What security does the wpa_passphrase tool actually add to a wpa-supplicant configuration file?Again WPA...
Can I become debt free or should I file for bankruptcy? How do I manage my debt and finances?
How to get the first element while continue streaming?
Where is this quote about overcoming the impossible said in "Interstellar"?
Can a Trickery Domain cleric cast a spell through the Invoke Duplicity clone while inside a Forcecage?
How to kill a localhost:8080
Would the melodic leap of the opening phrase of Mozart's K545 be considered dissonant?
“I had a flat in the centre of town, but I didn’t like living there, so …”
It doesn't matter the side you see it
GPL code private and stolen
What kind of inflection is occuring in passive vb + かかった?
Specific Chinese carabiner QA?
Is there a math equivalent to the conditional ternary operator?
Why do phishing e-mails use faked e-mail addresses instead of the real one?
Should I use HTTPS on a domain that will only be used for redirection?
Difference between 'stomach' and 'uterus'
Find maximum of the output from reduce
A bug in Excel? Conditional formatting for marking duplicates also highlights unique value
3.5% Interest Student Loan or use all of my savings on Tuition?
What is a term for a function that when called repeatedly, has the same effect as calling once?
How do I deal with being envious of my own players?
What can I do if someone tampers with my SSH public key?
Being asked to review a paper in conference one has submitted to
Plagiarism of code by other PhD student
How do you say “my friend is throwing a party, do you wanna come?” in german
What security does the wpa_passphrase tool actually add to a wpa-supplicant configuration file?
Again WPA Connection problem even after changed to latest version ..please helpChanging WPA supplicant configuration on dd-wrtWhat does mean the security protection of PDF files?Where can I find a full list of wpa-* options for the interfaces file?What does 'Inheritance' in the Windows Advanced Security Settings mean?What are the best wireless security settings for my routerDoes increasing the complexity of a PSK passphrase mitigate the risks of WPA-TKIP?How does the Bitdefender Box actually work?What does WPA/WPA2 really encrypt?key file for linux home encryption?
I was looking at this guide to setting up a wifi connection on a modern linux system (specifically raspbian, but I assume the steps are similar in other linux systems) with only a command-line interface. The guide mentioned that the PSK could be stored as a pre-encrypted 32 byte hexadecimal number, but also mentioned that a plaintext SSID and PSK will be used to connect. Further, the wpa_passphrase tool seems to encrypt the PSK using the SSID (unless I am misinterpreting the tutorial).
If an attacker gained access to this wpa-supplicant configuration file, it seems like he could just use the SSID (stored there in plain text) and knowledge of the wpa_passphrase tool's encryption algorithm to decrypt the PSK, giving no more security than storing a plain-text PSK in the file. Is this not the case, and why?
wireless-networking security wpa-supplicant
asked yesterday
jaredad7jaredad7
1085
add a comment |
I was looking at this guide to setting up a wifi connection on a modern linux system (specifically raspbian, but I assume the steps are similar in other linux systems) with only a command-line interface. The guide mentioned that the PSK could be stored as a pre-encrypted 32 byte hexadecimal number, but also mentioned that a plaintext SSID and PSK will be used to connect. Further, the wpa_passphrase tool seems to encrypt the PSK using the SSID (unless I am misinterpreting the tutorial).
If an attacker gained access to this wpa-supplicant configuration file, it seems like he could just use the SSID (stored there in plain text) and knowledge of the wpa_passphrase tool's encryption algorithm to decrypt the PSK, giving no more security than storing a plain-text PSK in the file. Is this not the case, and why?
wireless-networking security wpa-supplicant
asked yesterday
jaredad7jaredad7
1085
"If an attacker gained access to this wpa-supplicant configuration file..." - Most threat model collapse with this level of compromise. An attacker that has root and can read configuration files can also read state of the random number generator, read decrypted traffic, and do other nefarious things. There's no confidentiality or integrity after that.
