DOS attack on WPA 802.11?

Donald Eastlake 3rd dee3 at torque.pothole.com
Thu Dec 5 19:49:42 EST 2002 

I'm not saying there might not be a level of error or weakness that
would cause a emergency reset of the standards process. I'm saying that
this diddle-shit minor DoS attack isn't such an error or weakness. It
was fully known about by the 802.11 working group, repeatedly debated at
great length, and discounted as being insignificant. Therefore, an
improvement which merely eliminated it has only a vanishingly small
probability of upsetting the apple-cart.

In the academic world, certainly any minor and even
currently-impractical-to-exploit weakness is of great interest. In the
real world, products have substantial lead times and at some point you
have to stop investigating minor improvements and start cranking out
code/chips/whatever.

Go ahead and design whatever wonderful improvements in TKIP you want.
Perhaps you can publish a paper or two. But unless you find something a
lot bigger wrong with it, I predict the standard will not be changed,
particularly given that TKIP is temporary and within a few years the
deployed hardware population will be swamped with newer hardware
supporting CCMP mode.

Donald

 On Thu, 5 Dec 2002, Arnold G. Reinhold wrote:

> Date: Thu, 5 Dec 2002 12:40:18 -0500
> From: Arnold G. Reinhold <reinhold at world.std.com>
> To: Donald Eastlake 3rd <dee3 at torque.pothole.com>
> Cc: cryptography at wasabisystems.com
> Subject: Re: DOS attack on WPA 802.11?
> 
> At 10:48 PM -0500 11/29/02, Donald Eastlake 3rd wrote:
> >Arnold,
> >
> >If you want to play with this as in intellectual exercise, be my guest. 
> >But the probability of changing the underlying IEEE 802.11i draft
> >standard, which would take a 3/4 majority of the voting members of IEEE
> >802.11, or of making the WiFi Alliance WPA profiling and subseting of
> >802.11i incompatible with the standard, are close to zero.
> 
> Cryptographic standards should be judged on their merits, not on the 
> bureaucratic difficulties in changing them. Specs have been amended 
> before. Even NSA was willing to revise its original secure hash 
> standard. That's why we have SHA1.  If I am right and WPA needlessly 
> introduces a significant denial of service vulnerability, then it 
> should be fixed. If I am wrong, no change is needed of course.
> 
> Check out the President's message for September 202 at the 
> Association of Old Crows web site ("Serving the Electronic Warfare 
> and Information Operations Community"): http://www.aochq.org/news.htm
> 
> Arnold Reinhold
======================================================================
 Donald E. Eastlake 3rd                       dee3 at torque.pothole.com
 155 Beaver Street              +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA                   Donald.Eastlake at motorola.com


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list