| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Nov 2008 11:33:08 -0800 From: Dragos Ruiu <dr@....net> To: Thierry Zoller <Thierry@...ler.lu> Cc: Full-Disclosure mailing list <full-disclosure@...ts.grok.org.uk>, dailydave@...ts.immunitysec.com Subject: Re: Once thought safe, WPA Wi-Fi encryption is cracked On 7-Nov-08, at 9:37 AM, Thierry Zoller wrote: > WPA is not cracked, a way was found to brute TKIP. Not quite exactly... The actual impact is unclear due to the complicated exploitation mode. And there are suggestions that it can be expanded upon... The attack lets AP -> Client communications be decrypted, and a hostile attacker can inject traffic. Client -> AP communications are not threatened yet, AFAIK. What can be done with this capability is still to be evaluated. The complicated part comes in the fact that part of this attack is cryptographic weakness, and part of it is a protocol weakness. It will take some more study before it is fully understood and the full scope of impact is known IMHO. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Tokyo, Japan November 12/13 2008 http://pacsec.jp Vancouver, Canada March 16-20 2009 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists