Closed hector2007ss closed 1 year ago
See https://www.fragattacks.com/#tkip and https://www.fragattacks.com/#wep
On Wed, May 17, 2023, 11:07 hector2007ss @.***> wrote:
Is it possible that these vulnerabilities exist on devices without the (AES -) CCMP encryption?
— Reply to this email directly, view it on GitHub https://github.com/vanhoefm/fragattacks/issues/54, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE3YK4JIGC4CXRI27TQMXTXGQ6H7ANCNFSM6AAAAAAYEOYO4Y . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Encryption algorithms GCMP are also not supported, so is it possible that these vulnerabilities exist on devices with GCMP encryption?
These questions are also covered in the paper. Search for the term GCMP.
On Wed, May 17, 2023, 11:28 hector2007ss @.***> wrote:
Encryption algorithms GCMP are also not supported, so is it possible that these vulnerabilities exist on devices with GCMP encryption?
— Reply to this email directly, view it on GitHub https://github.com/vanhoefm/fragattacks/issues/54#issuecomment-1550633775, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE3YK2DRUEEB7K36P4LJXLXGRAXFANCNFSM6AAAAAAYEOYO4Y . You are receiving this because you commented.Message ID: @.***>
According to my understanding, if vulnerabilities are discovered through testing according to the method of this project, whether using CCMP or GCMP, these attacks can be implemented. Is this correct?
Ah, this project specifically tests using CCMP only. There's a good chance that if an implementation is vulnerable when using CCMP (so when this tool says an implementation is vulnerable) that it will also be vulnerable when using GCMP. But the only way to be sure that an implementation is also vulnerable when using GCMP, is to extend this tool to also support GCMP.
Op wo 17 mei 2023 om 11:38 schreef hector2007ss @.***>:
According to my understanding, if vulnerabilities are discovered through testing according to the method of this project, whether using CCMP or GCMP, these attacks can be implemented. Is this correct?
— Reply to this email directly, view it on GitHub https://github.com/vanhoefm/fragattacks/issues/54#issuecomment-1550644206, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE3YKZ7UWS3GHUQ6EVYN7DXGRB4DANCNFSM6AAAAAAYEOYO4Y . You are receiving this because you commented.Message ID: @.***>
Is it possible that these vulnerabilities exist on devices without the (AES -) CCMP encryption?