On 9/15/2014 06:23, coderman wrote: > On 9/15/14, coderman <coder...@gmail.com> wrote: >> ... >> yes, this is all for now. :) > > i lied and one last clarification before day is done: > > why do you care if this assumes knowledge of the pairwise master key? > a) my poc sucks; make a better one able to manipulate EAPOL frames without > PMK! > b) presumably still useful if client SNonce is missed (easier to hear > loud access points than quiet clients behind more obstacles?) > > switch to WPA2-EAP-PWD, WPA2-EAP-TTLSv0|v1, WPA2-EAP-PEAP, anything > other than PSK... i can't say for sure that WPA-Enterprise is immune > to this attack, but it is certainly better in many respects > regardless.
Hi, My home Wi-Fi AP (a Mikrotik RouterOS) device is configured as WPA2 PSK with TKIP and AES unicast/group ciphers. I see that I can uncheck the TKIP check box, is this an acceptable workaround to the issue you mentioned? -- staticsafe https://staticsafe.ca _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography