[cryptography] RC4 is dangerous in ways not yet known - heads up on near injection WPA2 downgrade to TKIP RC4

coderman coderman at gmail.com
Wed Sep 17 22:27:26 EDT 2014


On 9/16/14, staticsafe <me at staticsafe.ca> wrote:
> ...
> My home Wi-Fi AP (a Mikrotik RouterOS) device is configured as WPA2 PSK
> with TKIP and AES unicast/group ciphers. I see that I can uncheck the
> TKIP check box, is this an acceptable workaround to the issue you
> mentioned?


please test; you will need to force set client bits in driver; this
assumes modified drivers.  it would be awesome for someone to provide
a repro lorcon scapy style, alas, it appears that will not be me.

stribika also mentions this config,
https://twitter.com/stribika/status/511985181134057473
---
proto=WPA2
key_mgmt=WPA-PSK
pairwise=CCMP
group=CCMP
---
i do not know if this is resistant to client overriding ap prefs, as
in your scenario.  another good variant to check...

apologies; wish i could be more helpful.


best regards,


More information about the cryptography mailing list