Friday, November 07, 2008

WPA-TKIP is Partially Cracked

I'm assuming you're using some sort of encryption on your wi-fi network. WEP has beens known for some time to be crackable in a very short time, so many have moved to WPA.

But while WPA has been known to be crackable by using a tedious, brute force method, a pair of security researchers Erik Tews and Martin Beck say they have found the first "practical" way to crack, at least partially, WPA encryption.

The researchers claim they can crack WPA's Temporal Key Integrity Protocol (TKIP) key, in 12 to 15 minutes.

Security experts had already known that TKIP could be cracked using what's known as a dictionary attack. A dictionary attack is basically a brute force method in which an attacker cracks the encryption by making an extremely large number of educated guesses.

Tews and Martin first discovered a way to trick a WPA router into sending them large amounts of data. Naturally the more data, the more to analyze. But the real trick was what Tews and Martin called a "mathematical breakthrough."

Because the crack requires significant amounts of data from the router, they have not been able to crack encryption from the router to the PC, if that's any sort of comfort.

Tews plans to present the discovery at the PacSec security conference in Tokyo next week with his presentation, "Gone in 900 seconds: Some Crypto issues with WPA."

One thing to keep in mind is that this crack is for WPA-TKIP encryption. TKIP was always known to be a stopgap in the encryption community. Since most routers support WPA-AES nowadays, you could use that and not ber concerned about security --- this method will not work against AES.

You could also use WPA2, but many devices, such as mobile phones or gaming consoles don't support WPA2, so WPA-AES may be your best bet. But nothing is uncrackable, given enough time.

No comments: