is 8-byte-long (talking about an 8-character-password), a PMK is 65 bytes, so truly around 1\/8 could be spared.<\/p>\n","protected":false},"excerpt":{"rendered":"

Mostans\u00c3\u00a1g, hogy el\u00c3\u00a9gg\u00c3\u00a9 elkezdtem \u00c3\u00a9rdekl\u00c5\u2018dni a WPA\/WPA2 biztons\u00c3\u00a1g ir\u00c3\u00a1nt mindenf\u00c3\u00a9le \u00c3\u00b6tleteim t\u00c3\u00a1madnak. Egy r\u00c3\u00a9sz\u00c3\u00bck teljesen baroms\u00c3\u00a1g (nyilv\u00c3\u00a1n a nagy r\u00c3\u00a9sze), azonban egy-kett\u00c5\u2018 ak\u00c3\u00a1r \u00c3\u00a9rtelmes is lehet. Ilyen volt ugye a WPA2 Known Plain Text attack amit Luaks Lueggel csin\u00c3\u00a1ltunk, ez sz\u00c3\u00adntiszta optimaliz\u00c3\u00a1l\u00c3\u00a1s volt, szimpl\u00c3\u00a1n a szabv\u00c3\u00a1ny alapj\u00c3\u00a1n. Az\u00c3\u00b3ta tov\u00c3\u00a1bbmentem az olvas\u00c3\u00a1sban, \u00c3\u00a9s r\u00c3\u00a1j\u00c3\u00b6ttem, hogy a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false},"categories":[5,3],"tags":[],"_links":{"self":[{"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/posts\/31"}],"collection":[{"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=31"}],"version-history":[{"count":4,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/posts\/31\/revisions"}],"predecessor-version":[{"id":83,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/posts\/31\/revisions\/83"}],"wp:attachment":[{"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=31"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=31"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=31"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}