For some time, most people have been aware that WEP encryption can be easily and speedily cracked, but now it appears that WPA can be cracked almost as easily. According to an article at PC World, security researchers Erik Tews and Martin Beck have discovered a way to break WPA (or, more accurately, TKIP) in under 15 minutes:
The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.
To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.
The best advice: use AES (which is supported by both WPA and WPA2) rather than TKIP.
For more information about wireless security, see our articles How To Secure a Wireless Network and Why You Shouldn’t Disable Your SSID Broadcast.
Published
by
Brett Callow
(4,676
pts
)
on
Nov 12 2008, 02:21 PM
to
Computer Security Blog