{"id":52919,"date":"2017-10-19T11:46:10","date_gmt":"2017-10-19T03:46:10","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=52919"},"modified":"2017-10-24T16:57:36","modified_gmt":"2017-10-24T08:57:36","slug":"wpa2-%e5%8a%a0%e5%af%86%e6%a9%9f%e5%88%b6%e7%88%86%e6%bc%8f%e6%b4%9e-%e4%ba%94%e6%8b%9b%e8%87%aa%e4%bf%9d%e4%bb%a5%e9%98%b2wi-fi-%e4%b8%8a%e7%b6%b2%e9%81%ad%e5%81%b7%e7%aa%ba","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=52919","title":{"rendered":"WPA2 \u52a0\u5bc6\u6a5f\u5236\u7206\u6f0f\u6d1e, \u4e94\u62db\u81ea\u4fdd\u4ee5\u9632Wi-Fi \u4e0a\u7db2\u906d\u5077\u7aba"},"content":{"rendered":"

\u6700\u8fd1\uff0cWi-Fi \u7121\u7dda\u7db2\u8def\u52a0\u5bc6\u5354\u5b9a WPA2 \u88ab\u63ed\u9732<\/a>\u591a\u9805\u5b89\u5168\u6f0f\u6d1e\uff0c\u64da\u7a31\u53ef\u80fd\u8b93 Wi-Fi \u7121\u7dda\u88dd\u7f6e\u906d\u5230\u6240\u8b02\u7684\u300c\u91d1\u9470\u91cd\u65b0\u5b89\u88dd\u653b\u64ca\u300d(Key Reinstallation AttaCK\uff0c\u7c21\u7a31 KRACK)\uff0c\u662f\u4e00\u7a2e\u91dd\u5c0d WPA2 \u52a0\u5bc6\u6a5f\u5236\u6f0f\u6d1e\u7684\u6982\u5ff5\u9a57\u8b49\u653b\u64ca\u3002KRACK \u63a1\u7528\u7684\u662f\u300c\u7be1\u6539\u4e26\u91cd\u9001\u52a0\u5bc6\u4ea4\u63e1\u8a0a\u606f\u300d\u7684\u624b\u6cd5\uff0c\u4e5f\u5c31\u662f\u5f9e\u7cfb\u7d71\u548c\u88dd\u7f6e\u5728\u5f7c\u6b64\u901a\u8a0a\u4e4b\u524d\u4ea4\u63db\u53c3\u6578\u7684\u6d41\u7a0b\u4e0b\u624b\u3002<\/p>\n

 <\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

WPA2 \u662f\u85c9\u7531\u6388\u6b0a\u8207\u52a0\u5bc6\u6a5f\u5236\u4f86\u78ba\u4fdd Wi-Fi \u88dd\u7f6e\u53ca\u786c\u9ad4\u7684\u901a\u8a0a\u5b89\u5168\u3002KRACK \u653b\u64ca\u5982\u679c\u5f97\u901e\uff0c\u99ed\u5ba2\u5c31\u80fd\u5077\u7aba\u88dd\u7f6e\u8207 Wi-Fi \u7121\u7dda\u57fa\u5730\u53f0\u4e4b\u9593\u7684\u7db2\u8def\u6d41\u91cf\u3002<\/p>\n

\u6839\u64da\u79d1\u6280\u65b0\u805e\u7db2\u7ad9 Ars Technica<\/a> \u8868\u793a\uff0c\u7f8e\u570b\u96fb\u8166\u7dca\u6025\u61c9\u8b8a\u5c0f\u7d44 (United States Computer Emergency Readiness Team\uff0c\u7c21\u7a31 US-CERT) \u5728\u91dd\u5c0d\u67d0\u4e9b\u6a5f\u69cb\u767c\u51fa\u7684\u516c\u544a\u7576\u4e2d\u6307\u51fa\uff0c\u9019\u6279\u6f0f\u6d1e\u662f\u767c\u751f\u5728\u96d9\u65b9\u9032\u884c\u4ea4\u63e1 (handshake) \u4ee5\u7522\u751f\u7db2\u8def\u901a\u8a0a\u52a0\u5bc6\u91d1\u9470\u7684\u904e\u7a0b\u3002\u6b64\u91d1\u9470\u53ea\u8981\u88ab\u91cd\u65b0\u50b3\u9001\u591a\u6b21\uff0c\u672a\u4f86\u5c31\u80fd\u91cd\u8907\u4f7f\u7528\uff0c\u4f46\u8a72\u91d1\u9470\u539f\u672c\u61c9\u8a72\u53ea\u80fd\u4f7f\u7528\u4e00\u6b21\u3002<\/p>\n

[\u5ef6\u4f38\u95b1\u8b80\uff1a<\/strong>\u516c\u5171 Wi-Fi \u57fa\u5730\u53f0\u5b89\u5168\u55ce\uff1f<\/strong><\/a>]<\/strong><\/p>\n

\u6839\u64da Ars Technica \u7684\u5f15\u8ff0\uff1a\u300cUS-CERT \u76ee\u524d\u5df2\u638c\u63e1\u591a\u500b WPA2 \u52a0\u5bc6\u5354\u5b9a\u56db\u5411\u4ea4\u63e1 (4-way handshake) \u6d41\u7a0b\u76f8\u95dc\u7684\u91d1\u9470\u7ba1\u7406\u6f0f\u6d1e\u3002\u9019\u4e9b\u6f0f\u6d1e\u53ef\u80fd\u5f15\u767c\u7684\u554f\u984c\u5305\u62ec\uff1a\u5c01\u5305\u89e3\u5bc6\u3001\u5c01\u5305\u8f49\u905e\u3001TCP \u9023\u7dda\u633e\u6301\u3001HTTP \u5167\u5bb9\u6ce8\u5165\u2026\u7b49\u7b49\u3002\u8acb\u6ce8\u610f\uff0c\u7531\u65bc\u9019\u662f\u901a\u8a0a\u5354\u5b9a\u5c64\u6b21\u4e0a\u7684\u554f\u984c\uff0c\u56e0\u6b64\u6240\u6709\u6216\u7d55\u5927\u90e8\u5206\u6b63\u78ba\u5be6\u4f5c\u8a72\u5354\u5b9a\u7684\u88dd\u7f6e\u90fd\u53d7\u5230\u5f71\u97ff\u3002\u300d<\/p>\n

\u7814\u7a76\u4eba\u54e1\u6307\u51fa\uff0c\u6709 41% \u7684 Android \u88dd\u7f6e\u5c07\u53d7\u5230 KRACK \u653b\u64ca\u624b\u6cd5\u7684\u5f71\u97ff\uff0c\u800c Linux \u7cfb\u7d71\u4e5f\u53d7\u5230\u56b4\u91cd\u5f71\u97ff\u3002\u6b64\u5916 Apple\u3001Windows\u3001OpenBSD\u3001MediaTek \u4ee5\u53ca Linksys \u7684\u88dd\u7f6e\u4e5f\u540c\u6a23\u53d7\u9019\u6279\u6f0f\u6d1e\u5f71\u97ff\u3002\u4ee5\u4e0b\u662f\u9019\u6279\u6f0f\u6d1e\u7684 CVE \u7de8\u865f\u6e05\u55ae\uff1a<\/p>\n