Security Now said:
Well, it turns out that, if you do the - you start doing the chopchop guessing. You chop the last byte off the packet, and you send it back out into the air, back, for example, at the access point. If the checksum that you guess - remember they still have an ICV on the end. If the checksum is wrong, a TKIP - a newer, modern, strengthened, better protocol system - if the checksum is wrong, it ignores it. It just says, bad checksum, I'm dropping it.
Leo: And you don't get another chance.
Steve: No. It simply drops it because it figures, okay, that was a transmission error. It figures it's a transmission error, so it doesn't punish you for that. So with an average of 128 guesses, just like before under WEP, but now we're under TKIP, using the same kind of approach, when you get it right, when you do end up creating a shorter packet with the CRC, that is the ICV at the end that matches, now the problem is the MIC, the Message Integrity Code, will be wrong. And now that, when that's in violation, if you get a checksum that's correct, but the MIC, the Message Integrity Code, is wrong, now you've pissed off the access point or the client you're sending this to. Anybody who's receiving it is like, whoa, wait a minute, this is a valid packet, but the MIC is wrong. Something's fishy somewhere.
Well, they didn't want to just shut down the whole network. So they said, okay, here's what we'll do. As long as we don't get two MIC failures within a 60-second window, as long as they don't occur more often than once per minute, we'll decide that's okay. Whoops. Because look what happens. You can guess as much as you want and be wrong. But as soon as you guess correctly, you have to wait a minute. But that's not so bad because you just guessed correctly. In knowing that you have to wait a minute - because what happens is a message is sent out that says "MIC failure," so the whole network knows there was one, to sort of like put everybody on notice. But you've just been put on notice that you guessed correctly. So you've got one byte. So you wait a minute, and you start guessing the second from the last byte until you get it. Now, that allows you to march the packet down in size 12 bytes. And that'll take a little over 12 minutes. When you've done that, you've just determined the plaintext for the MIC and for the ICV. Remember, those were the last 12 bytes on a TKIP-encrypted packet.