Time to say good bye: WPA cracked

You thought encrypting wireless traffic with WEP is insecure? Right, that can be cracked within 60 seconds in the meantime; I verified that myself – depending on the network it took me 5 to 10 minutes though. WPA ought to be safe, as the keys are changing rapidly and are of no use for attackers; choosing a long and good password would safe you from a brute force attack.

Now security researchers Martin Beck and Erik Tews released information about their hack of WPA. It seems that they need 10 to 15 minutes to create enough data to crack the temporal key. That allows them to inject 6 to 7 pakets. That doesn’t sound too bad, but remember for example SQLslammer – one paket sufficed to breach the network.

I already ordered a new dsl router as my old one doesn’t support WPA2, so I can switch to the (still to be considered safe) newer protection mechanism – which essentially is WPA with AES encryption instead of the TKIP “cipher”. If your hardware doesn’t support WPA2 like mine you should consider upgrading to products supporting that standard. You can take that as an excuse to switch to 80211.n, which gives you the additional benefit of higher throughput and a better WLAN range. 🙂

Dirk Knop
Technical Editor