topic WPA3 - Another day, another flawed protocol... in Tech Talk https://community.isc2.org/t5/Tech-Talk/WPA3-Another-day-another-flawed-protocol/m-p/26396#M1639 <P>The <A href="https://wpa3.mathyvanhoef.com/" target="_blank" rel="noopener">Dragonblood team</A> continue to hack away at WPA3. To their credit they have found that the initial recommendation to use Brainpool curves, was go figure, not a good one. It introduces another class of side-channel leaks in the Dragonfly handshake of WPA3.</P><P>&nbsp;</P><P>The new side-channel leak is located in the password encoding algorithm of Dragonfly. This algorithm first tries to find a hash output that is smaller than the prime of the elliptic curve being used. With the default NIST curves, such a hash output is practically always found immediately! However, with Brainpool curves, several iterations may have to be executed before finding a hash output smaller than the prime. What was found that only 8 iterations are needed! That costs less than $1 of EC2 compute time! Check out the research at this years Black Hat!</P><P>&nbsp;</P><P>Ps. don't get PWNED!</P><P>&nbsp;</P> Mon, 09 Oct 2023 09:17:39 GMT AppDefects 2023-10-09T09:17:39Z WPA3 - Another day, another flawed protocol... https://community.isc2.org/t5/Tech-Talk/WPA3-Another-day-another-flawed-protocol/m-p/26396#M1639 <P>The <A href="https://wpa3.mathyvanhoef.com/" target="_blank" rel="noopener">Dragonblood team</A> continue to hack away at WPA3. To their credit they have found that the initial recommendation to use Brainpool curves, was go figure, not a good one. It introduces another class of side-channel leaks in the Dragonfly handshake of WPA3.</P><P>&nbsp;</P><P>The new side-channel leak is located in the password encoding algorithm of Dragonfly. This algorithm first tries to find a hash output that is smaller than the prime of the elliptic curve being used. With the default NIST curves, such a hash output is practically always found immediately! However, with Brainpool curves, several iterations may have to be executed before finding a hash output smaller than the prime. What was found that only 8 iterations are needed! That costs less than $1 of EC2 compute time! Check out the research at this years Black Hat!</P><P>&nbsp;</P><P>Ps. don't get PWNED!</P><P>&nbsp;</P> Mon, 09 Oct 2023 09:17:39 GMT https://community.isc2.org/t5/Tech-Talk/WPA3-Another-day-another-flawed-protocol/m-p/26396#M1639 AppDefects 2023-10-09T09:17:39Z