-{ Quote: "The second generation of Wi-Fi security systems has now been broken as badly as its notoriously insecure predecessor: Japanese researchers say they can crack WPA (Wi-Fi Protected Access), the successor to the old-school WEP, inside of a minute's time spent eavesdropping on a wireless network.
The previous method of attacking WPA devices took up to 15 minutes to be successful, and didn't always work. The new method is said to work on far more devices and, obviously, much more quickly. However, as with the old attack, the new one only works on WPA devices that use the TKIP (Temporal Key Integrity Protocol) algorithm, which is a setting in your router and device setup.

WPA devices that use the newer AES (Advanced Encryption Standard) algorithm, plus devices that use WPA2 -- the third generation of wireless security standards -- are still safe for now.
" }-

Article (http://tech.yahoo.com/blogs/null/147906)

I've scanned the new paper (http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf) by Ohigashi and Morii. Most of it is way over my head, however it seems to be best described as a refinement of the attack proposed in 2008 (http://dl.aircrack-ng.org/breakingwepandwpa.pdf)by Beck and Tews (also way over my head). The 2008 attack focused on IEEE802.11e QoS features on the target router. The new attack does not need to exploit a QoS implementation.

However, I do recall some threads and articles about the 2008 attack that said a long, random passphrase mitigates the effectiveness of the attack, although no one could quantify the safety of say, a passphrase of 63 random ASCII characters. Nevertheless, I was not terribly concerned in 2008, and until I see more reports of real-world implemenation of this new attack, I won't toss out my old hardware that does not support WPA2 or AES.

Again, I know next to nothing about wifi encryption, so I am ready to learn from you folks that know more.

Wasn't this attack just only theoretical of nature for now.
Usually it takes years for it to be translated to practical use within programmingcode.

from
http://wifinetnews.com/archives/2009/08/new_wpa_exploit_presented_in_paper.html
"..
* This is an exploit just for TKIP, and doesn't have applications for AES-CCMP.
* This is not TKIP key recover, but recovery for the MIC checksum used for packet integrity.
* So far, because of MIC key reset algorithms, this is still applicable only to short packets with mostly known data, such as ARP messages.
.."
bolding is mine, so still not a cause for panic and is wpa is not busted or as easy to exploit as wep is