User Tools

Site Tools


chopchoptheory

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
chopchoptheory [2006/11/19 16:12]
darkaudax
chopchoptheory [2010/11/21 15:46]
sleek typos
Line 30: Line 30:
   * D0 to D4 remain the same.   * D0 to D4 remain the same.
   * R5 = I3 + K5 = I3 + (D5+D5) + K5 = (I3+D5) + (D5+K5) = X + S5.   * R5 = I3 + K5 = I3 + (D5+D5) + K5 = (I3+D5) + (D5+K5) = X + S5.
-  * R6 to R8 are computed by reversing one crc step based on the value of X. There'​s a correspondence among I2-I0 and J3-J1 because crc shiftes ​them back but D5 "​pushes"​ them forward again. They are not necessarily keeping the same values, but their difference depends only on X, which we have guessed.+  * R6 to R8 are computed by reversing one crc step based on the value of X. There'​s a correspondence among I2-I0 and J3-J1 because crc shifts ​them back but D5 "​pushes"​ them forward again. They are not necessarily keeping the same values, but their difference depends only on X, which we have guessed.
   * J0 depends only on X. K9 = S9 + J0. We have guessed the last message byte and the last byte of keystream.   * J0 depends only on X. K9 = S9 + J0. We have guessed the last message byte and the last byte of keystream.
  
Line 36: Line 36:
  
 By doing this, we have found a valid frame 1 byte shorter than original one, and we have guessed one byte of keystream. This process can be induced to get the whole keystream. By doing this, we have found a valid frame 1 byte shorter than original one, and we have guessed one byte of keystream. This process can be induced to get the whole keystream.
 +
 +For additional detailed descriptions see:
 +
 +  * [[http://​www.netstumbler.org/​showthread.php?​t=12489|Chopchop Attack]] in the original Netstumbler thread.
 +  * [[http://​www.informit.com/​guides/​printerfriendly.asp?​g=security&​seqNum=196|Byte-Sized Decryption of WEP with Chopchop, Part 1]] and [[http://​www.informit.com/​guides/​printerfriendly.asp?​g=security&​seqNum=197|Byte-Sized Decryption of WEP with Chopchop, Part 2]]
 +
 +
  
chopchoptheory.txt ยท Last modified: 2010/11/21 15:46 by sleek