You should be considering that someone with remote root access already has access to the network (either because the connection comes out of that network or because the device in their control is already connected to the network).Īs it is generally preferred for several reasons to pivot through an already compromised host rather than connecting the attacker machine to the network itself, there is not much gain for the attacker in compromising the WPA password from the configuration - and if there was, md4 would not - as addressed earlier - hinder an attacker sufficiently.
#Wpa2 hash rate r9295x2 full#
you could use full disk encryption to keep the password safe,.Now, both of these threats can be expected to have access to reasonably recent hardware that can brute force through md4 as if it was plain text. Someone getting remote access and privilege escalation to root to be able to read the password.Someone getting physical access to the device and extracting the password from the file system.The threat you are trying to defeat with hashing the password is either:
There is no sense in hashing the password when using md4 as a hashing algorithm. Is there a way to hash passwords in the wpa_nf file that are longer than 14 characters? I've tried hashing only the first 14 characters of the password, or an empty string, but neither of those work.
If your password is in a common wordlist like rockyou.txt, it will be broken quickly and easily. My laptop can try 9 million passwords against a WPA2 hash in 12minutes, my desktop GPU can do it in 1 minute. My school's network is WPA-EAP, which requires a separate username and password, and is why I've been using NTLM password hashing instead. 4 WPA2 handshake capture + GPU wordlist bruteforce. Wpa_passphrase won't work because it generates a PSK for a WPA-PSK network. That's great for security, but it causes problems with the MD4 hash algorithm. It's always worked, except for someone who has a password longer than 14 characters. I wrote a Bash script that adds the config and hashes the password, which a lot of students have used to connect their Pis to the network. I don't want my Wi-Fi password stored in plain text, so I use echo -n $password | iconv -t utf16le | openssl md4 to hash it, and then store the MD4 hash instead of the plain text password in the file. My college has a WPA2 Enterprise network, which I can connect to on my Pi after configuring the network in wpa_nf.