WPA encryption cracked in one minute

Discussion in 'other security issues & news' started by tgell, Aug 27, 2009.

Thread Status:
Not open for further replies.
  1. tgell

    tgell Registered Member

    Nov 12, 2004
  2. optigrab

    optigrab Registered Member

    Nov 6, 2002
    Brooklyn/NYC USA
    I've scanned the new paper by Ohigashi and Morii. Most of it is way over my head, however it seems to be best described as a refinement of the attack proposed in 2008 by Beck and Tews (also way over my head). The 2008 attack focused on IEEE802.11e QoS features on the target router. The new attack does not need to exploit a QoS implementation.

    However, I do recall some threads and articles about the 2008 attack that said a long, random passphrase mitigates the effectiveness of the attack, although no one could quantify the safety of say, a passphrase of 63 random ASCII characters. Nevertheless, I was not terribly concerned in 2008, and until I see more reports of real-world implemenation of this new attack, I won't toss out my old hardware that does not support WPA2 or AES.

    Again, I know next to nothing about wifi encryption, so I am ready to learn from you folks that know more.
  3. stap0510

    stap0510 Registered Member

    Aug 5, 2008
    Wasn't this attack just only theoretical of nature for now.
    Usually it takes years for it to be translated to practical use within programmingcode.
  4. Cudni

    Cudni Global Moderator

    May 24, 2009
    * This is an exploit just for TKIP, and doesn't have applications for AES-CCMP.
    * This is not TKIP key recover, but recovery for the MIC checksum used for packet integrity.
    * So far, because of MIC key reset algorithms, this is still applicable only to short packets with mostly known data, such as ARP messages.
    bolding is mine, so still not a cause for panic and is wpa is not busted or as easy to exploit as wep is
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.