Chat Forum
It is currently Fri Sep 21, 2018 6:29 pm

All times are UTC [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Nonce danger
PostPosted: Mon Oct 16, 2017 12:45 pm 
Offline
User avatar

Joined: Tue Jan 31, 2012 11:05 am
Posts: 11033
Location: 雪の街
Most widely used Wi-Fi security protocol has a serious flaw according to

https://www.krackattacks.com/

Quote:
We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.

In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.


Top
 Profile  
 
 Post subject: Re: Nonce danger
PostPosted: Mon Oct 16, 2017 1:30 pm 
Offline

Joined: Mon Oct 24, 2016 11:46 pm
Posts: 779
Not good. But unlikely to affect credit card data, as that is usually encrypted in TLS connections anyway.


Top
 Profile  
 
 Post subject: Re: Nonce danger
PostPosted: Mon Oct 16, 2017 2:47 pm 
Offline
User avatar

Joined: Tue Jan 31, 2012 11:05 am
Posts: 20466
Bring back the cheque-book, all is forgiven.


Top
 Profile  
 
 Post subject: Re: Nonce danger
PostPosted: Mon Oct 16, 2017 3:33 pm 
Offline
User avatar

Joined: Tue Jan 31, 2012 11:05 am
Posts: 19473
theo wrote:
Bring back the cheque-book, all is forgiven.

I got asked for a cheque the other day and realised I hadn't written one for over a decade


Top
 Profile  
 
 Post subject: Re: Nonce danger
PostPosted: Mon Oct 16, 2017 3:40 pm 
Offline
User avatar

Joined: Tue Jan 31, 2012 11:05 am
Posts: 11033
Location: 雪の街
I hadn't written a cheque in over 10 years but in the last 10 days or so I've had to write several because the payees couldn't take a card.


Top
 Profile  
 
 Post subject: Re: Nonce danger
PostPosted: Mon Oct 16, 2017 3:43 pm 
Offline
User avatar

Joined: Tue Jan 31, 2012 11:05 am
Posts: 20466
A-ha.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC [ DST ]


Who is online

Users browsing this forum: Achahoish, anonymous_joe, Armchair_Superstar, bimboman, Bing [Bot], Bloutoria, booze, Cartman, clementinfrance, crouchy, DiscoHips D'Arcy, Doc Rob, Flametop, Google Adsense [Bot], Lobby, Mick Mannock, Nieghorn, Nolanator, pigaaaa, pjm1, Raggs, Risteard, Saturnine, S Club, The Man Without Fear, Yourmother, ZappaMan, Zico and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group