Wani mai bincike kan harkokin tsaro na Isra'ila Ido Hoorvitch (Tel Aviv) ya wallafa sakamakon gwajin da aka yi na nazarin ƙarfin kalmomin sirri da ake amfani da su don tsara hanyoyin shiga hanyoyin sadarwa mara waya. A cikin binciken firam ɗin da aka katse tare da masu gano PMKID, yana yiwuwa a yi hasashen kalmomin shiga don samun damar zuwa 3663 daga cikin 5000 (73%) da suka yi nazarin cibiyoyin sadarwa mara waya a Tel Aviv. Sakamakon haka, an tabbatar da cewa mafi yawan masu hanyar sadarwar mara waya suna saita kalmomin sirri marasa ƙarfi waɗanda ke da saukin kamuwa da zato, kuma ana iya kai hari kan hanyoyin sadarwar su ta hanyar amfani da daidaitattun hashcat, hcxtools da hcxdumptool utilities.
Ido ya yi amfani da kwamfutar tafi-da-gidanka da ke aiki da Ubuntu Linux don katse fakitin cibiyar sadarwar mara waya, ya sanya shi a cikin jakar baya kuma ya zagaya cikin gari har sai da ya sami damar shiga tsakani tare da PMKID (Pairwise Master Key Identifier) masu gano hanyoyin sadarwar mara waya daban-daban dubu biyar. Bayan haka, ya yi amfani da kwamfuta mai 8 GPU NVIDIA QUADRO RTX 8000 48GB don tantance kalmomin shiga ta amfani da hashes da aka ciro daga mai gano PMKID. Ayyukan zaɓin akan wannan uwar garken sun kusan hashes miliyan 7 a sakan daya. Don kwatantawa, akan kwamfutar tafi-da-gidanka na yau da kullun, aikin ya kai kusan hashes dubu 200 a cikin daƙiƙa guda, wanda ya isa a tantance kalmar sirri mai lamba 10 a cikin kusan mintuna 9.
Don hanzarta zaɓin, binciken ya iyakance ga jeri ciki har da ƙananan haruffa 8 kawai, da lambobi 8, 9 ko 10. Wannan ƙayyadaddun ya isa don tantance kalmomin shiga don 3663 daga cikin cibiyoyin sadarwa 5000. Shahararrun kalmomin shiga sune lambobi 10, waɗanda aka yi amfani da su akan cibiyoyin sadarwa guda 2349. An yi amfani da kalmomin shiga na lambobi 8 a cikin cibiyoyin sadarwa 596, masu lamba 9 a cikin 368, da kalmomin sirri na ƙananan haruffa 8 a cikin 320. Maimaita zaɓi ta amfani da ƙamus na rockyou.txt, girman 133 MB, ya ba mu damar zaɓar kalmomin sirri 900 nan da nan.
Ana tsammanin cewa halin da ake ciki tare da amincin kalmomin sirri a cikin hanyoyin sadarwar mara waya a wasu birane da ƙasashe kusan iri ɗaya ne kuma yawancin kalmomin shiga za a iya samu a cikin 'yan sa'o'i kadan kuma ana kashe kimanin $ 50 akan katin mara waya wanda ke goyan bayan yanayin sa ido na iska (Network ALFA). Anyi amfani da katin AWUS036ACH a gwajin). Harin da ya danganci PMKID yana aiki ne kawai don samun damar wuraren da ke goyan bayan yawo, amma kamar yadda aikin ya nuna, yawancin masana'antun ba sa kashe shi.
Harin ya yi amfani da daidaitaccen hanyar yin kutse ta hanyar sadarwa mara waya ta WPA2, wanda aka sani tun 2018. Ba kamar tsarin gargajiya ba, wanda ke buƙatar katse firam ɗin musafiha yayin da mai amfani ke haɗawa, hanyar da ta dogara kan tsangwamar PMKID ba ta da alaƙa da haɗin sabon mai amfani zuwa cibiyar sadarwar kuma ana iya aiwatar da shi a kowane lokaci. Don samun isassun bayanai don fara hasashen kalmar sirri, kawai kuna buƙatar kutsawa firam ɗaya tare da mai gano PMKID. Ana iya karɓar irin waɗannan firam ɗin ko dai a cikin yanayin da ba a so ba ta hanyar sa ido kan ayyukan da ke da alaƙa, ko kuma za su iya da ƙarfi fara watsa firam ɗin tare da PMKID akan iska ta hanyar aika buƙatun tabbatarwa zuwa wurin shiga.
PMKID shine zanta da aka samar ta amfani da kalmar sirri, adireshin MAC wurin shiga, adireshin MAC abokin ciniki, da sunan cibiyar sadarwa mara waya (SSID). An fara sanin sigogi uku na ƙarshe (MAC AP, MAC Station da SSID), waɗanda ke ba da damar yin amfani da hanyar bincika ƙamus don tantance kalmar sirri, kamar yadda za a iya tantance kalmomin sirri na masu amfani da na'ura idan aka fitar da hash ɗin su. Don haka, tsaro na shiga cikin hanyar sadarwa mara waya ya dogara kacokan akan ƙarfin saitin kalmar sirri.
source: budenet.ru