TKIP attack

Jouni Malinen j at w1.fi
Tue Nov 11 16:41:34 EST 2008


On Tue, Nov 11, 2008 at 12:54:55PM -0800, Miles wrote:

> Have we implemented any code to prevent TKIP attack in hostapd? 
> 
> http://radajo.blogspot.com/2008/11/wpatkip-chopchop-attack.html

hostapd forces rekeying of PTK on the first Michael MIC failure report
(i.e., it does not wait for TKIP countermeasures to be started on the
second failure). This limits this particular chopchop attack to only a
single octet and as such, the attack cannot be used to determine the
Michael MIC key or full ARC4 stream for pairwise packets. As far as
group packets are concerned, the attack might be feasible, but that can
be mitigated by setting the GTK rekeying to happen relatively frequently
(e.g., wpa_group_rekey=600 which is the default value in hostapd or even
a smaller value to make the attack more default at the cost of more
frequent key updates).

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list