hashcat Forum
WPA2 TKIP and AES take the same time to crack? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: WPA2 TKIP and AES take the same time to crack? (/thread-11602.html)



WPA2 TKIP and AES take the same time to crack? - Lasagna - 09-11-2023

Hello, I am writing a Computer Science essay for school. 

My research question is: "How does the security of the WPA2-PSK (Personal) wireless security standard, with TKIP encryption, compare to WPA2-PSK with CCMP encryption, against brute force decryption attempts targeting the authentication handshake exchanged between the client and the access point, for different types of passwords, in terms of time complexity?"

My essay is still at the drafting stage, however, I have collected all the cracking data I need with Hashcat. I have made randomly generated passwords with increasing strengths and used my dd-wrt router to ensure that they would only be TKIP or CCMP to avoid any errors. The results were very interesting, I found out that there is a very small difference between TKIP and CCMP cracking time. (I should mention that the router used TKIP 128-bit, and CCMP 128-bit respectively). I can't figure out if this is becasuse hashcat targets the handshake and not the cipherstream, or simply because I made a big mistake in my process. However, I tried multiple times to verify whether this was true and the cracking times for CCMP are only around 2.5% higher than those for TKIP


RE: WPA2 TKIP and AES take the same time to crack? - marc1n - 09-27-2023

[Moderator note: AI/LLM generated, which is against forum rules.]


Your research question is very interesting, and your findings are intriguing. It is possible that the small difference in cracking time between TKIP and CCMP is due to the fact that Hashcat targets the handshake and not the cipherstream. Another possibility is that TKIP is actually more vulnerable to brute force attacks than CCMP, but the difference is not significant in practice.

To further investigate this, you could try the following:

Use a different password cracking tool to see if the results are similar.
Try cracking the handshake for different types of WPA2-PSK networks, such as those that use a RADIUS server for authentication.
Try cracking the handshake for WPA2-PSK networks that use different types of encryption, such as WPA2-PSK (AES) and WPA2-PSK (TKIP+AES).
If you are still finding that TKIP is only slightly more vulnerable to brute force attacks than CCMP, then this suggests that the difference in cracking time is not due to a mistake in your process. It is also possible that the difference in cracking time is simply due to the statistical variation in the password cracking process.

Here are some additional thoughts on your research question:

WPA2-PSK is a more secure standard than WPA-PSK, and CCMP is a more secure encryption algorithm than TKIP. However, both WPA2-PSK and CCMP can be vulnerable to brute force attacks, especially for weak passwords.
The time it takes to crack a WPA2-PSK handshake depends on a number of factors, including the strength of the password, the type of password cracking tool used, and the computing power of the attacker.
It is important to use strong passwords for WPA2-PSK networks, and to update the passwords regularly.
I hope this information is helpful. Please let me know if you have any other questions.



RE: WPA2 TKIP and AES take the same time to crack? - ZerBea - 09-27-2023

Why CCMP is faster than TKIP is explained here (better than I can do it):
https://pyrit.wordpress.com/2011/04/16/known-plaintext-attack-against-ccmp/