Description: Welcome to Part 21 of the WLAN Security Megaprimer! Please start this series by watching Part 1 http://www.securitytube.net/video/1756, if you have not done so already.
In this video, we will look at WPA-PSK and begin understanding its inner workings. This a pretty advanced topic, so please pay attention :) The video is also quite long at 35 minutes.
We begin by understanding how the Pre-Shared Key is derived from the Passphrase using the Password based Key Derivation Function (PBKDF). Then we move on to the WPA 4 Way Handshake and analyze each packet in detail.
The 4 Way Handshake is used to create the Pairwise Transient Key (PTK) using the Pairwise Master Key (PMK) (which is actually the Pre-Shared Key in this case), the Authenticator Nonce, the Supplicant Nonce, AP MAC address and the Client MAC address. We will look at each packet in Wireshark and match it with the 802.11i standard specifications :)
I also misspelled Nonce as Nounce on all slides :) So a few giggles there as well to cool off this difficult topic.
Hope you enjoy this video!
Tags: wpa-psk , wireless , wifi , security , megaprimer , pbkdf , ptk , pmk , anonce , snonce ,
Thanks Vivek !! 33 min video of excellence, can't wait to watch it.
Thank you Vivek been wating long time for this :)
I was there till the end :D
Great video Vivek... like every other video :)
Thanks Vivek!
Again great job!
Thank you Vivek - it was well-worth waiting for this! I guess that many of us will have to watch it a few times and take notes. I plan to do some background reading and look forward to the next logical step in the WPA/PSK story.
dude, Vivek thank you for all the awesome videos. they are very helpfull in my pentesting my networks. every video you make is full of information. you are a big asset to this site. thank you again for everything you've done to improve skills of noobs as well as security administrators. you are da man !
Thank you Vivek for this great explanation. Although I am new to wireless security and all of these stuff, it sheds a light to my limited knowledge. I am running wireshark and trying to understand what is going on behind the scenes.
In the meantime, did I miss part 21 or you forgot to upload it ? :-)
Thanks
Orhan
@albay I think there might be a video missing because Vivek say "We started WPA a while back and we are now onto WPA PSK" at the beginning of the video. I may be wrong but one of Viveks comments on a previous video says he has been having broadband trouble this may the cause of the missing video. If not sorry vivek i dont mean no offense by picking on you ;-) Keep up the good work you are teaching everyone on here new things and we respect that.
--Chard
Great work Vivek
@Vivek Also I was there until the end of the video
I think Vivek points to Part 20 when he says, that "we started WPA a while back..." and "Part 21" was the Wi-Fi challenge.
@Vivek: as always... nice job!
Long? Long? I just got through watching 16 hours of video and answering 1500 practice exam questions (and I still need to re-read the study guide and run through another 500 questions).
I think we can handle 30 minutes to understand a difficult subject. :-))
I never get tired of your videos. This is what I'm doing to take a break!
Awsome...Thanks Vivek. Looking forward to Part 22.
Opps...I meant Part 23!
I was here till the end, excellent video Vivek! I didn't grasp it all so I will be rematching it another day until I do.
Thanks Vivek
watched this one
i usually watch the videos several times pausing and taking notes on subsequent passes. You have greatly de-mystified WiFi. I also have experienced some trouble capturing EPOL , good tip on airodump-ng.
Ralph
Brilliant and clear as always Vivek my friend, but boy do you look knackered! You need a holiday!
Regarding the EAPOL, I thought I was doing something wrong - glad it's not just me. Mind you, I never spotted missing chunks of the handshake which may explain why a known psk was not cracked with a simple dictionary attack despite airodump-ng reporting it had captured the handshake. At least I know to watch for this now.
Thanks again Vivek, brilliant teaching as ever.
I retract my previous statement i must have overlooked Video 20. I do apologise
--Chard
@m0ei, i7-Cud4, 3IL060, MamboYoyo, Ignatius, Allisonmagicelite, spawn_darkness2003@yahoo.com, srhz, Casey, no_covers Thanks a ton guys! Appreciate all your kind words :) Keeps me going.
@Blackmarketeer Yup last couple of days have been rough :) but i need to do what I need to do :)
Yes, getting all the EAPOL is a pain. It's just 4 packets, so vey easy to miss them. Also, maybe as we use a VM it might accentuate this problem.
@Patrick, Chard, Albay My mistake! :) I have corrected it and this is video 21 now :)
@WCNA All the best for your exam! :) Looks like you've become a full-time student now :)
And now for your viewing pleasure: Part 22 is up :
http://www.securitytube.net/video/1908
great stuff... keep it up... ty
Simply a word: WOW! :-)
Thanks and keep going!
Great job Vivek... I'm from Venezuela, I'm not speak perfect English but the explanation was excellent .. in this and all the videos .. grateful for the effort and time spent.. keep going please
was there til the end. yes... a great explanation.
When i saw the videos is 32 min long plus it was about wpa-psk....i slept two hours before watching it and of course with the presence of the COFFEE GALLON....but i watched it till the end
Great work Vivek it was easier than what i expected....surely because of your effort.
yay! I was here till the end of the video :D
Great video!
I did some testing and could not repeat the EAPOL problem in wireshark at first.
Later on I did find some missing ARP packets in a different experiment and I think I found the issue. airodump-ng is running in the background scanning ALL channels.
I locked airodump-ng with the --channel option to the channel my AP was on and I was able to capture all the packets.
I must have missed running airodump-ng with the first demonstration. When I started airodump-ng without --channel and tried for the EAPOL I had the same issue with missing packets as everyone else.
Since my old wireless card doesn't work in a vm, I DID use backtrack 4r2 off of a live USB, and that may have helped.
Anyone else confirm this at all?
Once again, the Vivek mega primers are the standard by which all other tutorials are measured. I especially like how you keep the real world "bugs" in the vid. The "Live" demo is very helpful.
where's the donate button?
I was here till the end of the cideo. i also did a lot of screenshots for my personnal documentation.
Thanks
Of course I'm going to stay until the end of the video! :)
Great work Vivek!
Excellent work, Vivek! I usually don't become a member of a site but finally after video 21 I convinced myself that this is one that I NEED to be a part of. Thank you for these videos and just to let you know, I easily made it all the way through this video. As WCNA stated, a half an hour is a drop in the bucket compared to sitting in boring lecture halls! You are much more informative and get us engaged better than any professor I've ever had!
Thanks Vivek, I was here till the end! gonna buy your book for sure.
Thank you very much.
Its very helpful for beginners to know four way hand shake and good to hear the practical demonstration.
I WAS with you till the end!
I was watching till the end. Thank you! Great stuff. I am utterly confused by Wireshark failure.
Till the end !
Great Job!!
thank you so much
thank you vivek.. i stick to it till the end. just continue what your doing and i will follow. haha!
I've watched 2 times :D Don't worry, we are here to learn, and because we like this
Stayed till the end...but kept on replaying the video again and again to try to understand. Thanks so much..!
I read somewhere that if we lessen the data rate (speed ) of the transmission, wireshark may capture more accurately..:-D. not sure whether that is true...
you are awesome thank you