attack on WPA 802.11?
...
The differential attack on Michael, which prompted the addition of
the DoS-enabling time-out, involves sending half a billion forged
packets for every one packet that gets through. Why isn't that
considered [by the 802.11i Task Group] a minor and even
currently
At 10:48 PM -0500 11/29/02, Donald Eastlake 3rd wrote:
Arnold,
If you want to play with this as in intellectual exercise, be my guest.
But the probability of changing the underlying IEEE 802.11i draft
standard, which would take a 3/4 majority of the voting members of IEEE
802.11, or of making
:18 -0500
From: Arnold G. Reinhold [EMAIL PROTECTED]
To: Donald Eastlake 3rd [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: DOS attack on WPA 802.11?
At 10:48 PM -0500 11/29/02, Donald Eastlake 3rd wrote:
Arnold,
If you want to play with this as in intellectual exercise, be my guest
Arnold G. Reinhold wrote:
If I am right and WPA needlessly
introduces a significant denial of service vulnerability, then it
should be fixed. If I am wrong, no change is needed of course.
But TKIP (the part of WPA you're talking about) is only a
temporary measure, and will soon be replaced by
The answer is multi-fold.
1) The 802.11i standard wont be finished for a while.
2) There is an apparent Market Requirement for something better than
WEP __NOW__.
3) The WPA can only change their requirements once per year, so even
if 802.11i were ready in 3 months, it would still take
--
Arnold G. Reinhold
Cryptographic standards should be judged on their merits, not
on the bureaucratic difficulties in changing them. Specs have
been amended before. Even NSA was willing to revise its
original secure hash standard. That's why we have SHA1. If I
am right and WPA
At 4:57 AM +0100 11/19/02, Niels Ferguson wrote:
At 21:58 18/11/02 -0500, Arnold G Reinhold wrote:
...
Third, a stronger variant of WPA designed for 11a could also run on
11b hardware if there is enough processing power, so modularization is
not broken.
But there _isn't_ enough processing
At 13:53 29/11/02 -0500, Arnold G. Reinhold wrote:
But there _isn't_ enough processing power to run a super-Michael. If there
were, I'd have designed Michael to be stronger.
I'm not sure that is true for all existing 802.11b hardware. And
vendors of new 802.11b hardware could certainly elect to
incompatible with the standard, are close to zero.
Fri, 29 Nov 2002, Arnold G. Reinhold wrote:
Date: Fri, 29 Nov 2002 13:53:41 -0500
From: Arnold G. Reinhold [EMAIL PROTECTED]
To: Niels Ferguson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: DOS attack on WPA 802.11?
At 4:57 AM
At 00:55 14/11/02 -0800, Bill Stewart wrote:
At 12:03 PM 11/11/2002 -0500, Arnold G. Reinhold wrote:
One of the tenets of cryptography is that new security systems
deserve to be beaten on mercilessly without deference to their creator.
In particular, I'd be interested in finding out if the new
[please ignore previous mesage, sent by mistake -- agr]
On Sat, 16 Nov 2002, Niels Ferguson wrote:
At 18:15 15/11/02 -0500, Arnold G Reinhold wrote:
I agree that we have covered most of the issues. One area whre you have
not responded is the use of WPa in 802.11a. I see no justification for
At 11:40 PM +0100 11/11/02, Niels Ferguson wrote:
At 12:03 11/11/02 -0500, Arnold G. Reinhold wrote:
[...]
One of the tenets
of cryptography is that new security systems deserve to be beaten on
mercilessly without deference to their creator.
I quite agree.
I hope you won't mind another round
We've gone through all the main argument here, and I think it is clear we
don't agree. I started writing a detailed reply to your last message, but
most of it was just argueing that we need authentication on 802.11 packets.
TGi had a limited brief: improve the security for 802.11, and that
At 12:03 11/11/02 -0500, Arnold G. Reinhold wrote:
[...]
One of the tenets
of cryptography is that new security systems deserve to be beaten on
mercilessly without deference to their creator.
I quite agree.
And I would argue
that the Michael countermeasure is no ordinary design tradeoff. It
TGi has NEVER been all that interested in DOS attacks because a number
of people argued that all you need to do is turn on a spark gap
transmitter. While this is true, I think it is harder (one can argue
how much) to get a spark gap transmitter and use it correctly than a
laptop, NIC card, and
The new Wi-Fi Protected Access scheme (WPA), designed to replace the
discredited WEP encryption for 802.11b wireless networks, is a major
and welcome improvement. However it seems to have a significant
vulnerability to denial of service attacks. This vulnerability
results from the proposed
On Thu, 7 Nov 2002, Arnold G. Reinhold wrote:
Date: Thu, 7 Nov 2002 16:17:48 -0500
From: Arnold G. Reinhold [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: DOS attack on WPA 802.11?
The new Wi-Fi Protected Access scheme (WPA), designed to replace the
discredited WEP encryption
17 matches
Mail list logo
