TKIP attack

Jouni Malinen j
Wed Nov 12 10:01:28 PST 2008

On Wed, Nov 12, 2008 at 07:55:56AM -0800, Miles wrote:
> Jouni, wpa_receive() is only for EAPOL-KEY message, not for encrypted data. isn't it? For MIC error happens in data packets, we will wait 2 times.

Yes, if the MIC failure is detected at the AP, hostapd will wait for two
failure indication before starting countermeasures or doing any
rekeying. As far as the current TKIP chopchop attack is concerned, it
depends on the Michael MIC failure report frame (i.e., that EAPOL-Key
message) to figure out when a guess was correct. As such, it does not
work against the AP as the entity for verifying guesses.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list