dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7
share rss forum feed
« WPA CrackLink from Slashdot »
This is a sub-selection from Not news


tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
kudos:9
Reviews:
·G4 Communications
·Fairpoint Commun..
·Hollis Hosting
reply to FFH

Re: Not news

said by FFH:

By the time they crack the key, it would already be changed.
That does not address the problem. Since previous transmissions can be recorded it does not matter (within reason) how long it takes the attacker to crack encryption. Once cracked plain text is readable. Whatever was communicated is now known to the attacker.

/tom


FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

said by tschmidt:

said by FFH:

By the time they crack the key, it would already be changed.
That does not address the problem. Since previous transmissions can be recorded it does not matter (within reason) how long it takes the attacker to crack encryption. Once cracked plain text is readable. Whatever was communicated is now known to the attacker.

/tom
It does matter, because the data that has to be collected in order to successfully decrypt it exceeds a 12 to 15 min collection timeframe. If the key changes BEFORE they can collect 12 to 15 mins worth of data, then the decryption process won't succeed. At least that is how I understand the process from several different writeups.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk?


tschmidt
Premium,MVM
join:2000-11-12
Milford, NH
kudos:9
Reviews:
·G4 Communications
·Fairpoint Commun..
·Hollis Hosting

said by FFH:

If the key changes BEFORE they can collect 12 to 15 mins worth of data, then the decryption process won't succeed. At least that is how I understand the process from several different writeups.
I am not a cryptanalysis nor do I play one on TV. My understanding is they spoof system into sending a big chunk of data, then it only takes 12-15 minutes to extract the key. If key is changed more often recovered key cannot be used to actively communicate but will be able to convert messages to plain text.

As an aside WPA was always considered an interim scheme until WPA2 could be officially approved. This is an interesting, but not devastating, attack as I assume most sites are using WPA2 to replace WEP.

/tom


ieolus
Support The Clecs

join:2001-06-19
Danbury, CT

You guys should stay at a Holiday Inn Express tonight and then come back here to finish the discussion tomorrow.
--
"Speak for yourself "Chadmaster" - lesopp