Announcement

**renderman** · August 27, 2009, 18:45

Re: TKIP cracked

eh, not so much. It allows disclosure on the MIC key which allows for injection of a few packets but does not disclose the encryption key.

It's the Tews-Beck attack (Which is basically the WEP chopchop attack with a timer) which came out last year with a slight refinement (that seems kinda bogus) that reduces the time to inject from 12 minutes to 1 minute by offloading the CRC checks to the attacker instead of using the AP failure messages to do the work.

It's not a new nail, just a refinement to existing attack that was more a crack in the armour than a break. Still, nice to see work continuing on breaking anything and everything.

**bascule** · August 28, 2009, 15:49

Re: TKIP cracked

Okay, sorry if my initial synopsis was a bit overzealous

**reusablesec** · August 28, 2009, 18:32

Re: TKIP cracked

If you want a longer writeup, I posted an analysis of the attack to my blog. The short summary is I agree with Renderman. The attack is good work, but the practical implications of it aren't that dire.

http://reusablesec.blogspot.com/2009...acked-yet.html

**renderman** · August 30, 2009, 14:04

Re: TKIP cracked

Originally posted by reusablesec View Post

If you want a longer writeup, I posted an analysis of the attack to my blog. The short summary is I agree with Renderman. The attack is good work, but the practical implications of it aren't that dire.

http://reusablesec.blogspot.com/2009...acked-yet.html

Well written, thanks for sharing.

Side note: Watched your DC talk last night, really good stuff.

Announcement

TKIP cracked

TKIP cracked

Comment

Comment

Comment

Comment