"WPA Wi-fi Cracked (but it's not as bad as you think... yet)"
j at w1.fi
Fri Nov 7 18:17:25 EST 2008
On Fri, Nov 07, 2008 at 11:32:03PM +0100, Cristian Ionescu-Idbohrn wrote:
> Any comment on this:
As far as I can tell, this is an attack against TKIP (talking about WPA
or WPA2 here can get somewhat confusing since both allow different
ciphers to be negotiated) and requires WMM to succeed in its current
form. The current version of the attack is still quite limited in scope,
but it is obvious that this will be opening up much more severe attacks
once the attack is fine tuned to figure out more frame types with easily
TKIP is known to have major security issues and it has reached the end
of its designed life. People should really move to use CCMP which has
been available in most Wi-Fi products for more than two years now.
I do not really want to give much more life support for TKIP at this
point, but if for some reason update to CCMP cannot be done immediately,
there are couple of workarounds against the attack that has now been
described in some level of detail. These are by no means guaranteed to
avoid this attack, and certainly not all other attacks against TKIP, but
they could make it somewhat less likely that an attack would succeed (to
give some more time to get the system updated to use CCMP).
If WMM is disabled, this new attack (chopchop to decrypt TKIP frame,
figure out Michael MIC key, and use the derived ARC4 stream to inject
new frames) would not be feasible. Alternatively, the TKIP keys (TK;
part of PTK or GTK) could be changed frequently to make it more
difficult for an attacker to have enough time to complete the chopchop
attack. Option to do this is available in hostapd and wpa_supplicant
development branch (wpa_ptk_rekey).
I'm also looking into a small change in wpa_supplicant that would make
the chopchop part take considerably more time as a potential mitigation
for this particular attack.
Jouni Malinen PGP id EFC895FA
More information about the HostAP