vanhoefm / fragattacks

Other
1.24k stars 185 forks source link

Is it possible that these vulnerabilities exist on devices without the (AES -) CCMP encryption? #54

Closed hector2007ss closed 1 year ago

hector2007ss commented 1 year ago

Is it possible that these vulnerabilities exist on devices without the (AES -) CCMP encryption?

vanhoefm commented 1 year ago

See https://www.fragattacks.com/#tkip and https://www.fragattacks.com/#wep

On Wed, May 17, 2023, 11:07 hector2007ss @.***> wrote:

Is it possible that these vulnerabilities exist on devices without the (AES -) CCMP encryption?

— Reply to this email directly, view it on GitHub https://github.com/vanhoefm/fragattacks/issues/54, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE3YK4JIGC4CXRI27TQMXTXGQ6H7ANCNFSM6AAAAAAYEOYO4Y . You are receiving this because you are subscribed to this thread.Message ID: @.***>

hector2007ss commented 1 year ago

Encryption algorithms GCMP are also not supported, so is it possible that these vulnerabilities exist on devices with GCMP encryption?

vanhoefm commented 1 year ago

These questions are also covered in the paper. Search for the term GCMP.

On Wed, May 17, 2023, 11:28 hector2007ss @.***> wrote:

Encryption algorithms GCMP are also not supported, so is it possible that these vulnerabilities exist on devices with GCMP encryption?

— Reply to this email directly, view it on GitHub https://github.com/vanhoefm/fragattacks/issues/54#issuecomment-1550633775, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE3YK2DRUEEB7K36P4LJXLXGRAXFANCNFSM6AAAAAAYEOYO4Y . You are receiving this because you commented.Message ID: @.***>

hector2007ss commented 1 year ago

According to my understanding, if vulnerabilities are discovered through testing according to the method of this project, whether using CCMP or GCMP, these attacks can be implemented. Is this correct?

vanhoefm commented 1 year ago

Ah, this project specifically tests using CCMP only. There's a good chance that if an implementation is vulnerable when using CCMP (so when this tool says an implementation is vulnerable) that it will also be vulnerable when using GCMP. But the only way to be sure that an implementation is also vulnerable when using GCMP, is to extend this tool to also support GCMP.

Op wo 17 mei 2023 om 11:38 schreef hector2007ss @.***>:

According to my understanding, if vulnerabilities are discovered through testing according to the method of this project, whether using CCMP or GCMP, these attacks can be implemented. Is this correct?

— Reply to this email directly, view it on GitHub https://github.com/vanhoefm/fragattacks/issues/54#issuecomment-1550644206, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE3YKZ7UWS3GHUQ6EVYN7DXGRB4DANCNFSM6AAAAAAYEOYO4Y . You are receiving this because you commented.Message ID: @.***>