arstechnica.com — WiFi security takes a hit with the disclosure of an effective exploit for small packets encrypted with the TKIP flavor of WiFi Protected Access. The technique is fiendishly clever; the security solution, simple: switch to AES-only in WPA2.
Nov 7, 2008 View in Crawl 4
angelbunnyNov 7, 2008
if injecting improperly causes both sides to pause for 60 seconds then rekey and they can open up individual packets then why not get the key during the rekey process? (obviously knows nothing about WPA)
mweatherNov 7, 2008
So WPA2 TKIP has been compromised, too?
andrewwigginNov 7, 2008
lead2thehead is correct, the title is misleading most of us into thinking that WPA has been cracked so that you can get in to it, rather than just screw with the person by sending faked packets.FTA: "It's not a key recovery attack." If it's not a key recovery attack, then for all intents and purposes, it's not cracked. This is still good for research though; it's the first step towards key recovery.
mweatherNov 7, 2008
That was true even before TKIP was compromised, though.
cerebronNov 7, 2008
Maybe I'm not clear, dictionary attack and brute force are not the same, so I'm asking if the guy meant 'accelerated dictionary attack' instead of bruteforce, because he just said there is no known crack for it.
Closed AccountNov 8, 2008
Actually, there *is* an easy to use utility to bypass WPA/WPA2 TKIP-encrypted wireless. In fact, it was mentioned on the second page of the article. "The crack is available as an in-progress part of aircrack-ng, called tkiptun-ng."You're also assuming that it's an actual person trying to crack your encryption and not malware that got onto a neighbor's computer.
Closed AccountNov 8, 2008
Perhaps...
Closed AccountNov 8, 2008
AES works with WPA, you don't need WPA2 and according to the article this exploit only works with TKIP. So, WPA + AES = win
superm401Nov 13, 2008
This was a very helpful explanation. WPA2-AES it is!
yolbitJan 9, 2009
yes WPA2-TKIP is affected in the same manner