Hello community !
I am trying to compare these two attacks and I am analysing which packets are intercepted by the Wireshark tool and how these packets are created.
For the 4-Way handshake I understand this:
First there is a value called PMK. (PMK=PBKDF2(PASSPHRASE, SSID, 4096,32)).
PTK is derived from PMK as follows:
PTK=PRF512(PMK,"Pairwise key expansion",min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)
The PTK will generate an intercepted value by Wireshark called MIC (MIC=HMAC(PTK[0:16],data)). This packet will be used by Hashcat to crack the password.
For the PMKID I understand this:
First there is a value called PMK (calculated the same way that in the previous attack)
This packet will generate the PMKID (PMKID=HMAC-SHA1(PMK,"PMK Name", MAC_AP,MAC_STA)).
I did both of them using Hashcat and the computation time to crack the password was the same for both. What I don't understand is how is it possible to have the same computation time, if cracking the 4-way handshake performs more hash calculations (PMK-PTK-MIC) than for the PMKID (PMK-PMKID).
I am trying to compare these two attacks and I am analysing which packets are intercepted by the Wireshark tool and how these packets are created.
For the 4-Way handshake I understand this:
First there is a value called PMK. (PMK=PBKDF2(PASSPHRASE, SSID, 4096,32)).
PTK is derived from PMK as follows:
PTK=PRF512(PMK,"Pairwise key expansion",min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)
The PTK will generate an intercepted value by Wireshark called MIC (MIC=HMAC(PTK[0:16],data)). This packet will be used by Hashcat to crack the password.
For the PMKID I understand this:
First there is a value called PMK (calculated the same way that in the previous attack)
This packet will generate the PMKID (PMKID=HMAC-SHA1(PMK,"PMK Name", MAC_AP,MAC_STA)).
I did both of them using Hashcat and the computation time to crack the password was the same for both. What I don't understand is how is it possible to have the same computation time, if cracking the 4-way handshake performs more hash calculations (PMK-PTK-MIC) than for the PMKID (PMK-PMKID).