Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: WPA3 Dragonblood Vulnerabilities Disclosure
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Interesting information and paper

https://wpa3.mathyvanhoef.com/

Hope this is safe from Milzo here
Yes, very good and interesting analysis of some WPA3 flaws. Unfortunately the side channel attack requires at least unprivileged access to the victim (dragonblood.pdf: 7.2 Attack Scenario). In other words: The attacker must install code on the target device.

Additionally, most of the flaws are already patched:
SAE side-channel attacks
https://w1.fi/security/2019-1/

EAP-pwd side-channel attack
https://w1.fi/security/2019-2/

SAE confirm missing state validation
https://w1.fi/security/2019-3/

EAP-pwd missing commit validation
https://w1.fi/security/2019-4/
(04-17-2019, 08:53 PM)ZerBea Wrote: [ -> ]Additionally, most of the flaws are already patched:

Yes, Jouni Malinen has access to WPA3 specifications through
representing Qualcomm at the Wi-Fi Alliance and this ensures
his wpa_supplicant/hostapd has the most up to date and
patched implementation for WPA3. So whilst everyone else
outside the closed doors of the Wi-Fi Alliance is waiting
to see a copy of the WPA3 spec, this codebase is the best
reference publically available.
Yes, wpa_supplicant and hostapd are amazing open source tools. I really love them both and they are an integral part of my test environment to improve hcxdumptool.
Hi,
How does hcxdumptool work with WPA3?
Do you reuse tools from Dragloblood?
Handshakes and PMKID extraction is no longer possible?
How does hcxdumptool work with WPA3?
It only detect the AUTHENTICATION.

Do you reuse tools from Dragloblood?
No, this tools are useless, because they require at least unprivileged access to the victim.

Handshakes and PMKID extraction is no longer possible?
It is possible, but I deactivated it (KDV 0 - Authentication Key Management defined) in hcxdumptool and hcxpcapngtool, because hashcat has no hash mode to recover the pre-shared key.

WPA3 PMK calculation - totally different to WPA1/WPA2:
KCK || PMK = KDF-512(keyseed, "SAE KCK and PMK", (commit-scalar + peer-commit-scalar) modulo r)

WPA3 PMKID calculation - totally different to WPA2:
PMKID = L((commit-scalar + peer-commit-scalar) modulo r, 0, 128)