Nonce, The Reuse Gambit


Alas, the WPA assumed ‘secure implementation’ is no more with the discovery (by Dr. Vanhoef) of forced nonce reuse.

‘In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.’ – via Mathy Vanhoef, Ph.D. and Frank Piessens, Ph.D.

This is a Security Bloggers Network syndicated blog post authored by Marc Handelman. Read the original post at: Infosecurity.US