The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

WPA’s TKIP cracked in 12 to 15 minutes

Posted by Xavier Ashe on November 8, 2008

According to several sources, security researchers Erik Tews and Martin Beck have found a way to break the Temporal Key Integrity Protocol (TKIP) key used by WPA. Cracking the TKIP key was never thought to be an impossible feat and it was previously thought that the angle of attack would be via a massive dictionary attack over an extended period of time.

Tews and Beck, however, did not use a dictionary attack to crack TKIP. According to Dragos Ruiu (via this Network World article), the organizer of the PacSec conference where Tews plans on discussing the crack, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a “mathematical breakthrough,” that lets them crack WPA much more quickly than any previous attempt.

And how long did it take Tews and Beck….12 to 15 minutes.

Beck, creator of the Aircrack security tool, has also added the ability to exploit this weakness over the past two weeks. Note, this attack only impacts WPA and not WPA2, which is still deemed “safe”. Over the past few years people who were using WEP, which was determined to be an unsafe and easy to crack protocol, were advised to switch over to WPA due to prevent an attack of this magnitude. Now many enterprise customers will be left scratching their heads and wondering how long it will be until they have to switch to something other than WPA2…and at what cost.

From Andrew Hay’s Blog.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: