[cryptography] RC4 Forevar! [was: RC4 is dangerous in ways not yet known - heads up on near injection WPA2 downgrade to TKIP RC4]

coderman coderman at gmail.com
Mon Oct 13 14:35:47 EDT 2014

On 10/12/14, coderman <coderman at gmail.com> wrote:
> ...
> also, the definitive paper at http://www.isg.rhul.ac.uk/tls/ still
> insists, "For WPA/TKIP, the only reasonable countermeasure is to
> upgrade to WPA2." which is either incompetently incorrect, or
> intentional indirection.

there is a third option: innocently overlooked.

it is unreasonable of me to assume that lack of prompt corrections is
intentional, as the research is older and not recently updated.

it is unreasonable of me to assume that the lack of awareness
regarding TKIP in WPA2 is widely known, as only driver implementations
and packet disassemblers appear to act on these optional elements.

it is unreasonable of me to repay actual research implementing attacks
with criticism lamenting better information and guidance on a subset
of the research.

in sum: my assumptions of motive were incorrect, rude, and demand retraction.

best regards,
   one libelous jerk

More information about the cryptography mailing list