Explain the WPA2CCMP attack.

132    Asked by Anil Mer in Cyber Security , Asked on Mar 29, 2022

The use of Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for WPA/WPA2 PSK is being attacked. This is a trivial attack (offline brute force) against the initial key exchange. It should be noted that the IEEE does not recognize this attack. The concern is that there is a tool called Pyrit which claims to make 7.9 million password guesses per second or about 682.5 Billion per day. This is made possible by using the new Intel i7 chips which have the AES-NI instruction set. One of these chips costs less than $300.

What changes to WPA2-PSK are needed in order to mitigate this attack?

Answered by Anisha Dalal

To be precise, the "new WPA2CCMP attack" is an optimization of brute-force, by using a slightly faster way to check whether a key is correct or not, mainly through the knowledge of the first few bytes of plaintext. This offers a speed increase of 50% -- in other words, attacks which took 6 days can now be done in 4 days. To put things in perspective, using a PC from next year will offer the same kind of speedup (but it is cumulative, of course). The main issue with WPA2-PSK has not changed: the conversion from the password to the cryptographic keys is too fast. It should use the same tricks as for password storage, namely iterating hundreds or thousands of hash function invocations. It would not induce any noticeable slowdown in normal usage, but it would make things much harder for the attacker.

Your Answer


Parent Categories