WPA Wi-Fi encryption is cracked?

Printable View

November 6th, 2008, 01:10 PM
MrLinus

WPA Wi-Fi encryption is cracked?

Why does this feel like deja vu? I thought this was already cracked or am I imagining it? Either way, it's starting to show how wireless -- by itself -- isn't a reliable secure protocol and no one should expect it to be that way (unless you have some good VPN stuff between you and what you're protecting. :D

Quote:

Source: Network World

Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.

.... Read more
November 6th, 2008, 06:11 PM
ShagDevil

I didn't see anything about WPA-AES. I'm wondering if that's still safe. I would assume so, no?
November 6th, 2008, 08:32 PM
MrLinus

Ya. Just plain WPA, not WPA-AES. :) This is the practical implication of it.
November 6th, 2008, 10:52 PM
C:\Saw

More here:

http://isc.sans.org/diary.html?storyid=5300
November 7th, 2008, 01:17 AM
keezel

Quote:

Originally Posted by ShagDevil

I didn't see anything about WPA-AES. I'm wondering if that's still safe. I would assume so, no?

It's still a pretty big achievement b/c most people and even most companies buy cheap routers that don't even offer the option of WPA2 (layman's term for WPA-AES).

Even the AES version is subject to a dictionary attack unless you go with the enterprise version.

AES is supposed to be one tough cookie...I wonder how long before it becomes as easy to crack as WEP is now?
November 7th, 2008, 05:02 PM
westin

From Slashdot:

Quote:

"The reports earlier today on WPA's TKIP key type being cracked were incorrect. I spoke at length with Erik Tews, the joint author of the paper that discloses a checksum weakness in TKIP that allows individual short packets to be decrypted without revealing the TKIP key. I wrote this up for Ars Technica with quite a bit of background on WEP and WPA. Tews's paper, co-written with Martin Beck, whom he credits as discovering and implementing a working crack (in aircrack-ng as a module), describes a way to use a backwards-compatible part of TKIP to exploit a weakness that remains from WEP. ARP packets and similarly short packets can be decoded. Longer packets are likely still safe, and TKIP hasn't been cracked. Don't believe the hype, but the exploit is still notable."

Links:

http://it.slashdot.org/it/08/11/07/1312246.shtml
http://arstechnica.com/articles/paedia/wpa-cracked.ars

Thought this might clear up some confusion.

Edit:

Quote:

The 802.11i group also added Advanced Encryption System (AES) support—the AES-128 flavor—which uses, take a breath, the Counter Mode with CBC-MAC (Cipher Block Chaining Message Authentication Code) Protocol or CCMP. This flavor of AES both encrypts data and ensures its integrity. The flaw discovered by Tews and Beck cannot work against AES.
November 8th, 2008, 07:05 AM
C:\Saw

update:

http://isc.sans.org/diary.html?storyid=5315