
<div dir="ltr"><div>Thanks for that Paul, another job to add to the list :)</div><div> </div><div>Regards</div><div>Jason A Reid</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jan 8, 2013 at 7:39 AM, Paul Gear <span dir="ltr"><<a href="mailto:ausnog@libertysys.com.au" target="_blank">ausnog@libertysys.com.au</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  
  <div text="#000000" bgcolor="#FFFFFF"><div class="im">

    <div>On 01/07/2013 10:01 PM, Jason Reid

      wrote:<br>

    </div>

    <blockquote type="cite">

      
      <div dir="ltr">Interesting that TKIP support is an issue - some of

        our older WAPs with TKIP only are having issues with

        iphone/ipads only (wintel/androids ok)...</div>

      <div class="gmail_extra"><br>

        <br>

        <div class="gmail_quote">

          On Mon, Jan 7, 2013 at 4:53 PM, Thomas Jackson <span dir="ltr"><<a href="mailto:thomas@thomax.com.au" target="_blank">thomas@thomax.com.au</a>></span>

          wrote:<br>

          <blockquote class="gmail_quote">

            A colleague was talking about this the other day -

            apparently they had some<br>

            iPad 2 units working perfectly until upgrading them and

            their new iPhone 5s<br>

            wouldn't connect at all.<br>

            <br>

            In the end, he found out that TKIP support (which is what

            their APs were<br>

            configured to use) seems to have vanished, and AES was the

            only supported<br>

            cipher. After swapping over, suddenly everything started

            working again.<br>

          </blockquote>

        </div>

      </div>

    </blockquote>

    <br></div>

    I'm surprised it works at all.  The IEEE and the Wi-Fi Alliance

    deprecated it starting from 2009. [1]  There were attacks published

    against TKIP with WPA [2] [3], and my understanding is that these

    were later extended to work against the WPA2 version of TKIP as well

    (although i haven't managed to find the reference).<br>

    <br>

    Turning off TKIP in all equipment that supports it (and replacing

    equipment that doesn't) is the only viable course of action, IMO.<br>

    <br>

    Regards,<br>

    Paul<br>

    <br>

    [1] <a href="http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol" target="_blank">http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol</a><br>

    [2]

<a href="http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf" target="_blank">http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf</a><br>


    [3]

<a href="http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi-fi.html" target="_blank">http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi-fi.html</a><br>

  </div>


<br>_______________________________________________<br>

AusNOG mailing list<br>

<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>

<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>

<br></blockquote></div><br><br clear="all"><br>-- <br>Jason Reid

</div>