I heard recently that WPA2 passwords can be brute forced if somebody captures handshake (which is not very difficult). Can somebody tell if a similar method exists for cracking SSH traffic? I mean some method for brute forcing my password on a local PC without having to connect to the server all the time.
Asked
Active
Viewed 664 times
4
-
"brute forcing my password on a local PC" -- what do you mean? Do you mean capturing enough traffic from your PC to brute force the password? – schroeder Nov 05 '22 at 23:45
-
Exactly like you said. Capture enough traffic from my PC to run brute force algorithm on another PC offline, i.e. the evil machine does not need to check each password variant by connecting to a server, for which the password is being guessed. Or, in other words, doing it similar to how it is done with brute forcing WPA2 algorithm. – John Smith Nov 06 '22 at 00:06
-
I assume you're referring specifically to WPA2-PSK and SSHv2? – forest Nov 06 '22 at 00:35
-
I am not a specialist in this area, so I cannot tell, which version I mean) The question was raised because somebody told me that since WPA2 can be brute forced by listening WiFi traffic and capturing handshake message, SSH connection with password can be brute forced in a similar way and therefore I should use SSH with key authentication. But using an SSH key seems to me less secure since anybody, who gets my computer with the key, seems to be able to start brute forcing passphrase to this key... – John Smith Nov 06 '22 at 07:25
-
@JohnSmith You generally should be using an SSH key, but with a password. You can do that by either requiring that both a key _and_ a password are present to authenticate, or by encrypting the private key that you have on your computer (it will automatically prompt you for the password when you use it). The reason you should be using SSH public key authentication is not because SSH is anything like WPA2 though. It's only because it's easier to create a secure keypair than a secure text password. – forest Nov 10 '22 at 00:57
-
@forest This is where I get completely lost. If I use a key with a passphrase, isn't it easier to crack it, if my secret key file is stolen by somebody else? If a have N symbol password to for accessing my server with ssh, I am protected from brute forcing by the server, which allows to try new password once per second or so, then 7 symbols {0-9,a-z,A-Z} password seems OK. If I have the same N symbol password for ssh key and somebody gets it, it can be cracked offline with any speed depending on resources available to the attacker. Right? – John Smith Nov 10 '22 at 08:38
-
@forest And this is exactly why I asked my question. Situation of using N-symbol ssh password seems to be more secure than situation of using ssh-key (protected by the same N-symbol password), unless... unless there is a method of cracking password-protected ssh connection by some offline algorithm. – John Smith Nov 10 '22 at 08:45
-
@JohnSmith That's correct, although the risk of someone breaking your password is them authenticating to the SSH server, not retroactive decryption of previously-captured encrypted traffic (which _is_ a problem with WPA2). The solution is to use both password authentication _and_ public key authentication. You can configure your SSH server to require both. – forest Nov 11 '22 at 00:45
1 Answers
7
WPA2's design makes the serious mistake of using the same human-derived secret for confidentiality and authentication. If you capture the 4-way handshake and successfully brute force it offline, you can derive the key that is used to encrypt the data. SSH, on the other hand, uses public key cryptography. The SSH password, if one is even used, only performs authentication. The actual encryption key is generated randomly and is much too strong to brute force. The key agreement algorithm (ECDHE in most cases) is likewise too strong to attack. You could try to, but it would hold until the sun goes out.
Even if you could guess the authentication password (which would have to be brute forced online, which is noisy and slow), you would not be able to retroactively decrypt any captured session data.
How WPA2 exchanges keys
WPA2 exchanges encryption keys using the 4-way handshake, or 4WH. This handshake itself is encrypted by a key that is derived from the WPA2 password by passing it through an algorithm called PBKDF2. The encrypted 4WH allows both parties to hold all the necessary secrets required to establish a secure connection. An attacker can attempt to guess the password by rapidly feeding many possible passwords into PBKDF2 and using the output to attempt to decrypt the 4WH. If the decryption succeeds, the password has been found. The 4WH is decrypted and the encrypted session data can be retroactively decrypted using the derived secrets.
Note that this only applies to WPA2 Personal, not WPA2 Enterprise which is more secure.
How SSH exchanges keys
SSH works differently. Rather than using the user-supplied password to encrypt data, the password is used exclusively to authenticate the client to the server. Even before the client is authenticated, a key agreement takes place. This involves the client and the server both generating a public and private key and sending each other their public key. The client and server then perform calculations on the other's public key and their own private key. The mathematics of the algorithm, typically a variant of the Diffie-Hellman algorithm, works such that both calculations produce the same secret value. The encryption keys are then derived from this shared secret. Even if you capture both the client and server's public keys, you won't be able to figure out the shared secret.
forest
- 65,613
- 20
- 208
- 262