SCF Advanced Search

  • Total Posts: 40158
  • Total Topics: 14266
  • Online Today: 750
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Vulnerability in WPA standard, TKIP  (Read 3937 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Advanced Member
  • ***
  • Posts: 171
  • KARMA: 18
  • Gender: Male
Vulnerability in WPA standard, TKIP
« on: 19. July 2009., 06:39:08 »

Since replacement of weak WEP encryption, TKIP itself was designed as a stopgap measure, with a planned secure lifetime of approximately five years. As this standard was adopted in 2003, a discovery of this type is not entirely unexpected.

The TKIP vulnerability discovered by Erik Trews and Martin Beck is very different from the previous, well-known attacks against WPA-PSK. Previous attacks targeted the method WPA-PSK uses to generate the initial key from the passphrase and network SSID, by brute forcing possible passwords and generating a table of the results.

The new attack targets the TKIP data exchange itself, and can affect both PSK and EAP/802.1X (enterprise) networks. It does not affect networks which use AES encryption (such as WPA2-AES). WPA1 networks using AES encryption are not affected, and WPA2 networks which still use TKIP are vulnerable.

Current attack does not compromise the key itself, but can allow packet injection attacks, which may compromise secondary security features, such as firewalls, by forging packets which cause the firewall to think connections originated from inside the LAN.

By exploiting the fact that packets in QoS queues may arrive out of order, an attacker can defeat the replay protection in TKIP and reuse a captured frame. Applying an older WEP attack known as "chopchop", the plaintext of the packet can be revealed byte-by-byte. However, the maximum rate at which the attacker can guess each byte is limited by the TKIP message integrity check (MIC). If two invalid MIC events occur within 60 seconds, the station will shut down for 60 seconds, and then reassociate with new keys.

If switching to AES is not possible, stop-gap measures may temporarily extend the lifetime of the network, but will not solve the fundamental flaw. By setting the TKIP rotation interval to a short value, the amount of time an attacker can conduct the attack and the length of time a successful attack is useful are curtailed. The current attack requires one minute per byte, so setting the TKIP rotation value to an interval of 120 seconds should prevent an attacker from making significant gains.

It was not as critical as flaw in WEP, but it is a complex attack and requires fair knowledge of WPA mechanism.
Or, scrip-kiddies can break in with a sheet of instructions and commands.
I just wanted to members to know that TKIP is no longer as safe as AES, well in fact it was a stopgap measure. Hope everyone knows what to do from here.
well? understand ma bad English.

Samker's Computer Forum -

Vulnerability in WPA standard, TKIP
« on: 19. July 2009., 06:39:08 »


  • SCF Member
  • **
  • Posts: 26
  • KARMA: 3
Re: Vulnerability in WPA standard, TKIP
« Reply #1 on: 19. July 2009., 21:26:37 »
Thanks for this info

Samker's Computer Forum -

Re: Vulnerability in WPA standard, TKIP
« Reply #1 on: 19. July 2009., 21:26:37 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising