This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.
The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.
The highlighted line of code below is the trigger point of this particular Centos 6 crypto weakness.
* gives 16 bytes. */ int pmk_len; /** State of EAPOL-Key handshaking */ enum wpa_state state; /** Replay counter for this association * * This stores the replay counter value for the most recent * packet we've accepted. It is initially initialised to ~0 to * show we'll accept anything. */ u64 replay; /** Mask of valid keys after authentication success * * If the PTK is not valid, the GTK should be used for both * unicast and multicast decryption; if the GTK is not valid, * multicast packets cannot be decrypted. */ enum wpa_keymask valid; /** The cipher to use for unicast RX and all TX */ enum net80211_crypto_alg crypt; /** The cipher to use for broadcast and multicast RX */ enum net80211_crypto_alg gcrypt; /** The Pairwise Transient Key derived from the handshake */ struct wpa_ptk ptk; /** The Group Transient Key derived from the handshake */ struct wpa_gtk gtk; /** Authenticator-provided nonce */ u8 Anonce[WPA_NONCE_LEN]; /** Supplicant-generated nonce (that's us) */ u8 Snonce[WPA_NONCE_LEN]; /** Whether we should refrain from generating another SNonce */ int have_Snonce; /** Data in WPA or RSN IE from AP's beacon frame */ void *ap_rsn_ie; /** Length of @a ap_rsn_ie */ int ap_rsn_ie_len;