Quote:
|
Originally Posted by topolb
Of course,
In fact you only need a big known (plaintext) packet to be able to create any custom encrypted packet using the same IV and wihout having the key. That is because if you know the plaintext and the cyphertext you can derive the keystream for this specific IV. With this keystream you can encrypt/decrypt anything with this IV.
This way there is no need to crack the key. Only problem is that with one only packet you only can encrypt/decrypt for this IV. For sending packets it is not a problem as the sender is who select the IV. But for decrypting packets you need a known (plaintext) packet for each IV. That's 2^24
It is not so complicated to make this known plain-text. You can for example inject some packet in the wlan from internet (it will be encrypted by the AP), or guess some packet by trafic analysis.
|
can we imagine if we have a big known (plaintext paquet) to spoof the IP/MAC address of the access point and to build a crafted broadcast ping encrypted packet ? so that clients with respond to it and generate other encrypted packets...