[cryptography] RC4 is dangerous in ways not yet known - heads up on near injection WPA2 downgrade to TKIP RC4

staticsafe me at staticsafe.ca
Tue Sep 16 19:24:30 EDT 2014

On 9/15/2014 06:23, coderman wrote:
> On 9/15/14, coderman <coderman at gmail.com> wrote:
>> ...
>> yes, this is all for now. :)
> i lied and one last clarification before day is done:
> why do you care if this assumes knowledge of the pairwise master key?
> a) my poc sucks; make a better one able to manipulate EAPOL frames without PMK!
> b) presumably still useful if client SNonce is missed (easier to hear
> loud access points than quiet clients behind more obstacles?)
> switch to WPA2-EAP-PWD, WPA2-EAP-TTLSv0|v1, WPA2-EAP-PEAP, anything
> other than PSK... i can't say for sure that WPA-Enterprise is immune
> to this attack, but it is certainly better in many respects
> regardless.


My home Wi-Fi AP (a Mikrotik RouterOS) device is configured as WPA2 PSK
with TKIP and AES unicast/group ciphers. I see that I can uncheck the
TKIP check box, is this an acceptable workaround to the issue you mentioned?


More information about the cryptography mailing list