The IT Nerd

If you use WPA to secure your WiFi router (What? You’re using WEP? What’s the matter with you?), it’s time to switch to WPA2. That’s because Erik Tews who is best known for cracking WEP in under a minute has cracked WPA. The scary part is that he can do this in 15 minutes because of a “mathematical breakthrough” that he made:

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference’s organizer.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

So this means that you need to switch to WPA2 and use TKIP and AES encryption before the “evil doers” get their hands on this crack. The option of WPA2 with TKIP and AES allows you to run a mixed system.  Those devices that can do WPA2 with AES will use that system, less advanced devices (such as PDA’s) that can only do WPA will do WPA with TKIP. From there you should update your devices to support WPA2 so that you only have to use AES.

Of course, that’s great until someone cracks WPA2 as well. Hopefully that won’t happen soon.

This entry was posted on November 6, 2008 at 11:21 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.