[Ninux-Wireless] WPA (o meglio TKIP) craccato (ad agosto)

Claudio clauz a ninux.org
Gio 10 Set 2009 21:07:18 CEST


August 2009

A Practical Message Falsification Attack on WPA

Toshihiro Ohigashi and Masakatu Morii

Abstract. In 2008, Beck and Tews have proposed a practical attack on
WPA. Their attack (called the Beck-Tews attack) can recover plaintext
from an encrypted short packet, and can falsify it. The execution time
of the Beck-Tews attack is about 12-15 minutes. However, the attack has
the limitation, namely, the targets are only WPA implementations those
support IEEE802.11e QoS features. In this paper, we propose a practical
message falsification attack on any WPA implementation. In order to ease
targets of limitation of wireless LAN products, we apply the Beck-Tews
attack to the man-in-the-middle attack. In the man-in-the-middle attack,
the user's communication is intercepted by an attacker until the attack
ends. It means that the users may detect our attack when the execution
time of the attack is large. Therefore, we give methods for reducing the
execution time of the attack. As a result, the execution time of our
attack becomes about one minute in the best case.

http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf
http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi-fi.html

A quanto ho capito, l'attacco e' basato su TKIP, quindi non funziona con
WPA/WPA2+AES...

Ciao,
Clauz




Maggiori informazioni sulla lista Wireless