– jww
yesterday
You might also be interested in Is there a way to configure WPA2-PSK to provide Forward Secrecy? Also see Wi-Fi Protected Access and "WPA and WPA2 don't provide forward secrecy, meaning that once an adverse person discovers the pre-shared key, they can potentially decrypt all packets encrypted using that PSK transmitted in the future and even past..." It looks like WPA3 is going to close the gap.
– jww
yesterday
add a comment |
I was looking at this guide to setting up a wifi connection on a modern linux system (specifically raspbian, but I assume the steps are similar in other linux systems) with only a command-line interface. The guide mentioned that the PSK could be stored as a pre-encrypted 32 byte hexadecimal number, but also mentioned that a plaintext SSID and PSK will be used to connect. Further, the wpa_passphrase tool seems to encrypt the PSK using the SSID (unless I am misinterpreting the tutorial).
If an attacker gained access to this wpa-supplicant configuration file, it seems like he could just use the SSID (stored there in plain text) and knowledge of the wpa_passphrase tool's encryption algorithm to decrypt the PSK, giving no more security than storing a plain-text PSK in the file. Is this not the case, and why?
wireless-networking security wpa-supplicant
asked yesterday
jaredad7jaredad7
1085
I was looking at this guide to setting up a wifi connection on a modern linux system (specifically raspbian, but I assume the steps are similar in other linux systems) with only a command-line interface. The guide mentioned that the PSK could be stored as a pre-encrypted 32 byte hexadecimal number, but also mentioned that a plaintext SSID and PSK will be used to connect. Further, the wpa_passphrase tool seems to encrypt the PSK using the SSID (unless I am misinterpreting the tutorial).
If an attacker gained access to this wpa-supplicant configuration file, it seems like he could just use the SSID (stored there in plain text) and knowledge of the wpa_passphrase tool's encryption algorithm to decrypt the PSK, giving no more security than storing a plain-text PSK in the file. Is this not the case, and why?
wireless-networking security wpa-supplicant
wireless-networking security wpa-supplicant
asked yesterday
jaredad7jaredad7
1085
asked yesterday
jaredad7jaredad7
1085
asked yesterday
jaredad7jaredad7
1085
asked yesterday
jaredad7jaredad7
1085
asked yesterday
jaredad7jaredad7
1085
1085
"If an attacker gained access to this wpa-supplicant configuration file..." - Most threat model collapse with this level of compromise. An attacker that has root and can read configuration files can also read state of the random number generator, read decrypted traffic, and do other nefarious things. There's no confidentiality or integrity after that.
– jww
yesterday
You might also be interested in Is there a way to configure WPA2-PSK to provide Forward Secrecy? Also see Wi-Fi Protected Access and "WPA and WPA2 don't provide forward secrecy, meaning that once an adverse person discovers the pre-shared key, they can potentially decrypt all packets encrypted using that PSK transmitted in the future and even past..." It looks like WPA3 is going to close the gap.
– jww
yesterday
add a comment |
"If an attacker gained access to this wpa-supplicant configuration file..." - Most threat model collapse with this level of compromise. An attacker that has root and can read configuration files can also read state of the random number generator, read decrypted traffic, and do other nefarious things. There's no confidentiality or integrity after that.
– jww
yesterday
You might also be interested in Is there a way to configure WPA2-PSK to provide Forward Secrecy? Also see Wi-Fi Protected Access and "WPA and WPA2 don't provide forward secrecy, meaning that once an adverse person discovers the pre-shared key, they can potentially decrypt all packets encrypted using that PSK transmitted in the future and even past..." It looks like WPA3 is going to close the gap.
– jww
yesterday
"If an attacker gained access to this wpa-supplicant configuration file..." - Most threat model collapse with this level of compromise. An attacker that has root and can read configuration files can also read state of the random number generator, read decrypted traffic, and do other nefarious things. There's no confidentiality or integrity after that.
– jww
yesterday
"If an attacker gained access to this wpa-supplicant configuration file..." - Most threat model collapse with this level of compromise. An attacker that has root and can read configuration files can also read state of the random number generator, read decrypted traffic, and do other nefarious things. There's no confidentiality or integrity after that.
