[cryptography] RC4 is dangerous in ways not yet known - heads up on near injection WPA2 downgrade to TKIP RC4
coderman at gmail.com
Mon Sep 15 05:39:15 EDT 2014
On 9/15/14, coderman <coderman at gmail.com> wrote:
> ... every implementation of WPA2 that i have tested is vulnerable to
> an active downgrade to TKIP/RC4 while still being "WPA2" and still
> showing all signs of using strongest security settings.
yes, this attack does require knowing the WPA passphrase (PSK) and no
i have not looked at WPA-Enterprise mode (EAP-*).
yes, just looking for populated michael MIC authenticator fields is
probably sufficient to alarm if you've configured WPA2 only.
yes, this is all for now. :)
More information about the cryptography