WPA Wi-Fi encryption is cracked?
Results 1 to 7 of 7

Thread: WPA Wi-Fi encryption is cracked?

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    WPA Wi-Fi encryption is cracked?

    Why does this feel like deja vu? I thought this was already cracked or am I imagining it? Either way, it's starting to show how wireless -- by itself -- isn't a reliable secure protocol and no one should expect it to be that way (unless you have some good VPN stuff between you and what you're protecting.


    Source: Network World

    Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

    The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.


    To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.


    .... Read more
    Last edited by MrLinus; November 6th, 2008 at 07:32 PM.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    I didn't see anything about WPA-AES. I'm wondering if that's still safe. I would assume so, no?
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Ya. Just plain WPA, not WPA-AES. This is the practical implication of it.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member C:\Saw's Avatar
    Join Date
    Jan 2008
    Posts
    125
    "...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
    --Socrates

    *Einstein Would Be Proud*

  5. #5
    0_o Mastermind keezel's Avatar
    Join Date
    Jun 2003
    Location
    Atlanta
    Posts
    1,024
    Quote Originally Posted by ShagDevil View Post
    I didn't see anything about WPA-AES. I'm wondering if that's still safe. I would assume so, no?
    It's still a pretty big achievement b/c most people and even most companies buy cheap routers that don't even offer the option of WPA2 (layman's term for WPA-AES).

    Even the AES version is subject to a dictionary attack unless you go with the enterprise version.

    AES is supposed to be one tough cookie...I wonder how long before it becomes as easy to crack as WEP is now?

  6. #6
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    From Slashdot:

    "The reports earlier today on WPA's TKIP key type being cracked were incorrect. I spoke at length with Erik Tews, the joint author of the paper that discloses a checksum weakness in TKIP that allows individual short packets to be decrypted without revealing the TKIP key. I wrote this up for Ars Technica with quite a bit of background on WEP and WPA. Tews's paper, co-written with Martin Beck, whom he credits as discovering and implementing a working crack (in aircrack-ng as a module), describes a way to use a backwards-compatible part of TKIP to exploit a weakness that remains from WEP. ARP packets and similarly short packets can be decoded. Longer packets are likely still safe, and TKIP hasn't been cracked. Don't believe the hype, but the exploit is still notable."
    Links:

    http://it.slashdot.org/it/08/11/07/1312246.shtml
    http://arstechnica.com/articles/paedia/wpa-cracked.ars

    Thought this might clear up some confusion.

    Edit:

    The 802.11i group also added Advanced Encryption System (AES) support—the AES-128 flavor—which uses, take a breath, the Counter Mode with CBC-MAC (Cipher Block Chaining Message Authentication Code) Protocol or CCMP. This flavor of AES both encrypts data and ensures its integrity. The flaw discovered by Tews and Beck cannot work against AES.
    Last edited by westin; November 7th, 2008 at 04:09 PM.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  7. #7
    Senior Member C:\Saw's Avatar
    Join Date
    Jan 2008
    Posts
    125
    "...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
    --Socrates

    *Einstein Would Be Proud*

Similar Threads

  1. An Introduction to Cryptography, and Common Electronic Cryptosystems – Part I
    By 576869746568617 in forum Cryptography, Steganography, etc.
    Replies: 1
    Last Post: July 10th, 2006, 10:38 PM
  2. Encryption Algorithms - Basics
    By kruptos in forum The Security Tutorials Forum
    Replies: 0
    Last Post: January 29th, 2005, 12:01 AM
  3. Date Encryption
    By CyberSpyder in forum AntiOnline's General Chit Chat
    Replies: 0
    Last Post: March 25th, 2003, 08:31 AM
  4. Encryption Explained
    By Noia in forum The Security Tutorials Forum
    Replies: 6
    Last Post: January 6th, 2003, 09:24 AM
  5. Basic Encryption
    By Ennis in forum The Security Tutorials Forum
    Replies: 5
    Last Post: July 5th, 2002, 09:08 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides