Re: WPA attack improved to 1min, MITM

[Cedric Blancher <blancher () cartel-securite fr>]

Le mercredi 26 août 2009 à 16:49 -0700, Joshua Wright a écrit : 
> Simplified, this attack can break WPA in 1 minute if it was already
> broken by the Beck/Tews technique (Hat tip: Beck, Tews).

Or their own "improvement", based on a MITM that is definitely not that
trivial to implement. And actually not that useful compared to DoSing
communication channel with a directional antenna.

This claim of 1min makes me think of tons of misleading articles
commenting Bittau, Handley and Lackey "The Final Nail in WEP's Coffin"
paper (awesome paper BTW), stating WEP could be broken in 30sec or so
using their technic, just forgetting that theses 30sec were only the
first step.
Ohigashi & Morii paper per se is not really misleading to me as it is
quite clear when you read it about what they do and where they claim
improvements. What I actually find very misleading is titling "MITM" (no
offense meant Dragos ;), kind of meaning that their attack would allow
one to MITM on TKIP, which is definitely not the case.

One thing this paper also don't mention, although it might not be a big
problem after all, is what happens after they release their black-out.
They often refer to minimizing black-out duration, probably for being
able to restore normal communication, but they don't refer to TSC resync
issues.


-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
> > Hi! I'm your friendly neighbourhood signature virus.
> > Copy me to your signature file and help me spread!
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave