Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/ryanc/statuses/111709978661244924">Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Sunday, 07-Jan-2024 01:36:42 JST</a><a href="https://infosec.exchange/@ryanc" title="ryanc@infosec.exchange"><img src="https://gnusocial.jp/avatar/174285-48-20231204225121.webp" width="48" height="48" alt="Ryan Castellucci :nonbinary_flag:" style="position: absolute; left: 0; top: 0;">Ryan Castellucci :nonbinary_flag:</a><div><a href="https://gnusocial.jp/notice/5050134" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://s.thenautilus.net/@dakkar" rel="nofollow noreferrer">@dakkar</a> I'm working on a WPA3 SAE-PK credential generator.</p><p>It hashes ssid||arbitrary 16 byte value||compressed key in asn.1 der spki format. The standard uses. With the P-256 curve (the only one required by the spec, this uses SHA-256, which has a 64 byte block size.</p><p>You need to get either 24 or 40 leading zero bits depending on the the configured security level.</p><p>The public key representation has a 26 byte fixed prefix, so a 22 byte ssid will push the actual key part of the key entirely into the second block, and you can then compute the first block, clone it, and try again with a different public key.</p><p>For slightly shorter SSIDs you could still do this so long as you had enough bytes of shared prefix. The first byte of the public key is either 02 or 03, so that's trivial, and you can get perhaps two bytes after that matched up with reasonable effort, reducing the ssid length minimum to 19 bytes.</p><p>failing that, you can precompute the message schedule for the fixed second block and still get a decent speed up.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2550629#notice-5050248">In conversation</a><time datetime="2024-01-07T01:36:42+09:00" title="Sunday, 07-Jan-2024 01:36:42 JST">Sunday, 07-Jan-2024 01:36:42 JST</time> <span>from <span><a href="https://infosec.exchange/@ryanc/111709978661244924" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@ryanc/111709978661244924">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://generator.it/">https://generator.it/</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Sunday, 07-Jan-2024 01:36:42 JSTRyan Castellucci :nonbinary_flag:
in reply to
- dakkar
@dakkar I'm working on a WPA3 SAE-PK credential generator.
It hashes ssid||arbitrary 16 byte value||compressed key in asn.1 der spki format. The standard uses. With the P-256 curve (the only one required by the spec, this uses SHA-256, which has a 64 byte block size.
You need to get either 24 or 40 leading zero bits depending on the the configured security level.
The public key representation has a 26 byte fixed prefix, so a 22 byte ssid will push the actual key part of the key entirely into the second block, and you can then compute the first block, clone it, and try again with a different public key.
For slightly shorter SSIDs you could still do this so long as you had enough bytes of shared prefix. The first byte of the public key is either 02 or 03, so that's trivial, and you can get perhaps two bytes after that matched up with reasonable effort, reducing the ssid length minimum to 19 bytes.
failing that, you can precompute the message schedule for the fixed second block and still get a decent speed up.
In conversationSunday, 07-Jan-2024 01:36:42 JST from infosec.exchangepermalink
Attachments
1. No result found on File_thumbnail lookup.
  https://generator.it/

Public

Embed Notice

HTML Code

Corresponding Notice