The attack described at https://hashcat.net/forum/thread-7717.html
performs a brute-force hash cracking attack on data voluntarily
sent by access points which support 802.1x authentication with
a pre-shared passphrase and have a feature known as "fast roaming"
enabled.
At present, OpenBSD-based access points support neither 802.1x
authentication nor fast roaming. (There is some 802.1x code in
the kernel, but it is only used in client mode and only in
conjunction with the wpa_supplicant program from ports.)
Lack of 802.1x support means the WPA key configured with ifconfig
acts as the pairwise master key (PMK). It has always been possible
to capture a 4-way handshake and attempt to crack the passphrase
which hashed data exposed during the 4-way handshake is based on.
This is referred to as one of the "existing attacks" in the hashcat
forum post and this attack vector is even mentioned in the spec
(802.11 2012, section 4.10.3.4 "Alternate operations with PSK"):
"""
This operation has security vulnerabilities when used with
a low-entropy key and is recommended to be used only after
taking that into account.
"""
So the bottom line is:
- Never rely on WPA passphrases for end-to-end security regardless
of how "strong" your passphrase seems to be. WPA passphrases may
be used for access control (i.e. authorization) but they provide
neither authenticity nor privacy.
- If you care, configure a "strong" WPA passphrase on your access point.
The maximum length is 63 characters. A command such as pwgen -s 63
will suggest a WPA passphrase which is hard to crack (pwgen is in ports).
