On Sat, 24 Jul 2010 20:38:07 -0400 Steven Bellovin <s...@cs.columbia.edu> wrote: > There is a claim of a flaw in WPA2-Enterprise -- see > http://wifinetnews.com/archives/2010/07/researchers_hints_8021x_wpa2_flaw.html
Not quite a MITM attack. It is quite clever, though as with most such things, it seems in retrospect to be obvious. If only we always had hindsight. Quoting from another article: The Advanced Encryption Standard (AES) derivative on which WPA2 is based has not been cracked and no brute force is required to exploit the vulnerability, Ahmad says. Rather, a stipulation in the standard that allows all clients to receive broadcast traffic from an access point (AP) using a common shared key creates the vulnerability when an authorized user uses the common key in reverse and sends spoofed packets encrypted using the shared group key. http://www.networkworld.com/newsletters/wireless/2010/072610wireless1.html?page=1 All in all, this looks bad for anyone depending on WPA2 for high security. -- Perry E. Metzger pe...@piermont.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com