blogger
/
10ninox
1
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
58 MiB
 
 
 
Tree: e52e219f49
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e52e219f49'
${ noResults }
10ninox/_posts/2009-08-27-wpa-tkip-has-bee...

2.6 KiB
Raw Blame History

layout status published title author wordpress_id wordpress_url date date_gmt categories tags
post publish true WPA + TKIP has been cracked [{display_name } {login } {email } {url }] 627 http://blog.10ninox.com/2009/08/27/wpa-tkip-has-been-cracked/ 2009-08-27 20:57:59 +0700 2009-08-28 01:57:59 +0700 [network security] ["wpa" "crack"]

Wireless Network is the most popular target for any attacker these days. No doubt, it will get even worse. After WEP has been cracked *easily* for a while, now it’s WPA + TKIP’s turn. Japanese scientist has developed WPA encryption crack system that can break WPA that uses the Temporal Key Integrity Protocol (TKIP) algorithm in matter of minutes. Well, some might say this is not new stuff since WPA *can be* cracked for a while now. However, cracking WPA this fast shows that it’s getting worse and worse and using WPA w/TKIP is as much vulnerable as using WEP nowadays.

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. "They took this stuff which was fairly theoretical and they've made it much more practical," he said.

The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

According to the report, the best practice so far is like what we already know, moving to WPA2 with AES encryption: you will have a strong defense and gain the performance as well, as you may know, with WPA2 with AES, you will lose only less than 10% of bandwidth to all encryption stuff while the rest will waste more than 25% to all the key & stuffs. That’s like a bonus. Nonetheless, if you still carry stuffs from 2006 or older, using WPA/WPA2 might be the best practice. Well, putting your guard down can’t be that bad if you know what you are doing!

via Yahoo! Tech