[cryptography] RC4 is dangerous in ways not yet known - heads up on near injection WPA2 downgrade to TKIP RC4

coderman coderman at gmail.com
Mon Sep 15 05:39:15 EDT 2014


On 9/15/14, coderman <coderman at gmail.com> wrote:
> ... every implementation of WPA2 that i have tested is vulnerable to
> an active downgrade to TKIP/RC4 while still being "WPA2" and still
> showing all signs of using strongest security settings.

yes, this attack does require knowing the WPA passphrase (PSK) and no
i have not looked at WPA-Enterprise mode (EAP-*).

yes, just looking for populated michael MIC authenticator fields is
probably sufficient to alarm if you've configured WPA2 only.

yes, this is all for now. :)


best regards,


More information about the cryptography mailing list