0

Windows 10 has its own way of encrypting hashes, but these can be brute-forced by hashcat. One of our students created 2 of his own password encryption algorithms in python (One for encode, one for decode). Is there a way we can implement his algorithms on our Windows 10 PC and Router such that the algorithm encodes the wifi password, creates a hash, and then sends it to the pc, which reads the hash and then uses the decode algorithm to get the correct password.

Edit: I read the possible duplicate, but what I'm trying to do here is implement this method of encryption along with standard hash encryption. This algorithm is for string encryption, which would encrypt the password before it becomes a hash. I agree that standard tried and true hash encryption is the safest hash encryption. How do I encrypt the string before it becomes a hash?

  • 1
    Possible duplicate of [Is my developer's home-brew password security right or wrong, and why?](https://security.stackexchange.com/questions/25585/is-my-developers-home-brew-password-security-right-or-wrong-and-why) –  May 28 '19 at 12:19
  • I'd imagine you'd need to modify the firmware on your router, but there could be hobbyist routers out there that support modifying their network stack. – IllusiveBrian May 28 '19 at 12:29
  • Regarding your edit: Why do you want this? What do you believe is the gain from this? –  May 28 '19 at 12:36
  • @MechMK1 I must confess, it is supposed to be for educational reasons rather than full practicality. – Nikhil Bansal May 28 '19 at 12:43
  • If it is for educational purposes (which is perfectly fine), then what exactly are you trying to teach? How to patch Windows to accept custom crypto? Or that doing something to the password before it is being used by Windows would increase security? –  May 28 '19 at 12:51
  • To echo @IllusiveBrian , you would for sure need to modify your router firmware, plus either binary patch windows (or supply custom hardware firmware to your wireless card), and even then it might not work. Why? Because the current primary standard for WiFi authentication - WPA2 - mandates the use of AES. AES is such a well known standard, that many chips [have special instructions for performing it](https://en.wikipedia.org/wiki/AES_instruction_set), which will up the difficulty for replacement. – Clockwork-Muse May 28 '19 at 21:18
  • @Clockwork-Muse Maybe there's a Pi-like microcomputer out there that he could buy two copies of and set up to talk to each other with a custom wireless algorithm (although you'd need to be careful about choosing wireless band and signal strength). – IllusiveBrian May 28 '19 at 22:59
  • Although I kind of question what pedagogical value there is in trying to modify the network stack, since it sounds like the point of this is to try communicating with the student's algorithm. Why not just create a client program and a server program and run them on the same machine? You could even give them separate network ports to listen to and have one connect to the other over IP. – IllusiveBrian May 28 '19 at 23:08
  • @IllusiveBrian - I would not be at all surprised if the wireless stack, on pretty much any chip, has its own implementation of AES. Specifically because of the hard requirement for WPA2 – Clockwork-Muse May 29 '19 at 18:40

1 Answers1

1

Don't create your own custom algorithms. This is a trap that novices fall for again and again and again.

If you do, you will fail, because you are not an expert. Good algorithms are designed by people who spent decades on this very material, and the results again are checked by hundreds of cryptoanalysts, trying to find any imaginable flaw.

Your student, without trying to be personal, does not have this expertise. They are likely not even close. As a result, using your own "custom algorithm" will lead you to getting your connection cracked and highjacked, if anyone would seriously try.

How can we make our Wi-Fi secure?

Use a long passphrase! If brute force is your only worry, then use a long password that make brute force infeasible.

Use a password like .;{mr%chKzc<Z44aZ&+NV&uW!PuA5!CkJLA8*=c546/7'>,;{3@2w4x]9N}f?Da and you will be 100% safe.

  • Thanks for the response. I 100% agree that custom homebrew hash encryption is bad and unsafe. Our Student's encryption is a method of simple string encryption, which would encrypt the password before it becomes a hash using standard hash encryption. How do I use this string encryption first? – Nikhil Bansal May 28 '19 at 12:36
  • By encrypting the password first, the users will feel safe and tempted to use weaker passwords. Then the encryption key will leak (that's almost a certitude), and it will be a trivial matter to hack into your WiFi network. – A. Hersean Jun 27 '19 at 13:15
  • @A.Hersean Users will generally use weak passwords. The average user simply doesn't care. –  Jun 27 '19 at 14:05
  • @MechMK1 That's why password encryption (or hashing) is not the solution to the problem. A solution is to filter passwords that are too short or in a dictionary and to use a PBKDF like Argon2. – A. Hersean Jun 27 '19 at 14:19
  • @A.Hersean Yes, that's good advice, but not the topic of the question. I agree with your recommendation of using a strong PBKDF, but OP specifically asked about implementing their own, custom security scheme and the security benefits of doing so. –  Jun 27 '19 at 14:22
  • @MechMK1 I just answered to the comment in which the OP insisted on encrypting the password. I answered to clarify that this is not a good way to solve the issue, even if the encryption algorithm was sound. – A. Hersean Jun 27 '19 at 15:03