MITM attack against WPA2-Enterprise?
Perry E. Metzger
perry at piermont.com
Sun Jul 25 18:08:48 EDT 2010
On Sat, 24 Jul 2010 20:38:07 -0400 Steven Bellovin
<smb at cs.columbia.edu> wrote:
> There is a claim of a flaw in WPA2-Enterprise -- see
> http://wifinetnews.com/archives/2010/07/researchers_hints_8021x_wpa2_flaw.html
Not quite a MITM attack. It is quite clever, though as with most such
things, it seems in retrospect to be obvious. If only we always had
hindsight. Quoting from another article:
The Advanced Encryption Standard (AES) derivative on which WPA2 is
based has not been cracked and no brute force is required to
exploit the vulnerability, Ahmad says. Rather, a stipulation in
the standard that allows all clients to receive broadcast traffic
from an access point (AP) using a common shared key creates the
vulnerability when an authorized user uses the common key in
reverse and sends spoofed packets encrypted using the shared group
key.
http://www.networkworld.com/newsletters/wireless/2010/072610wireless1.html?page=1
All in all, this looks bad for anyone depending on WPA2 for high
security.
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list