The Components of WPA-PSK
On the surface, WPA-PSK (the consumer version) looks and works much like WEP. The user sets up the access point by selecting WPA-PSK and enters a password or passphrase. He then does the same on the wireless device, resets the connection, and soon is securely surfing the Internet. And this is how it should be: simple, quick, and intuitive.
Ironically, WPA is anything but simple when you look at how it works behind the scenes. Not only does WPA-PSK include all the components and complexities of WEP (such as the KSA, PRGA, XOR, and ICV), but it adds other algorithms and technologies such as MD5, SHA-1, HMAC, PMK, PTK, and more. For more information about how WEP works, and doesn't work, review my article "Cracking WEP." The following sections focus only on the new components, which we'll examine closely to understand how they work. While this information may seem irrelevant, you have to understand the core technologies before you look at the cracking process.
Message Digest (MD5)
The Message Digest function is a widely used hashing algorithm that creates a unique digital signature based on the data input. The typical process is to pass a large file into the MD5 algorithm, which then creates a 128-bit "fingerprint." According to the specifications, no two MD5 hashes should be the same, and no MD5 value can be used to re-create the original data.
MD5 is fast and efficient and generally considered to be fairly secure. While collision flaws have recently been found within MD5 that affect its use as a reliable integrity tool in the future, MD5 is currently used to sign many types of files. For example, P2P programs, torrent files, JAR (Java) packages, and more are all validated via the MD5 algorithm.
Secure Hash Algorithm 1 (SHA-1)
The Secure Hash Algorithm 1 (SHA-1) is considered more secure than MD5. It works like MD5, but creates a unique 160-bit hash value based on the data input. The extra 32 bits indicate that SHA-1 is stronger than MD5; the assumption is that it takes more time to perform a brute-force attack on a longer hash value.
Hashing MAC (HMAC)
If you receive a message, how can you know for sure who it came from? The answer is found in a message authentication code (MAC), which generally combines a message and password via a block-cipher. The result is a small string that can be appended to the data to validate where it originated. Unfortunately, this process can require significant resources.
The Hashing MAC (HMAC) function borrows the speed and functionality of a hash algorithm and combines it with an authentication scheme. As a result, HMAC not only ensures data integrity, but provides a form of authentication. Let's take a closer look at the internals of the HMAC.
The following table describes the assumed and known values.
|
Value |
Description |
|
ipad |
0x36 repeated 64 times |
|
opad |
0x5C repeated 64 times |
|
K0 |
Pre-shared key buffered to 64-bytes with zeros |
|
T |
Text of message |
|
H |
Hash function (MD5 or SHA-1) |
Here's how it works:
- Buffer K to 64 bytes using zeros (K0)
- XOR 64-byte K0 with 64-bit ipad value > K0 XOR ipad = K0i
- Append text (T) to K0i > K0 XOR ipad, T = K0i.t
- Hash K0i.t via MD5 or SHA-1 > H(K0 XOR ipad, T) = H(K0i.t)
- XOR 64-byte K0 with 64-bit opad value > K0 XOR opad = K0o
- Append #5 results with #4 results > K0opad, H(K0ipad.t)
- Hash #6 results to create HMAC hash > H(K0opad, H(K0ipad.t))
Here's the complete algorithm:
H(K0 XOR opad, H(K0 XOR ipad, T)) > HMAC hash
This will produce either a 128-bit or 160-bit hash, depending on the hash function selected. The results can also be truncated to reduce the overhead. As you'll see shortly, the HMAC functions—and more importantly the MAC—play an important part in the WPA-PSK process.