11-09-2018, 12:27 PM
(11-08-2018, 06:22 PM)ZerBea Wrote: No, the PMKID is not encrypted garbage and can be usefull (in some cases).
Running WPA2, the PMKID is calculated by this function:
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
The PMK is calculated:
PBKDF2(HMAC−SHA1, passphrase, ssid, 4096, 256)
Running SAE MESH, the PMKID is calculated by this function:
PMKID = L((commit-scalar + peer-commit-scalar) modulo r, 0, 128)
The PMK is calculated:
PMK = KDF-512(keyseed, "SAE KCK and PMK", *(commit-scalar + peer-commit-scalar) modulo r)
Both of them (PMKID and PMK) are secured by KCK algorithm.
...will say, that there is a relationship between PMKID and PMK, regardless of PBKDF2, EAP, SAE and the PMKID is not garbage.
And you're absolutely right:
We must beat the EAP negotiation and/or we must beat the SAE authentication (which is really hard core).
Gotcha! We cannot compute the PMK because the HMAC-SHA1 is computed on the EAPOL header?
