11 November 2008

WPA Wi-Fi Encryption Cracked

Some security researchers claim that they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard, used to protect data on many wireless networks.

I'm not losing sleep over this though, as I'd set my network up to use only WPA2.

You know, I can't help but realise something. Ever since I got rid of "friends" in my life who had been stealing my precious time, effort, money and peace of mind, and started surrounding myself with worthy friends, I've been making the right choice in every security-related decision. :-)


Security experts reveal details of WPA hack

What is TKIP (Temporal Key Integrity Protocol)?

CCMP: Counter mode with Cipher-block chaining Message authentication code Protocol


Ubuntu Dapper Drake Wireless Connection


eremit said...

Well the hack they did isn't that much spectuclar as you might think on first read. Actually it's a variation of the well-known WEP chopchop attack. The attack is kinda limited as you need a long rekeying period (for the TKIP key) and WMM (Wireless Multimedia Extensions) has to be enabled (so that more than one QOS channel is available). Besides that the attack works just uni-directional: Access Point to Client, not vice versa. As I said, the hack isn't spectuclar, but no doubt that the idea is spectular. It perfectly shows two points: 1) you can crack WPA without brute force attacks. 2) people should learn to enable the highest security option they've got: WPA2 (as long as the hardware can handle it, but didn't you want to buy some new hardware recently ;))

Wei-Yee Chan said...

>Well the hack they did isn't that
>much spectuclar as you might think
>on first read.

Yep, this has been over-dramatised by the media.

For the past few days, I've been following news on this. So far, all that they've managed to do in practice is use QoS channels to decrypt ARP packets, though someone might come up with a better exploit soon.

>people should learn to enable
>the highest security option
>they've got: WPA2 (as long as
>the hardware can handle it

Yes, their exploit is based on the vulnerabilities of WEP (a legacy of TKIP). Disable TKIP and only enable CCMP and it'll be safe. But as you stated, the hardware must support that.