Once thought safe, WPA Wi-Fi encryption is cracked

HURST · Nov 7, 2008

Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.
Click to expand...

http://www.networkworld.com/news/2008/110608-once-thought-safe-wpa-wi-fi.html

burning_chrome · Nov 7, 2008

WPA: Battered, yes...Broken, no

From Slashdot:

Glenn Fleishman writes:
The reports earlier today on WPA's TKIP key type being cracked were incorrect. I spoke at length with Erik Tews, the joint author of the paper that discloses a checksum weakness in TKIP that allows individual short packets to be decrypted without revealing the TKIP key. I wrote this up for Ars Technica with quite a bit of background on WEP and WPA. Tews's paper, co-written with Martin Beck, whom he credits as discovering and implementing a working crack (in aircrack-ng as a module), describes a way to use a backwards-compatible part of TKIP to exploit a weakness that remains from WEP. ARP packets and similarly short packets can be decoded. Longer packets are likely still safe, and TKIP hasn't been cracked. Don't believe the hype, but the exploit is still notable.
Click to expand...

ArsTechnica discusses the discovered WPA vulnerability and concludes with: "So WPA isn't broken, it turns out, and TKIP remains mostly intact. But this exploit based on integrity and checksums should argue for a fast migration to AES-only WiFi networks..."

Log in or Sign up

Once thought safe, WPA Wi-Fi encryption is cracked

HURST Registered Member

burning_chrome Registered Member

Log in or Sign up

Once thought safe, WPA Wi-Fi encryption is cracked

HURST Registered Member

burning_chrome Registered Member

Useful Searches