Closed GoogleCodeExporter closed 9 years ago
Like i know there is no hash ... the AP sends two informations of the pins. It
awners, sends if the first four pins are correct, and if the next four pins are
correct of the 8 pins.
Original comment by patricks...@gmail.com
on 5 Jan 2012 at 10:58
Example you send 12345678. The AcessPoint will awnser if 1234 are correct or
not and in another instance if the 5678 are correct. So you have 10'000
combinations of the first four, and 1'000 combinations of the next 3 because
the last one is the checksum of it.
Original comment by patricks...@gmail.com
on 5 Jan 2012 at 11:14
There is an HMAC that is exchanged (the pin is never sent plain text). But even
if you could break the hash, how are you going to get the hash in the first
place? You would have to capture the wireless traffic when the registrar first
authenticates to the AP. This only happens once, and this feature seems rarely
used, so it is very unlikely that you'd ever see this traffic (it's not like
with WPA where you can just kick them off and wait for them to do a new
handshake).
Original comment by cheff...@tacnetsol.com
on 6 Jan 2012 at 12:11
I understand... But there might be a solution:
Even after one authenticates with the right password, if you are too far from
AP and it doesn't achieve to connect, sometimes it ask's you for the password
again.
So if you could block most traffic between a client and the AP, maybe it would
ask the pass/pin to the client like the example above.
Original comment by andremeg...@hotmail.com
on 6 Jan 2012 at 1:21
Original issue reported on code.google.com by
andremeg...@hotmail.com
on 5 Jan 2012 at 10:54