

WPA2 vulnerability found  - all
http://www.networkworld.com/newsletters/wireless/2010/072610wireless1.html

======
ax0n
Expert analysis here: <http://news.ycombinator.com/item?id=1541729>

Jennifer's a friend of mine who knows her stuff when it comes to 802.1X, NAC
and WiFi. It looks like it's only related to broadcast traffic, and you have
to be authenticated. Also, I can't tell, but it sounds like it might be
restricted to radius-authenticated networks (WPA / WPA2 Enterprise, not PSK
like you'd find in a coffee shop)

------
teilo
Wow. If this is legit, this one is really bad. It covers this case:

1) Bob and Alice go to a coffee shop that uses WPA2, but gives the password to
paying customers.

2) Alice uses the exploit to acquire Bob's PSK.

3) Alice records and decrypts all of Bob's traffic.

~~~
hannibalhorn
That's always been possible - you can just enter the network password in
Wireshark and watch everybody's traffic on a PSK network. You just have to
capture the initial key negotiation traffic for a particular client.

WPA(2) largely just made it more difficult to brute force network passwords
(vs WEP) but did nothing for privacy of the users. Unless you're using
certificates for authentication, everything you do is visible to anyone else
who has the password.

It's a shame, because it would have been very easy to address by just using
Diffie Hellman when determining the session key.

~~~
SpikeGronim
Agreed that shared secrets are not really that secret.

"it would have been very easy to address by just using Diffie Hellman when
determining the session key"

Since WPA is implemented in hardware you must add gates to support Diffie
Helman. This adds cost, resulting in a cost/security trade off.

------
Groxx
Basic concept:

Unicast traffic has safeguards against spoofing. Multicast does not. Spoof
yourself as the AP, send out multicast traffic, and clients respond with
unicast traffic _with their key_.

OK... seriously? _Session keys!_ If you never send them out after negotiating
them, the attacker would never get the key, and all your past traffic would
still be secure.

The state of "security" with wireless communications continually strikes me as
an ass-backwards place... wtf keeps going wrong? A couple standard, basic
security techniques would seem to resolve nearly every cracking problem, and a
large number of MITM ones too (certificates!).

