Mathy Vanhoef and Eyal Ronen (
Recall that in April the same authors were
However, the analysis showed that the use of Brainpool leads to a new class of side-channel leaks in WPA3's connection negotiation algorithm.
When using Brainpool's elliptic curve, Dragonfly's password encryption algorithm performs several preliminary iterations with the password associated with quickly calculating a short hash before applying the elliptic curve. Until a short hash is found, the operations performed depend directly on the password and MAC address of the client. The execution time (correlates with the number of iterations) and delays between operations during the execution of preliminary iterations can be measured and used to determine the characteristics of the password, which can be used offline to refine the choice of parts of the password in the brute force process. To carry out an attack, it is necessary to have access to the system of a user connecting to a wireless network.
Additionally, researchers have identified a second vulnerability (CVE-2019-13456) associated with information leakage in the implementation of the protocol
In combination with an improved method of filtering out noise in the process of measuring delays, 75 measurements for one MAC address are enough to determine the number of iterations. When using the GPU, the cost of resources for the selection of one dictionary password is estimated at $1. Techniques to improve the security of protocols to block identified problems are already included in the draft versions of future Wi-Fi standards (
Source: opennet.ru