– jww
yesterday
You might also be interested in Is there a way to configure WPA2-PSK to provide Forward Secrecy? Also see Wi-Fi Protected Access and "WPA and WPA2 don't provide forward secrecy, meaning that once an adverse person discovers the pre-shared key, they can potentially decrypt all packets encrypted using that PSK transmitted in the future and even past..." It looks like WPA3 is going to close the gap.
– jww
yesterday
You might also be interested in Is there a way to configure WPA2-PSK to provide Forward Secrecy? Also see Wi-Fi Protected Access and "WPA and WPA2 don't provide forward secrecy, meaning that once an adverse person discovers the pre-shared key, they can potentially decrypt all packets encrypted using that PSK transmitted in the future and even past..." It looks like WPA3 is going to close the gap.
– jww
yesterday
add a comment |
1 Answer
1
active
oldest
votes
The PSK isn't an encrypted version of your passphrase; it's a hashed version of your passphrase. Specifically (if I remember correctly), the PSK in WPA2 is the output of PBKDF2(passphrase) using the SSID as a salt.
The difference is that ciphers are reversible, hashes are not. The PSK is actually directly usable as the WPA2 network key, without any decryption at all, but it cannot be reversed to find out the original passphrase.
This only provides mild security on its own, but if you frequently rotate the passphrase (e.g. MyLittleWifi42 → MyLittleWifi43 → MyLittleWifi44), then someone having just the hashed PSK has no way of guessing future passphrases. Similarly, renaming the network also invalidates all old PSKs.
(Note: As far as I know, this method will no longer work with WPA3-SAE, which requires the client to have the original passphrase. Storing just the PSK would limit you to WPA2 only.)
answered yesterday
grawitygrawity
240k37508561
I didn't realize that the hash was usable as a network key (or even that it was a hash). That clears things up.
– jaredad7
yesterday
Hashing the passphrase this way is how all Wi-Fi devices calculate the network key.
– grawity
yesterday
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1411604%2fwhat-security-does-the-wpa-passphrase-tool-actually-add-to-a-wpa-supplicant-conf%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The PSK isn't an encrypted version of your passphrase; it's a hashed version of your passphrase. Specifically (if I remember correctly), the PSK in WPA2 is the output of PBKDF2(passphrase) using the SSID as a salt.
The difference is that ciphers are reversible, hashes are not. The PSK is actually directly usable as the WPA2 network key, without any decryption at all, but it cannot be reversed to find out the original passphrase.
This only provides mild security on its own, but if you frequently rotate the passphrase (e.g. MyLittleWifi42 → MyLittleWifi43 → MyLittleWifi44), then someone having just the hashed PSK has no way of guessing future passphrases. Similarly, renaming the network also invalidates all old PSKs.
(Note: As far as I know, this method will no longer work with WPA3-SAE, which requires the client to have the original passphrase. Storing just the PSK would limit you to WPA2 only.)
answered yesterday
grawitygrawity
240k37508561
I didn't realize that the hash was usable as a network key (or even that it was a hash). That clears things up.
– jaredad7
yesterday
Hashing the passphrase this way is how all Wi-Fi devices calculate the network key.
– grawity
yesterday
add a comment |
The PSK isn't an encrypted version of your passphrase; it's a hashed version of your passphrase. Specifically (if I remember correctly), the PSK in WPA2 is the output of PBKDF2(passphrase) using the SSID as a salt.
The difference is that ciphers are reversible, hashes are not. The PSK is actually directly usable as the WPA2 network key, without any decryption at all, but it cannot be reversed to find out the original passphrase.
This only provides mild security on its own, but if you frequently rotate the passphrase (e.g. MyLittleWifi42 → MyLittleWifi43 → MyLittleWifi44), then someone having just the hashed PSK has no way of guessing future passphrases. Similarly, renaming the network also invalidates all old PSKs.
