Hello community !
I am trying to compare these two attacks and I am analysing which packets are intercepted by the Wireshark tool and how these packets are created.
For the 4-Way handshake I understand this:
First there is a value called PMK. (PMK=PBKDF2(PASSPHRASE, SSID, 4096,32)).
PTK is derived from PMK as follows:
PTK=PRF512(PMK,"Pairwise key expansion",min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)
The PTK will generate an intercepted value by Wireshark called MIC (MIC=HMAC(PTK[0:16],data)). This packet will be used by Hashcat to crack the password.
For the PMKID I understand this:
First there is a value called PMK (calculated the same way that in the previous attack)
This packet will generate the PMKID (PMKID=HMAC-SHA1(PMK,"PMK Name", MAC_AP,MAC_STA)).
I did both of them using Hashcat and the computation time to crack the password was the same for both. What I don't understand is how is it possible to have the same computation time, if cracking the 4-way handshake performs more hash calculations (PMK-PTK-MIC) than for the PMKID (PMK-PMKID).
How did you measure it?
My results:
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit08
hashcat (v5.1.0-855-g9ced13cc) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: test.hccapx
Time.Started.....: Fri Apr 5 15:48:34 2019 (2 secs)
Time.Estimated...: Fri Apr 5 15:48:36 2019 (0 secs)
Guess.Base.......: File (digit08)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 493.3 kH/s (5.52ms) @ Accel:256 Loops:64 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 840686/840686 (100.00%)
Rejected.........: 0/840686 (0.00%)
Restore.Point....: 420343/420343 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 18841836 -> 99989998
Hardware.Mon.#1..: Temp: 58c Fan: 34% Util: 92% Core:1835MHz Mem:5005MHz Bus:16
real 0m9,898s
user 0m7,541s
sys 0m0,933s
$ time hashcat -m 16800 test.16800 digit08
hashcat (v5.1.0-855-g9ced13cc) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PMKID-PBKDF2
Hash.Target......: test.16800
Time.Started.....: Fri Apr 5 15:48:58 2019 (1 sec)
Time.Estimated...: Fri Apr 5 15:48:59 2019 (0 secs)
Guess.Base.......: File (digit08)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 503.9 kH/s (5.52ms) @ Accel:256 Loops:64 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 840686/840686 (100.00%)
Rejected.........: 0/840686 (0.00%)
Restore.Point....: 420343/420343 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 18841836 -> 99989998
Hardware.Mon.#1..: Temp: 61c Fan: 38% Util: 82% Core:1873MHz Mem:5005MHz Bus:16
real 0m5,127s
user 0m2,792s
sys 0m0,821s
looking faster, for me!
I used this command for the PMKID attack: "./hashcat -a 3 -m 16800 pmkid_file.16800 ?s?d?d?d?d?d?l?u --force --kernel-accel=1 -w 4" I used the mask ?s?d?d?d?d?d?l?u because I knew that the password was "$10371aF", that will help to do the computation quickly.
For the 4-way handshake I used this command: ./hashcat -a 3 -m 2500 deauth.hccapx ?s?d?d?d?d?d?l?u --force --kernel-accel=1 -w 4.
For both of them I had 50 minutes as the "Time Estimated".
The difference between us is that I used a complexe password to be cracked.
How do you know, how complex my both PSKs are!
and you didn't answer my first question:
How did you measure it?
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...
real 0m12,719s
user 0m7,575s
sys 0m0,917s
$ time hashcat -m 16800 test.16800 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...
real 0m7,171s
user 0m2,856s
sys 0m0,934s
still looking faster for me!
In your first message there is a field called "Time estimated", so I used this field to determine how long it takes each one of them. I hope I answered to your question. However my question is why one is faster than another according your example.
1. Calculating of PMKID is faster
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
2. You run hashcat with default nonce-error-corrections on WPA-EAPOL-PBKDF2, so every md5 (WPA1) or sha (WPA2)
or aes (WPA2 key ver 3) calculation is performed 8 times for big endian and little endian anonces.
If you are sure your captured handshake is ok, run --nonce-error-corrections=0
that will make hashcat faster
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=128 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...
real 0m15,633s
user 0m7,852s
sys 0m1,074s
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...
real 0m11,981s
user 0m7,643s
sys 0m0,909s
use time to calculate the real time:
https://linuxize.com/post/linux-time-command/
and to retrieve real(!) values of execution time
The main time for computation is in the PBKDF2 (99.99999%, well not exactly but you get the point), not anything after that. Therefore anything after that PBKDF2 can be seen as almost not existent.
As Atom said, PBKDF2 will cost us much time!
Now we drop PBKDF2:
$ time hashcat -m 2501 test.hccapx --nonce-error-corrections=0 foundhashcat.pmk
hashcat (v5.1.0-855-g9ced13cc) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PMK
Hash.Target......: test.hccapx
Time.Started.....: Fri Apr 5 17:02:31 2019 (0 secs)
Time.Estimated...: Fri Apr 5 17:02:31 2019 (0 secs)
Guess.Base.......: File (foundhashcat.pmk)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 32466.6 kH/s (0.00ms) @ Accel:1024 Loops:1024 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 693154/693154 (100.00%)
Rejected.........: 0/693154 (0.00%)
Restore.Point....: 346577/346577 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
real 0m9,455s
user 0m6,805s
sys 0m0,733s
$ time hashcat -m 16801 test.16800 foundhashcat.pmk
hashcat (v5.1.0-855-g9ced13cc) starting...
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PMKID-PMK
Hash.Target......: test.16800
Time.Started.....: Fri Apr 5 17:03:47 2019 (0 secs)
Time.Estimated...: Fri Apr 5 17:03:47 2019 (0 secs)
Guess.Base.......: File (foundhashcat.pmk)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 66574.7 kH/s (0.00ms) @ Accel:1024 Loops:512 Thr:32 Vec:1
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 693154/693154 (100.00%)
Rejected.........: 0/693154 (0.00%)
Restore.Point....: 346577/346577 (100.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:0-1
real 0m4,794s
user 0m2,166s
sys 0m0,707s
(04-05-2019, 04:53 PM)atom Wrote: [ -> ]The main time for computation is in the PBKDF2 (99.99999%, well not exactly but you get the point), not anything after that. Therefore anything after that PBKDF2 can be seen as almost not existent.
So if I get your point, the two attacks take the same time because both of them use PBKDF2 in the beginning and the other functions (SHA-1 and PRF512) are faster calculating the hashes. So the only time to consider is the PBKDF2 function.
retrieve real values of execution time
$ time hashcat -m 2500 test.hccapx --nonce-error-corrections=0 digit20
hashcat (v5.1.0-855-g9ced13cc) starting...
real 0m10,981s
user 0m8,643s
sys 0m0,921s
use time to calculate the real time using time command:
time command