Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion
‎08-05-2019 03:53 PM
‎08-05-2019 03:53 PM

WPA3 - Another day, another flawed protocol...

The Dragonblood team continue to hack away at WPA3. To their credit they have found that the initial recommendation to use Brainpool curves, was go figure, not a good one. It introduces another class of side-channel leaks in the Dragonfly handshake of WPA3.

 

The new side-channel leak is located in the password encoding algorithm of Dragonfly. This algorithm first tries to find a hash output that is smaller than the prime of the elliptic curve being used. With the default NIST curves, such a hash output is practically always found immediately! However, with Brainpool curves, several iterations may have to be executed before finding a hash output smaller than the prime. What was found that only 8 iterations are needed! That costs less than $1 of EC2 compute time! Check out the research at this years Black Hat!

 

Ps. don't get PWNED!

 

Reply
0 Kudos
0 Replies