[12041] in cryptography@c2.net mail archive
Re: Possible fixes for 802.11 WPA message authentication
daemon@ATHENA.MIT.EDU (Niels Ferguson)
Mon Nov 11 22:20:01 2002
Date: Mon, 11 Nov 2002 23:46:46 +0100
To: "Arnold G. Reinhold" <reinhold@world.std.com>,
cryptography@wasabisystems.com
From: Niels Ferguson <niels@ferguson.net>
In-Reply-To: <v04210102b9f58605baec@[192.168.0.2]>
At 12:06 11/11/02 -0500, Arnold G. Reinhold wrote:
[...]
>1. Shuffle the order of the message words stirred into Michael. For
[...]
I can't go into details here due to NDA considerations, but this idea
cannot be efficiently implemented on some of the existing hardware.
>2. Refresh the Michael key frequently. This proposal rests on WPA's
[...]
This has no effect on the best attack we have so far. The attack is a
differential attack, and changing the key doesn't change the probabilities.
>3. Do MIC chaining. Xor (or add) the MIC output block from the
>previous packet to K (or to the previous sub-key) to form the Michael
>sub-key for the current packet. This costs very little and makes it
>much more difficult to figure out K without breaking the WPA
>encryption.
Just like idea 2, this doesn't affect the best known attack as that attack
never tries to recover the Michael key.
Cheers!
Niels
==============================================================
Niels Ferguson, niels@ferguson.net, phone: +31 20 463 0977
PGP: 3EC2 3304 9B6E 27D9 72E7 E545 C1E0 5D7E
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
