@article{13586,
  keywords = {802.11, MIC, Michael, temporal key hash, TKIP, WPA},
  author = {Vebj{\o}rn Moen and H{\r a}vard Raddum and Kjell Hole},
  title = {Weaknesses in the temporal key hash of WPA},
  abstract = {This article describes some weaknesses in the key scheduling in Wi-Fi Protected Access (WPA) put forward to secure the IEEE standard 802.11-1999. Given a few RC4 packet keys in WPA it is possible to find the Temporal Key (TK) and the Message Integrity Check (MIC) key. This is not a practical attack on WPA, but it shows that parts of WPA are weak on their own. Using this attack it is possible to do a TK recovery attack on WPA with complexity O(2105) compared to a brute force attack with complexity O (2128).},
  year = {2004},
  journal = {Mobile Computing and Communications Review},
  volume = {8},
  pages = {76-83},
  month = {04/2004},
  publisher = {ACM Sigmobile},
  doi = {10.1145/997122.997132},
}