[cryptography] RC4 is dangerous in ways not yet known - heads up on near injection WPA2 downgrade to TKIP RC4

coderman coderman at gmail.com
Sun Sep 21 22:29:27 EDT 2014


On 9/21/14, Daniel <kyhwana at gmail.com> wrote:
> Hey coderman,
> has this been released anywhere? I asked because I discovered
> http://people.cs.kuleuven.be/~mathy.vanhoef/papers/wpatkip.pdf again.
> (Where with TKIP, if you can inject packets on the air, you can get
> back unencrypted traffic that was headed towards the client..)


hi Daniel!

please continue posting relevant material.  this is released plus or
minus Full Disclosure   moderation queue. you are smart enough to see
why this is a dead end, and "optional" TKIP will live in WPA2 forever.

you may also want to keep in touch with K. Paterson who wrote about
another TKIP issue as mentioned earlier in this thread.  i have not
heard of any further input from K. i have not seen any further public
confirmation of active TKIP downgrade or implications.

silence the story, per usual.

best regards,


More information about the cryptography mailing list