Mathy Vanhoef ndi Eyal Ronen) njira yatsopano yowukira (CVE-2019-13377) pamanetiweki opanda zingwe pogwiritsa ntchito ukadaulo wachitetezo wa WPA3, womwe umalola kudziwa zambiri za mawu achinsinsi omwe angagwiritsidwe ntchito kulingaliridwa popanda intaneti. Vuto likuwonekera mu mtundu wamakono .
Tikumbukenso kuti mu April olemba omwewo anali Zofooka zisanu ndi chimodzi mu WPA3, kuti athane ndi zomwe Wi-Fi Alliance, yomwe imapanga miyezo yama netiweki opanda zingwe, idasintha malingaliro awo kuti awonetsetse kuti WPA3 yakhazikitsidwa, yomwe imafuna kugwiritsa ntchito ma curve otetezedwa. , m'malo mwa zokhotakhota zovomerezeka kale za P-521 ndi P-256.
Komabe, kuwunikaku kunawonetsa kuti kugwiritsa ntchito Brainpool kumatsogolera kugulu latsopano lamayendedwe am'mbali pamakina olumikizirana omwe amagwiritsidwa ntchito mu WPA3. , chitetezo ku kulosera achinsinsi mu mode offline. Vuto lomwe lazindikirika likuwonetsa kuti kupanga kukhazikitsa kwa Dragonfly ndi WPA3 kopanda kutayikira kwa data ya chipani chachitatu ndikovuta kwambiri, komanso kukuwonetsa kulephera kwachitsanzo chokhala ndi miyezo yotseka zitseko popanda kukambirana pagulu za njira zomwe akufuna ndikuwunika ndi anthu ammudzi.
Mukamagwiritsa ntchito mapindikidwe ozungulira a Brainpool, Dragonfly imayika mawu achinsinsi pobwereza mawu achinsinsi angapo kuti muwerenge kachidutswa kakang'ono musanagwiritse ntchito piritsi. Mpaka kachidutswa kakang'ono kamapezeka, ntchito zomwe zimachitika zimatengera mawu achinsinsi a kasitomala ndi adilesi ya MAC. Nthawi yogwiritsira ntchito (yogwirizana ndi kuchuluka kwa kubwereza) ndi kuchedwa pakati pa ntchito panthawi yobwereza koyambirira kungayesedwe ndi kugwiritsidwa ntchito kuti mudziwe zizindikiro zachinsinsi zomwe zingagwiritsidwe ntchito kunja kwa intaneti kuti zisinthe masankhidwe a mawu achinsinsi mu ndondomeko yachinsinsi. Kuti achite chiwopsezo, wogwiritsa ntchito wolumikizana ndi netiweki yopanda zingwe ayenera kukhala ndi mwayi wogwiritsa ntchito makinawo.
Kuphatikiza apo, ofufuzawo adazindikira chiwopsezo chachiwiri (CVE-2019-13456) cholumikizidwa ndi kutayikira kwa chidziwitso pakukhazikitsa protocol. , pogwiritsa ntchito algorithm ya Dragonfly. Vutoli ndilapadera pa seva ya FreeRADIUS RADIUS ndipo, kutengera kutayikira kwa chidziwitso kudzera pamayendedwe a chipani chachitatu, monga chiwopsezo choyamba, zitha kufewetsa kulosera zachinsinsi.
Kuphatikizidwa ndi njira yowongoleredwa yosefera phokoso pakuyezera kwa latency, miyeso 75 pa adilesi ya MAC ndiyokwanira kudziwa kuchuluka kwa kubwereza. Mukamagwiritsa ntchito GPU, mtengo wowerengera mawu achinsinsi a mtanthauzira mawu akuti $1. Njira zosinthira chitetezo cha protocol kuti muletse zovuta zomwe zadziwika zaphatikizidwa kale m'mitundu yamtsogolo ya Wi-Fi () ndi . Tsoka ilo, sikungatheke kuthetsa kutayikira kudzera pamayendedwe a chipani chachitatu popanda kuphwanya kutsata m'mbuyo m'mitundu yamakono.
Source: opennet.ru