Re: WPA attack improved to 1min, MITM

[Joshua Wright <jwright () hasborg com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Should have put in this link to the full paper from the conf proceedings
> page as someone already correctly pointed out: http://bit.ly/8qwQt
>
> The attack seems to have wider applicability than the original Beck/Tews
> variant it is based on as it uses chopchop during MITM without relying
> on 802.11e QoS extensions like Beck/Tews does, but does require
> interfering with AP and MITM which are additional complexity to
> execution. (Hat tip: Cedric Blancher)

The claim of 1 minute to break WPA seems unsupported in the paper.  The
authors have identified mechanisms by which they can reduce the amount
of time to ARP plaintext recovery compared to the numbers presented by
Beck/Tews, but the 1-minute claim assumes the attacker already has
knowledge of the MIC, presumably by executing the Beck/Tews attack
first, and then implementing this attack within the 65K packet PTK
lifetime duration.

Simplified, this attack can break WPA in 1 minute if it was already
broken by the Beck/Tews technique (Hat tip: Beck, Tews).

- -Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEUEARECAAYFAkqVygYACgkQapC4Te3oxYy8lACXbdWCWFYr/plNE/AU0KQrfgO/
NQCeKIC8fRLur5m/dHMx8wbPAGW5mY8=
=JEEj
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave