2 posts • joined 29 May 2008
Attack against WPA+TKIP is not comprehensive
I will say, that word sequence "Crack WPA" is very loudly...
This is a TKIP flaw... and Tews-Becker attack is based on old fashioned Korek's chopchop inductive packet guess idea. Idea is realized in aircrack-ng -4 tool against WEP (DWEP) an is very impressive: don't look for encryption key itself, find out short keystream to perform packet injectiion with arp(icmp) packets afterward.
TKIP utilize RC4 encryption with MIC(michael) packet integrity. In WEP case, if inductive guess is correct, AP answer is positve, in TKIP case, if packet guess is correct, but MIC fails, AP respond with: wait a 1 minute.
And so, there are 14 unknown arp packet bytes - MIC 8bytes, ICV 4 bytes and 2 last bytes from ip packet source and destination adreses ( ex. 192.168.1.X)and less than 15 minutes need to discover full arp packet.
Attack is very limited and employed in DoS attacks with arpd(dns, icmp ) packet injection.
Recommendation: move to WPA2 + CCMP
WEP is totally dead!
Even complicated WEP keys are broken in 30 sec. using aircrack-ng tool in PTW mode from BackTrack. It pertains to Open authentication. Shared key authentication key search is more complicated, it requires associated victim's STA mac address to perform deauthentication firstly to capture WEP 4-way authentication handshake, but it also works perfectly! Worstly, I can crack dynamic WEP keys with 802.1X authentication!! Thanks, to PTW guys! WPA-PSK authentication with complicated (at least 20 characters long pre-shared password) shared secret helps.
- +Comment Anti-Facebook Ello: Here's why we're still in beta. SPAMGASM!
- Analysis Windows 10: One for the suits, right Microsoft? Or so one THOUGHT
- Vid+Pics Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
- Xbox hackers snared US ARMY APACHE GUNSHIP ware - Feds
- George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests