[145390] in cryptography@c2.net mail archive
Re: MITM attack against WPA2-Enterprise?
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Mon Jul 26 22:26:28 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <20100725212305.74f8000d@jabberwock.cb.piermont.com>
Date: Mon, 26 Jul 2010 21:42:53 -0400
Cc: Donald Eastlake <d3e3e3@gmail.com>,
Cryptography List <cryptography@metzdowd.com>
To: "Perry E. Metzger" <perry@piermont.com>
>=20
> I don't know, if it is truly only a ten line change to a common WPA2
> driver to read, intercept and alter practically any traffic on the
> network even in enterprise mode, that would seem like a serious issue
> to me. Setting up the enterprise mode stuff to work is a lot of time
> and effort. If it provides essentially no security over WPA2 in shared
> key mode, one wonders what the point of doing that work is. This
> doesn't seem like a mere engineering compromise.
If I understand the problem correctly, it doesn't strike me as =
particularly serious. Fundamentally, it's a way for people in the same =
enterprise and on the same LAN to see each other's traffic. A simple =
ARP-spoofing attack will do the same thing; no crypto needed. Yes, =
that's a more active attack, and in theory is somewhat more noticeable. =
In practice, I suspect the actual risk is about the same.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
