Update (added below)


Paper released : http://dl.aircrack-ng.org/breakingwepandwpa.pdf

It's all over the place - WPA cracked.
Here is why it isn't (yet):
  • Attack does not give you access to the data transmited
  • Only the TKIP keystream is being recovered
  • Besides WPA-PSK-TKIP there is WPA-PSK-CCMP which is not vulnerable - so even if WPA-PSK-TKIP would be broken there still is WPA-PSK-CCMP, so WPA is not dead.
Temporal Key Integrity Protocol (TKIP) is nothing else then our good old friend RC4 (same as used in WEP, yep) with the difference that the KEY changes every 10KB packet,
hence the name (Temporal). Another change was to add the MAC into the calculation making it basicaly a salt that results in different key set with the same IV (Initialisation Vector). This also reduces the possibility of a replay attack.
What the author basicaly says is that they found a way to :

- have the AP generate LOT of traffic, meaning lot of encrypted datapackets you can
then use a new way to bruteforce TKIP
Quote :
They have not yet, however, managed to crack the encryption keys used to secure the data that travels from the PC to the router.
In my book not crack the encryption keys means...well wpa is not cracked.. I can't say more until the airodump-ng SVN repositry is reachable, part of the code is already in there.

Update :
Facts :
  • Currently the attack only affects TKIP (not ccmp) gives access to one keystream, no keys are recovered but it allows for decryption of short individual packets ie DNS, ARP (sounds like known plaintext to me)
  • Allows reinjecting of short (ARP, DNS) packets or packets there is a small amount of unknown data
  • If you use AES mode you are perfectly safe
Assumptions :
  • more traffic may render the attack impossible (as rekeying happens)
  • setting to rekey on intervals also is a mitigation to those who have to use WPA
My recommendation on Wi-Fi still is valid and is totaly safe (until further notice) :
  • Home User: Use WPA2 (AES - CCMP)
  • Enterprise : Use WPA2 EAP2-TLS
History :
The history of wireless standards is a mess to say the least: IEEE was to slow for AP vendors so they created the Wi-Fi alliance, and pushed for their own names staying compatible with IEEE one way or another :
- WEP (RC4)
- WPA-PSK TKIP (RC4) AND WPA-PSK CCMP - which is not vulnerable (afaik not certified but exists)
- WPA2 (AES, CCMP,TKIP or Enterprise - EAP, TTLS)

http://lists.shmoo.com/pipermail/hostap/2006-August/014137.html :
Both TKIP and CCMP can be used regardless of which version of WPA is used.
WPA was not certified with CCMP, but WPA2 certification includes tests for
both TKIP (only for backwards compatibility with WPA) and CCMP.
An excellent write-up from SID (rstack) can be found here (french) : http://sid.rstack.org/blog/index.php/304-tkip-comment-ca-marche

0 comments

Post a Comment