[cryptography] RC4 Forevar! [was: RC4 is dangerous in ways not yet known - heads up on near injection WPA2 downgrade to TKIP RC4]

coderman coderman at gmail.com
Sun Oct 12 20:03:44 EDT 2014


On 9/22/14, coderman <coderman at gmail.com> wrote:
> ...
>> Please elaborate.  TKIP has not been identified as a ‘active attack’
>> vector.

hi nymble,

it appears no one cares about downgrade attacks, like no one cares
about MitM (see mobile apps and software update mechanisms). [0]



> to be specific about the problems, in case not concise enough above:
> 0. lack of a way to enforce TKIP disable.
> 1. lack of visual signal of TKIP downgraded security in WPA2 to users.
> 2. insult to injury with "unspecified" bozofail TKIP transition to ON
> flaws in some hw.

i would like to clarify that #0 is a driver domain behavior, your
"suggestions" from userspace via wpa-supplicant are meaningless
against the motivated.

also, the definitive paper at http://www.isg.rhul.ac.uk/tls/ still
insists, "For WPA/TKIP, the only reasonable countermeasure is to
upgrade to WPA2." which is either incompetently incorrect, or
intentional indirection.

best regards,



0. "no one cares" - this is not strictly true; people care a bit more
if you have done significant and detailed analysis of the sort that
eats lives by the quarter-year. i have long since quit giving freebies
freely, and instead pick my disclosures carefully with significant
limitations.

perhaps i should re-state: "no one working in the public interest
cares". there is a roaring business for silence and proprietary
development, and these people care quite a bit.


More information about the cryptography mailing list