Skip to main content

Posts

Showing posts from October, 2017

WPA2 KRACK unleashed

WPA2 Krack in a nutshell

While its raging all over , lets see in what the finding is all about?

KRACK (Key Reinstallation Attack) is a replay attack discovered in 2016 by Belgian researchers Mathy Vanhoef and Frank Piessens.

The details were published in October 2017.

1. Where exactly is KRACK exploiting wireless networks?

WPA2 protocol offers a "four-way handshake."

In simple words, the 4-way handshake determines whether a user attempting to join a network and the access point offering the network have matching credentials.

By repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic.

2. How does it become vulnerable?

The four-way handshake generates a new encryption key ( the third communication in the four way handshake)

3. Enter the "Key Reinstallation Attack"

At this juncture, a hacker can tamper/ record and replay t…