NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - General Discussion - WPA3 Handshake attacks..


4 Results - Page 1 of 1 -
1
Author Message
Avatar
8198

Status: Banned
Joined: Thu, 01 Nov 2018
Posts: 291
Team:
Reputation: 113 Reputation
Offline
Wed, 15 May 2019 @ 08:39:31

WARNING! User is BANNED and maybe a SCAMMER.

For those that didn't read this, appeared around one month ago, a research paper on the subject matter at ..

https://wpa3.mathyvanhoef.com/

link to paper : https://papers.mathyvanhoef.com/dragonblood.pdf

and all the tools have github repos available..


Avatar
Chick3nman
Administrator
Status: Trusted
Joined: Wed, 28 Jan 2015
Posts: 576
Team:
Reputation: 602 Reputation
Offline
Wed, 15 May 2019 @ 10:06:50

This attack is pretty much worthless. It's entirely based around downgrading to WPA2 or installing software on the AP to cause the problems needed for the attack. If you are downgrading, its not a WPA3 handshake crack, its still juts wPA2. And if you are installing code on the AP, you can literally just read the password from the plaintext file its stored in, why would you need your code to cause an exploit...


My PGP key is available for security and identity verification here: https://keybase.io/chick3nman

Hardware: 1x D-WAVE 2000Q

BTC: 1Chick3nMTco6sBEByKuvmAzYTBsGN5KzD

Avatar
8198

Status: Banned
Joined: Thu, 01 Nov 2018
Posts: 291
Team:
Reputation: 113 Reputation
Offline
Wed, 15 May 2019 @ 11:25:08

WARNING! User is BANNED and maybe a SCAMMER.

Chick3nman said:

This attack is pretty much worthless. It's entirely based around downgrading to WPA2 or installing software on the AP to cause the problems needed for the attack. If you are downgrading, its not a WPA3 handshake crack, its still juts wPA2. And if you are installing code on the AP, you can literally just read the password from the plaintext file its stored in, why would you need your code to cause an exploit...

Yes and no. Forcing it to downgrade to WPA2 is a win. Regardless of it having the ability of WPA3. Akin to forcing clients on a local network to downgrade and use LM instead of NTLM for capturing hashes.

If it was worthless they wouldn't be applying patches retroactively after the protocol was finalised.

At the end of the day, its going to take a *Very* long time for WPA3 to become standard everywhere. We're talking 10-15 years min.


Avatar
Chick3nman
Administrator
Status: Trusted
Joined: Wed, 28 Jan 2015
Posts: 576
Team:
Reputation: 602 Reputation
Offline
Wed, 15 May 2019 @ 12:12:28

I don't consider a downgrade to be an attack on WPA3 though. It's a win in the sense that the AP can be attacked, but it's agnostic of the protocol.


My PGP key is available for security and identity verification here: https://keybase.io/chick3nman

Hardware: 1x D-WAVE 2000Q

BTC: 1Chick3nMTco6sBEByKuvmAzYTBsGN5KzD


4 Results - Page 1 of 1 -
1

We have a total of 192408 messages in 23908 topics.
We have a total of 21624 registered users.
Our newest registered member is artoks.