-
November 6th, 2008, 01:10 PM
#1
WPA Wi-Fi encryption is cracked?
Why does this feel like deja vu? I thought this was already cracked or am I imagining it? Either way, it's starting to show how wireless -- by itself -- isn't a reliable secure protocol and no one should expect it to be that way (unless you have some good VPN stuff between you and what you're protecting.
Source: Network World
Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.
The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.
To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.
.... Read more
Last edited by MrLinus; November 6th, 2008 at 08:32 PM.
-
November 6th, 2008, 06:11 PM
#2
I didn't see anything about WPA-AES. I'm wondering if that's still safe. I would assume so, no?
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
November 6th, 2008, 08:32 PM
#3
Ya. Just plain WPA, not WPA-AES. This is the practical implication of it.
-
November 6th, 2008, 10:52 PM
#4
"...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
--Socrates
*Einstein Would Be Proud*
-
November 7th, 2008, 01:17 AM
#5
Originally Posted by ShagDevil
I didn't see anything about WPA-AES. I'm wondering if that's still safe. I would assume so, no?
It's still a pretty big achievement b/c most people and even most companies buy cheap routers that don't even offer the option of WPA2 (layman's term for WPA-AES).
Even the AES version is subject to a dictionary attack unless you go with the enterprise version.
AES is supposed to be one tough cookie...I wonder how long before it becomes as easy to crack as WEP is now?
-
November 7th, 2008, 05:02 PM
#6
From Slashdot:
"The reports earlier today on WPA's TKIP key type being cracked were incorrect. I spoke at length with Erik Tews, the joint author of the paper that discloses a checksum weakness in TKIP that allows individual short packets to be decrypted without revealing the TKIP key. I wrote this up for Ars Technica with quite a bit of background on WEP and WPA. Tews's paper, co-written with Martin Beck, whom he credits as discovering and implementing a working crack (in aircrack-ng as a module), describes a way to use a backwards-compatible part of TKIP to exploit a weakness that remains from WEP. ARP packets and similarly short packets can be decoded. Longer packets are likely still safe, and TKIP hasn't been cracked. Don't believe the hype, but the exploit is still notable."
Links:
http://it.slashdot.org/it/08/11/07/1312246.shtml
http://arstechnica.com/articles/paedia/wpa-cracked.ars
Thought this might clear up some confusion.
Edit:
The 802.11i group also added Advanced Encryption System (AES) support—the AES-128 flavor—which uses, take a breath, the Counter Mode with CBC-MAC (Cipher Block Chaining Message Authentication Code) Protocol or CCMP. This flavor of AES both encrypts data and ensures its integrity. The flaw discovered by Tews and Beck cannot work against AES.
Last edited by westin; November 7th, 2008 at 05:09 PM.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
November 8th, 2008, 07:05 AM
#7
"...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
--Socrates
*Einstein Would Be Proud*
Similar Threads
-
By 576869746568617 in forum Cryptography, Steganography, etc.
Replies: 1
Last Post: July 10th, 2006, 10:38 PM
-
By kruptos in forum The Security Tutorials Forum
Replies: 0
Last Post: January 29th, 2005, 01:01 AM
-
By CyberSpyder in forum AntiOnline's General Chit Chat
Replies: 0
Last Post: March 25th, 2003, 09:31 AM
-
By Noia in forum The Security Tutorials Forum
Replies: 6
Last Post: January 6th, 2003, 10:24 AM
-
By Ennis in forum The Security Tutorials Forum
Replies: 5
Last Post: July 5th, 2002, 09:08 PM
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|