Mathy Vanhoef le Eyal Ronen) mokhoa o mocha oa tlhaselo (CVE-2019-13377) ho marang-rang a se nang mohala a sebelisang theknoloji ea ts'ireletso ea WPA3, e lumellang ho fumana tlhahisoleseling mabapi le litšobotsi tsa password tse ka sebelisoang ho e hakanya ntle le marang-rang. Bothata bo hlaha phetolelong ea hajoale .
A re hopoleng hore ka April bona bangoli ba bofokoli bo ts'eletseng ho WPA3, ho loants'a seo Wi-Fi Alliance, e nts'etsang litekanyetso tsa marang-rang a se nang mohala, e entseng liphetoho ho likhothaletso tsa ho netefatsa ts'ebetso e bolokehileng ea WPA3, e neng e hloka ts'ebeliso ea li-curve tse sireletsehileng tsa elliptic. , sebakeng sa li-curve tsa elliptic tse neng li sebetsa pele P-521 le P-256.
Leha ho le joalo, tlhahlobo e bonts'itse hore ts'ebeliso ea Brainpool e lebisa sehlopheng se secha sa ho lutla ha kanale ea lehlakore ho algorithm ea puisano e sebelisoang ho WPA3. , tshireletso kgahlanong le ho hakanya phasewete ka mokgwa wa offline. Bothata bo khethiloeng bo bonts'a hore ho theha ts'ebetsong ea Dragonfly le WPA3 ntle le ho lutla ha data ea motho oa boraro ho thata haholo, hape ho bonts'a ho hloleha ha mohlala oa ho nts'etsapele litekanyetso ka mor'a mamati a koetsoeng ntle le lipuisano tsa sechaba tsa mekhoa e reriloeng le tlhahlobo ea sechaba.
Ha o sebelisa Brainpool's elliptic curve, Dragonfly e kenya phasewete ka ho pheta-pheta mantsoe a 'maloa a password ho kopanya hash e khuts'oane pele e sebelisa elliptic curve. Ho fihlela hashe e khuts'oane e fumanoa, lits'ebetso tse entsoeng li ipapisitse le password ea moreki le aterese ea MAC. Nako ea ts'ebetso (e amanang le palo ea ho pheta-pheta) le tieho lipakeng tsa ts'ebetso nakong ea likhakanyo tsa pele li ka lekanyetsoa le ho sebelisoa ho fumana litšobotsi tsa password tse ka sebelisoang ntle le marang-rang ho ntlafatsa khetho ea likarolo tsa phasewete ts'ebetsong ea ho hakanya phasewete. Ho etsa tlhaselo, mosebelisi ea hokahanyang marang-rang a se nang mohala o tlameha ho fihlella sistimi.
Ho feta moo, bafuputsi ba fumane ts'oaetso ea bobeli (CVE-2019-13456) e amanang le ho lutla ha tlhahisoleseling ts'ebetsong ea protocol. , ho sebelisa algorithm ea Dragonfly. Bothata bo tobile ho seva sa FreeRADIUS RADIUS, 'me, ho ipapisitse le ho lutla ha tlhahisoleseling ka liteishene tsa batho ba bang, joalo ka ts'oaetso ea pele, e ka nolofatsa haholo ho hakanya phasewete.
Ha e kopantsoe le mokhoa o ntlafalitsoeng oa ho sefa lerata ts'ebetsong ea tekanyo ea latency, litekanyo tse 75 ka aterese ea MAC li lekane ho fumana palo ea ho pheta-pheta. Ha u sebelisa GPU, litšenyehelo tsa lisebelisoa tsa ho hakanya phasewete e le 'ngoe ea bukana e hakanyetsoa ho $1. Mekhoa ea ho ntlafatsa ts'ireletso ea protocol ho thibela mathata a khethiloeng a se a kenyelelitsoe liphetolelong tsa litekanyetso tsa nakong e tlang tsa Wi-Fi () le . Ka bomalimabe, ho ke ke ha khoneha ho felisa ho lutla ka liteishene tsa batho ba bang ntle le ho senya tšebelisano ea morao-rao liphetolelong tsa hajoale tsa protocol.
Source: opennet.ru