Full Disclosure mailing list archives

Re: Once thought safe, WPA Wi-Fi encryption is cracked

From: Dragos Ruiu <dr () kyx net>
Date: Fri, 7 Nov 2008 11:33:08 -0800


On 7-Nov-08, at 9:37 AM, Thierry Zoller wrote:

WPA is not cracked, a way was found to brute TKIP.


Not quite exactly... The actual impact is unclear due to the  
complicated exploitation mode.
And there are suggestions that it can be expanded upon...

The attack lets AP -> Client communications be decrypted, and a  
hostile attacker can inject traffic.
Client -> AP communications are not threatened yet, AFAIK.

What can be done with this capability is still to be evaluated. The  
complicated part comes in the
fact that part of this attack is cryptographic weakness, and part of  
it is a protocol weakness.

It will take some more study before it is fully understood and the  
full scope of impact is known IMHO.

cheers,
--dr


--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan  November 12/13 2008  http://pacsec.jp
Vancouver, Canada  March 16-20 2009  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Once thought safe, WPA Wi-Fi encryption is cracked Ivan . (Nov 06)
- Re: Once thought safe, WPA Wi-Fi encryption is cracked Thierry Zoller (Nov 07)
  - Re: Once thought safe, WPA Wi-Fi encryption is cracked Dragos Ruiu (Nov 07)
    - Re: [Dailydave] Once thought safe, WPA Wi-Fi encryption is cracked George Ou (Nov 07)
    - Re: [Dailydave] Once thought safe, WPA Wi-Fi encryption is cracked Thierry Zoller (Nov 07)
    - Re: [Dailydave] Once thought safe, WPA Wi-Fi encryption is cracked Dragos Ruiu (Nov 07)
    - Re: [Dailydave] Once thought safe, WPA Wi-Fi encryption is cracked Cedric Blancher (Nov 08)