| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 8 Nov 2008 00:52:59 +0100 From: Thierry Zoller <Thierry@...ler.lu> To: "George Ou" <george_ou@...architect.net> Cc: 'Full-Disclosure mailing list' <full-disclosure@...ts.grok.org.uk>, dailydave@...ts.immunitysec.com Subject: Re: [Dailydave] Once thought safe, WPA Wi-Fi encryption is cracked Dear Goerge, GO> First of all, this was not a crack against WPA; it was a weakening of TKIP. That was exactly my point. To the best of my knowledge and please correct me if I am wrong : GO> WPA != TKIP. WPA is an industry certification standard which mandates TKIP GO> encryption capability but leaves AES encryption optional. I'd even say it leaves CCMP optional, let's no confuse ourselves even more here and compare TKIP to AES - directly. In summary: There exists amongst others WPA-PSK-TKIP (RC4) aswell as WPA-PSK-CCMP (AES) TKIP = IEEE 802.11i - CCMP = IEEE 802.11i - CTR with CBC-MAC Protocol (CCMP). Both are refered to Robust Secure Network in IEEE 802.11i While TKIP might be weakened cracked - WPA - AFAIK isn't. GO> What this means is that people should add TKIP to the list of obsolete encryption GO> algorithms like WEP. This summarises it perfectly. -- http://secdev.zoller.lu Thierry Zoller _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists