[ale] WPA encryption crackable in less than 15 minutes

Michael H. Warfield mhw at WittsEnd.com
Fri Nov 7 12:15:19 EST 2008 

On Fri, 2008-11-07 at 08:10 -0500, krwatson at cc.gatech.edu wrote:
> Once Thought Safe, WPA Wi-Fi Encryption Is Cracked
> http://www.pcworld.com/article/153396/

	Not really...  Not quite as bad as the sky is falling articles are
running around.  They've cracked TKIP but that's a long way off from
breaking the whole thing...

	Battered, but not broken: understanding the WPA crack
	http://arstechnica.com/articles/paedia/wpa-cracked.ars

===
> With the Tews/Beck method, an attacker sniffs a packet, makes minor
> modifications to affect the checksum, and checks the results by
> sending the packet back to the access point. "It's not a key recovery
> attack," Tews said, "It just allows you to do the decryption of
> individual packets." This approach works only with short packets, but
> could allow ARP (Address Resolution Protocol) poisoning and possibly
> DNS (Domain Name Service) spoofing or poisoning.

	:


> Now let's back up a little. The early coverage of this crack indicated
> that TKIP keys were broken. They are not. "We only have a single
> keystream; we do not recover the keys used for encryption in
> generating the keystream," Tews said. 

	:


> Tews pointed out that "if you used security features just for
> preventing other people from using your bandwidth, you are perfectly
> safe," which is the case for most home users. Someone can't use this
> attack to break into a home or corporate network, nor decipher all the
> data that passes.

> If a network uses AES, it's immune to this attack, and many corporate
> and high-security networks settled on AES when it became feasible a
> couple of years ago in order to avoid any lingering problems with TKIP
> that might eventually rear their heads.

	:

> So WPA isn't broken, it turns out, and TKIP remains mostly intact. But
> this exploit based on integrity and checksums should argue for a fast
> migration to AES-only WiFi networks for businesses who want to keep
> themselves secure against further research in this area—research
> already planned by Tews and Beck. And now that these two have opened
> the door, WPA will certainly become subject to even closer scrutiny by
> thousands of others interested in this space: black-, gray-, and
> white-hatted.
===

> keith

> --
> 
> Keith R. Watson                        Georgia Institute of Technology
> Systems Support Specialist IV          College of Computing
> keith.watson at cc.gatech.edu             801 Atlantic Drive NW
> (404) 385-7401                         Atlanta, GA  30332-0280

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20081107/1da6a70c/attachment.bin

More information about the Ale mailing list