 LinklistPremium
join:2002-03-03
Longport, NJ
kudos:5
1 edit | New method found to crack WPA - but not WPA2 »www.pcworld.com/article/153396/
Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.
They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack.
The work of Tews and Beck does not involve a dictionary attack, however.
To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a "mathematical breakthrough," that lets them crack WPA much more quickly than any previous attempt, Ruiu said.
Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck's Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.
A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck, but many WPA2 routers also support WPA.
Ruiu expects a lot more WPA research to follow this work. "Its just the starting point," he said. "Erik and Martin have just opened the box on a whole new hacker playground." Summary:
This can crack and then monitor Router-->PC traffic but NOT PC-->Router
More reason to switch to (WPA2 and AES) instead of (WPA & TKIP).
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? |
|
|
|
 SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | I always thought TKIP was a hack, but it was the best they could do with the limited CPU power available on older WEP devices.
I thought that all WPA devices supported AES, so therefor would not need TKIP, but I guess there's a broad range of compatibility issues out there. So AES it is.
Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site |
|
| quote:
I thought that all WPA devices supported AES
AES is optional in WPA and required in WPA2. So there are a number of compliant WPA devices which do not support AES. |
|
| said by F430 : quote:
I thought that all WPA devices supported AES
AES is optional in WPA and required in WPA2. So there are a number of compliant WPA devices which do not support AES. You sure WPA2 "requires" AES? From the DD-WRT Wiki:
However, some devices allow WPA (not WPA2) with AES (and WPA2 with TKIP). |
|
 BKayracPremium
join:2001-09-29
Madison, WI | WPA2 is AES, or AES+TKIP |
|
jbibePremium,MVM
join:2001-02-22
1 edit | reply to KodiacZiller
said by KodiacZiller:You sure WPA2 "requires" AES? From the DD-WRT Wiki: However, some devices allow WPA (not WPA2) with AES (and WPA2 with TKIP). CCMP (i.e., AES) is required. See Section 8.3.1 of 802.11i.
Edit: You can find the requirements in 802.11i-2004.pdf or 802.11-2007.pdf. |
|
 redxiiPremium,Mod
join:2001-02-26
Sherwood, MI | reply to Linklist
I have two wireless cards using WPA w/ AES (one doesn't support WPA2), router has AES only enabled, so I'm not affected by this? |
|
jbibePremium,MVM
join:2001-02-22 | You are not affected. |
|
| reply to KodiacZiller
quote:
You sure WPA2 "requires" AES?
Yes, as others above have already stated. Support for AES is required and support for TKIP is optional in WPA2. I am not aware of any vendor implementing TKIP in WPA2 but I haven't look for it either.
quote:
However, some devices allow WPA (not WPA2) with AES (and WPA2 with TKIP).
Exactly - they allow the optional encryption method in addition to the required method. In other words some devices support the optional AES-CCMP encryption method with WPA (I have one which does not and one which does).
Just so everyone knows, if a devices is using TKIP with WPA2 it is just as vulnerable as a device using TKIP with WPA. |
|