(Note: As far as I know, this method will no longer work with WPA3-SAE, which requires the client to have the original passphrase. Storing just the PSK would limit you to WPA2 only.)
answered yesterday
grawitygrawity
240k37508561
I didn't realize that the hash was usable as a network key (or even that it was a hash). That clears things up.
– jaredad7
yesterday
Hashing the passphrase this way is how all Wi-Fi devices calculate the network key.
– grawity
yesterday
add a comment |
The PSK isn't an encrypted version of your passphrase; it's a hashed version of your passphrase. Specifically (if I remember correctly), the PSK in WPA2 is the output of PBKDF2(passphrase) using the SSID as a salt.
The difference is that ciphers are reversible, hashes are not. The PSK is actually directly usable as the WPA2 network key, without any decryption at all, but it cannot be reversed to find out the original passphrase.
This only provides mild security on its own, but if you frequently rotate the passphrase (e.g. MyLittleWifi42 → MyLittleWifi43 → MyLittleWifi44), then someone having just the hashed PSK has no way of guessing future passphrases. Similarly, renaming the network also invalidates all old PSKs.
(Note: As far as I know, this method will no longer work with WPA3-SAE, which requires the client to have the original passphrase. Storing just the PSK would limit you to WPA2 only.)
answered yesterday
grawitygrawity
240k37508561
The PSK isn't an encrypted version of your passphrase; it's a hashed version of your passphrase. Specifically (if I remember correctly), the PSK in WPA2 is the output of PBKDF2(passphrase) using the SSID as a salt.
The difference is that ciphers are reversible, hashes are not. The PSK is actually directly usable as the WPA2 network key, without any decryption at all, but it cannot be reversed to find out the original passphrase.
This only provides mild security on its own, but if you frequently rotate the passphrase (e.g. MyLittleWifi42 → MyLittleWifi43 → MyLittleWifi44), then someone having just the hashed PSK has no way of guessing future passphrases. Similarly, renaming the network also invalidates all old PSKs.
(Note: As far as I know, this method will no longer work with WPA3-SAE, which requires the client to have the original passphrase. Storing just the PSK would limit you to WPA2 only.)
answered yesterday
grawitygrawity
240k37508561
edited yesterday
answered yesterday
grawitygrawity
240k37508561
answered yesterday
grawitygrawity
240k37508561
answered yesterday
grawitygrawity
240k37508561
240k37508561
I didn't realize that the hash was usable as a network key (or even that it was a hash). That clears things up.
– jaredad7
yesterday
Hashing the passphrase this way is how all Wi-Fi devices calculate the network key.
– grawity
yesterday
add a comment |
I didn't realize that the hash was usable as a network key (or even that it was a hash). That clears things up.
– jaredad7
yesterday
Hashing the passphrase this way is how all Wi-Fi devices calculate the network key.
– grawity
yesterday
I didn't realize that the hash was usable as a network key (or even that it was a hash). That clears things up.
– jaredad7
yesterday
I didn't realize that the hash was usable as a network key (or even that it was a hash). That clears things up.
– jaredad7
yesterday
Hashing the passphrase this way is how all Wi-Fi devices calculate the network key.
– grawity
yesterday
Hashing the passphrase this way is how all Wi-Fi devices calculate the network key.
– grawity
yesterday
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1411604%2fwhat-security-does-the-wpa-passphrase-tool-actually-add-to-a-wpa-supplicant-conf%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
"If an attacker gained access to this wpa-supplicant configuration file..." - Most threat model collapse with this level of compromise. An attacker that has root and can read configuration files can also read state of the random number generator, read decrypted traffic, and do other nefarious things. There's no confidentiality or integrity after that.
– jww
yesterday
You might also be interested in Is there a way to configure WPA2-PSK to provide Forward Secrecy? Also see Wi-Fi Protected Access and "WPA and WPA2 don't provide forward secrecy, meaning that once an adverse person discovers the pre-shared key, they can potentially decrypt all packets encrypted using that PSK transmitted in the future and even past..." It looks like WPA3 is going to close the gap.
– jww
yesterday