Why can't we perform a replay attack on wifi networks?



  • I was wondering that, when a hacker is trying to hack a Wi-Fi network, they would try to capture a handshake and then try to decrypt it, whereas when you want to log in to your Wi-Fi access point, you would type in your password, the password would be encrypted, and then sent to the router which would decrypt it using a key.

    So why can't a hacker just intercept the encrypted password (the handshake) and the just resend it to the router without having to decrypt it like a replay attack?



  • Because the protocol is built to protect against that.

    whereas when you wanna login to your wifi you would type in your password and the password would be encrypted then sent to the router which would decrypt it using a key

    This is not how it works, on many levels. The password is never sent over the air, and it's a more complicated protocol, with multiple back and forth-messages - commonly referred to as a four way handshake.

    It uses a nonce to ensure that the packets are not equal. The nonce is basically a random number added by either party to explicitly avoid replay attacks, by forcing the content to differ. The access point gives the client a nonce, and the client uses that nonce in further calculations. An attacker replaying the data would be betrayed by the fact that the AP can tell that it's not using the nonce supplied by the AP to the attacker.

    Four way handshake process

    Furthermore, if we have a look at the four way handshake, we see that neither party sends the actual secret over the air. They just prove that they know it for each other, so there's a mutual authentication.


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2