
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">On 01/07/2013 10:01 PM, Jason Reid

      wrote:<br>

    </div>

    <blockquote

cite="mid:CABQbxzjy7rV04enAgJV6yiqoZ-i-+ebPk+UN667PrHx1Kv2q8Q@mail.gmail.com"

      type="cite">

      <meta http-equiv="Context-Type" content="text/html;

        charset=ISO-8859-1">

      <div dir="ltr">Interesting that TKIP support is an issue - some of

        our older WAPs with TKIP only are having issues with

        iphone/ipads only (wintel/androids ok)...</div>

      <div class="gmail_extra"><br>

        <br>

        <div class="gmail_quote">

          On Mon, Jan 7, 2013 at 4:53 PM, Thomas Jackson <span

            dir="ltr"><<a moz-do-not-send="true"

              href="mailto:thomas@thomax.com.au" target="_blank">thomas@thomax.com.au</a>></span>

          wrote:<br>

          <blockquote class="gmail_quote">

            A colleague was talking about this the other day -

            apparently they had some<br>

            iPad 2 units working perfectly until upgrading them and

            their new iPhone 5s<br>

            wouldn't connect at all.<br>

            <br>

            In the end, he found out that TKIP support (which is what

            their APs were<br>

            configured to use) seems to have vanished, and AES was the

            only supported<br>

            cipher. After swapping over, suddenly everything started

            working again.<br>

          </blockquote>

        </div>

      </div>

    </blockquote>

    <br>

    I'm surprised it works at all.  The IEEE and the Wi-Fi Alliance

    deprecated it starting from 2009. [1]  There were attacks published

    against TKIP with WPA [2] [3], and my understanding is that these

    were later extended to work against the WPA2 version of TKIP as well

    (although i haven't managed to find the reference).<br>

    <br>

    Turning off TKIP in all equipment that supports it (and replacing

    equipment that doesn't) is the only viable course of action, IMO.<br>

    <br>

    Regards,<br>

    Paul<br>

    <br>

    [1] <a class="moz-txt-link-freetext" href="http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol">http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol</a><br>

    [2]

<a class="moz-txt-link-freetext" href="http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf">http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf</a><br>

    [3]

<a class="moz-txt-link-freetext" href="http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi-fi.html">http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi-fi.html</a><br>

  </body>

</html>