Hands-on: hacking WiFi Protected Setup with Reaver

Cristian Ionescu-Idbohrn cristian.ionescu-idbohrn
Sun Jan 8 13:10:53 PST 2012

On Sat, 7 Jan 2012, Jouni Malinen wrote:
> On Fri, Jan 06, 2012 at 01:21:15AM +0100, Cristian Ionescu-Idbohrn wrote:
> > Would be really interesting to read some qualified comments to this
> > article:
> >
> > http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.ars
> Any particular detail you would be interested in?


> The possibility of
> brute force attack against a static AP PIN was already described in the
> WPS 1.0h specification with a mechanism for mitigating the attack.
> Unfortunately, some WPS implementations do not follow that guidance.
> As far as hostapd is concerned, commit
> 3b2cf800afaaf4eec53a237541ec08bebc4c1a0c from early 2009 added lock-down
> mechanism to limit brute force attacks on AP PIN. To avoid the issue
> completely, static AP PIN should not be enabled by default as described
> in hostapd.conf:
> # Static access point PIN for initial configuration and adding Registrars
> # If not set, hostapd will not allow external WPS Registrars to control the
> # access point. The AP PIN can also be set at runtime with hostapd_cli
> # wps_ap_pin command. Use of temporary (enabled by user action) and random
> # AP PIN is much more secure than configuring a static AP PIN here. As such,
> # use of the ap_pin parameter is not recommended if the AP device has means for
> # displaying a random PIN.
> #ap_pin=12345670
> README-WPS has more details on how to use the wps_ap_pin command.

is really informative.  Thanks.



More information about the Hostap mailing list