[TheLastPass]

If it's not a strong hash and the protocol doesn't include salting, it's not impossible. Rainbow tables exist. And they really only need to find a collision. Wi-Fi protocols, especially WEP, have had vulnerabilities similar to this before. Similar in the sense that if you sniffed enough traffic you could figure out the password (don't recall the specific mechanisms - but this could be one).

[est31]

It's unfair to say that there is no salting. The PMK is derived from the WiFi network name (SSID) as well as the password [1]. The SSID acts as a salt here. Not perfect as SSIDs are often not unique, but it's certainly better than no salting at all.

[1]: https://www.ins1gn1a.com/understanding-wpa-psk-cracking/

[Scoundreller]

So stupid they don’t use the MAC as the salt.

[TheLastPass]

I said "IF" there's no salting. In any case, I'd be less concerned about SSID's not being unique as I am about the fact that the SSID of a specific target is trivial to obtain and almost never changed.

[est31]

> I'd be less concerned about SSID's not being unique as I am about the fact that the SSID of a specific target is trivial to obtain and almost never changed.

Salts don't need to be secret, only unique. In fact, in this case the unauthenticated client needs to be able to compute the PMK from the password alone, so you can't keep it on the AP.

[austinheap]

This is why we have rainbow tables.

[vntok]

Rainbow tables don't work here because the password is salted.

[hleach]

A salt can't do it's job when it's reused.

There are WPA rainbow tables for common ssid's available online.

If your ssid is "Linksys" it takes only moments to look up a weak password.