crack common Wi-Fi encryption in a minute
Results 1 to 5 of 5

Thread: crack common Wi-Fi encryption in a minute

  1. #1
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    crack common Wi-Fi encryption in a minute

    Greetz.

    Came across this Article>
    Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

    Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. "They took this stuff which was fairly theoretical and they've made it much more practical," he said.
    They Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.
    The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.
    The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts.
    WPA with TKIP "was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago," said Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, the industry group that certifies Wi-Fi devices. People should now use WPA 2, she said.
    Wi-Fi-certified products have had to support WPA 2 since March 2006. "There's certainly a decent amount of WPA with TKIP out in the installed base today, but a better alternative has been out for a long time," Davis-Felner said.
    Enterprise Wi-Fi networks typically include security software that would detect the type of man-in-the-middle attack described by the Japanese researchers, said Robert Graham, CEO of Errata Security. But the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP, he said. "It's not as bad as WEP, but it's also certainly bad."
    Users can change from TKIP to AES encryption using the administrative interface on many WPA routers.

    Original Source:>
    New attack cracks common Wi-Fi encryption in a minute

  2. #2
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    They are now very close the current highest standard available out of the box which is WPA2..

    DAMN THIS!
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  3. #3
    Banned
    Join Date
    Nov 2002
    Posts
    677
    Everything that speaks 1's & 0's has been cracked. Happened so fast with analog cellphones and DVD's real quick. Corporations and government better check themselves on who they fire. Programmers never give those entitys the original sourcecode. Most wifi products from different competitors use the same firmware module codes from the actual person or government sponsored business who holds the patents. Crack the weak link, you ownz. Who actually gives a crap about signing non-disclosure papers. Knowledge is power.
    Last edited by Linen0ise; August 30th, 2009 at 04:43 PM.

  4. #4
    0_o Mastermind keezel's Avatar
    Join Date
    Jun 2003
    Location
    Atlanta
    Posts
    1,024
    Quote Originally Posted by ByTeWrangler View Post
    They are now very close the current highest standard available out of the box which is WPA2..

    DAMN THIS!
    I disagree. Cracking TKIP (which was originally only meant to bridge the gap) is not that big of a deal. TKIP was not intended to be secure for a very long time. It was a quick fix when it was realized how vulnerable WEP is. You can now enable AES encryption instead of TKIP with WPA(version 1 OR 2) on all major routers that have been sold by retailers for at *least* the past year and you'll be running a secure wireless network again. If I'm not mistaken, WPA-AES is still vulnerable to a dictionary attack (if you're using a PSK and non-enterprise) but the algorithm itself cannot be cracked, or at least not feasibly.

  5. #5
    @ήΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,694
    Quote Originally Posted by keezel View Post
    I disagree. Cracking TKIP (which was originally only meant to bridge the gap) is not that big of a deal. TKIP was not intended to be secure for a very long time. It was a quick fix when it was realized how vulnerable WEP is. You can now enable AES encryption instead of TKIP with WPA(version 1 OR 2) on all major routers that have been sold by retailers for at *least* the past year and you'll be running a secure wireless network again. If I'm not mistaken, WPA-AES is still vulnerable to a dictionary attack (if you're using a PSK and non-enterprise) but the algorithm itself cannot be cracked, or at least not feasibly.
    The algorithms have never been the problem, it's the implementation.

    Even with LM hashes, the weakness was never the actual algorithm used, it was the splitting of the string before the hash function.

    EDIT: Even with TKIP, etc... THe biggest weakness was not the algorithm, it was and always has been the intialization vector dropping the effective cipher strength by 24 bits.
    Real security doesn't come with an installer.

Similar Threads

  1. An Introduction to Cryptography, and Common Electronic Cryptosystems – Part I
    By 576869746568617 in forum Cryptography, Steganography, etc.
    Replies: 1
    Last Post: July 10th, 2006, 10:38 PM
  2. Encryption Algorithms - Basics
    By kruptos in forum The Security Tutorials Forum
    Replies: 0
    Last Post: January 29th, 2005, 12:01 AM
  3. Date Encryption
    By CyberSpyder in forum AntiOnline's General Chit Chat
    Replies: 0
    Last Post: March 25th, 2003, 08:31 AM
  4. How To: Crack a File
    By SpydaByte in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: January 20th, 2003, 09:55 PM
  5. Newbies, list of many words definitions.
    By -DaRK-RaiDeR- in forum Newbie Security Questions
    Replies: 9
    Last Post: December 14th, 2002, 07:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides