lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <B38F0055-47AF-4F76-8C7D-37046101C7DB@kyx.net>
Date: Tue, 25 Aug 2009 19:13:25 -0700
From: Dragos Ruiu <dr@....net>
To: Full-Disclosure mailing list <full-disclosure@...ts.grok.org.uk>
Subject: WPA attack improved to 1min, MITM

The Beck/Tews WiFi WPA attack presented at PacSec has been improved  
(down to 1 min, MITM) by 2 .jp researchers (Ohigashi, Morii) http://bit.ly/clCpm 
  Remember: avoid WPA/TKIP and force AES only encryption in WPA2 -  
don't let your access point automatically fall back automatically to  
the insecure TKIP/WPA mode, to be safe. (At least until any WPA2  
attacks are published ;-P)

cheers,
--dr

P.S. CanSecWest registration is now up, and a new Japanese PacSec  
registration is live. June has been picked as the time for EUSecWest  
in Amsterdam.
(hat tip: T Harada)

url: http://jwis2009.nsysu.edu.tw/index.php/jwis/jwis2009/paper/view/80

A Practical Message Falsification Attack on WPA
Toshihiro Ohigashi, Masakatu Morii

Last modified: 2009-07-20

Abstract
In 2008, Beck and Tews have proposed a practical attack on WPA. Their  
attack (called the Beck-Tews attack) can recover plaintext from an  
encrypted short packet, and can falsify it. The execution time of the  
Beck-Tews attack is about 12-15 minutes. However, the attack has the  
limitation, namely, the targets are only WPA implementations those  
support IEEE802.11e QoS features. In this paper, we propose a  
practical message falsification attack on any WPA implementation. In  
order to ease targets of limitation of wireless LAN products, we apply  
the Beck-Tews attack to the man-in-the-middle attack. In the man-in- 
the-middle attack, the user's communication is intercepted by an  
attacker until the attack ends. It means that the users may detect our  
attack when the execution time of the attack is large. Therefore, we  
give methods for reducing the execution time of the attack. As a  
result, the execution time of our attack becomes about one minute in  
the best case.

--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan November 4/5 2009  http://pacsec.jp
Vancouver, Canada March 22-26  http://cansecwest.com
Amsterdam, Netherlands June  http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