chopchoptheory

# Differences

This shows you the differences between two versions of the page.

 chopchoptheory [2006/11/19 16:12]darkaudax chopchoptheory [2010/11/21 15:46] (current)sleek typos 2010/11/21 15:46 sleek typos2007/02/28 22:05 darkaudax 2006/11/19 16:12 darkaudax Next revision Previous revision 2010/11/21 15:46 sleek typos2007/02/28 22:05 darkaudax 2006/11/19 16:12 darkaudax Line 30: Line 30: * D0 to D4 remain the same. * D0 to D4 remain the same. * R5 = I3 + K5 = I3 + (D5+D5) + K5 = (I3+D5) + (D5+K5) = X + S5. * R5 = I3 + K5 = I3 + (D5+D5) + K5 = (I3+D5) + (D5+K5) = X + S5. - * R6 to R8 are computed by reversing one crc step based on the value of X. There's a correspondence among I2-I0 and J3-J1 because crc shiftes them back but D5 "pushes" them forward again. They are not necessarily keeping the same values, but their difference depends only on X, which we have guessed. + * R6 to R8 are computed by reversing one crc step based on the value of X. There's a correspondence among I2-I0 and J3-J1 because crc shifts them back but D5 "pushes" them forward again. They are not necessarily keeping the same values, but their difference depends only on X, which we have guessed. * J0 depends only on X. K9 = S9 + J0. We have guessed the last message byte and the last byte of keystream. * J0 depends only on X. K9 = S9 + J0. We have guessed the last message byte and the last byte of keystream. Line 36: Line 36: By doing this, we have found a valid frame 1 byte shorter than original one, and we have guessed one byte of keystream. This process can be induced to get the whole keystream. By doing this, we have found a valid frame 1 byte shorter than original one, and we have guessed one byte of keystream. This process can be induced to get the whole keystream. + + For additional detailed descriptions see: + + * [[http://www.netstumbler.org/showthread.php?t=12489|Chopchop Attack]] in the original Netstumbler thread. + * [[http://www.informit.com/guides/printerfriendly.asp?g=security&seqNum=196|Byte-Sized Decryption of WEP with Chopchop, Part 1]] and [[http://www.informit.com/guides/printerfriendly.asp?g=security&seqNum=197|Byte-Sized Decryption of WEP with Chopchop, Part 2]] + +
chopchoptheory.1163949138.txt.gz ยท Last modified: 2007/02/28 22:05 (external edit)