Page 1 of 5 123 ... LastLast
Results 1 to 10 of 47

Thread: [Merged] WPA-TKIP Broken

  1. #1
    Member
    Join Date
    Jun 2007
    Posts
    218

    Default WPA Wi-Fi Encryption Is Cracked


  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Interesting to say the very least, although this only seems to apply to WPA-TKIP and not WPA-AES. Seems like we also have to wait until next week to get some more details on how much of a compromise this attack presents in its present form and whether it really can be taken further.
    ...
    To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.

    They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack
    ...
    The work of Tews and Beck does not involve a dictionary attack, however.

    To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a "mathematical breakthrough," that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

    Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck's Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.
    -Monkeys are like nature's humans.

  3. #3
    Member
    Join Date
    Sep 2008
    Posts
    306

    Default

    Thx for the interesting link, i was very surprised when reading the storry.
    I am curious to know what will happen within the next week when they make it public..I scent some chaos in some business.
    Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:

    * post your question to a forum where it's off topic
    * post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
    * cross-post to too many different newsgroups
    * post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem

  4. #4
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Interesting read.
    Imagine if in a few months, cracking WPA will become just as easy as WEP. That would be horrifying.
    - Poul Wittig

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    I hate journalists, lead with the headline "Once Thought Safe, WPA Wi-Fi Encryption Is Cracked", which is complete BS based on their later statements:
    Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.
    They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack.
    So AP > PC we can send stuff or maybe see what's sent. PC > AP nuffin.

    Although customers can adopt Wi-Fi technology such as WPA2 or virtual private network software that will protect them from this attack, there are still may devices that connect to the network using WPA, or even the thoroughly cracked WEP standard, he said.
    Personally in the places I've worked we always suggest VPN for Wireless access if the information is sensitive.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Yes, very interesting. Thanks for the link.

  7. #7
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Quote Originally Posted by thorin View Post
    I hate journalists, lead with the headline "Once Thought Safe, WPA Wi-Fi Encryption Is Cracked", which is complete BS based on their later statements:


    So AP > PC we can send stuff or maybe see what's sent. PC > AP nuffin.
    You weren't lying when you said you're a compulsive editor Was going to reply but no need now.

    Got to love the jounalistic sensationalism though

  8. #8
    Member
    Join Date
    Apr 2007
    Posts
    155

    Default

    Well they do describe what a partial crack is,
    There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.
    So obviously NOT BS if they can still pull of MIM attacks!

    Now what I think IS BS is that they added some of the code quietly to Aircrack-ng! Unless quietly means they didnt add it to the ChangeLog.
    This is a hackers forum :P
    root ~# aircrack-ng pwnd-01.cap
    Lenovo Thinkpad R500, OS: Ubuntu 8.10, BackTrack3, Windows XP (VirtualBox), Windows Vista, Windows 7 beta

  9. #9

    Default

    Look at this:

    There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.
    Which means reading a handshake, and the sent "bogus" information would be a fake deauthentication maybe, to get the handshake??

    havent we been able to do this already? If the hash is in the wordlist you could break the WPA in milliseconds...

    The onlything i can think of that would be different is that the deauth attack and handshake grab are scripted, (maybe mass deauth and sniff) and that the crack program randomly generates keys rather than use a dictionary file.. hey wait, i can code that.... hrmmm

    The work of Tews and Beck does not involve a dictionary attack, however.

    To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a "mathematical breakthrough,"
    edit:
    OHH i see..

    To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a "mathematical breakthrough,"
    I'm glad we can test it out..

    Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck's Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

  10. #10
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Changelog regarding the new attack:

    http://trac.aircrack-ng.org/svn/trunk/ChangeLog

    Specifically from the log:

    * tkip-tun: New tool to inject on WPA1 with QoS enabled networks. Full description:
    decrypt packets comming from the AP in a TKIP network, which uses QoS (ieee802.11e).
    It also breaks the MIC Key for sending packets towards the Client correctly encrypted and signed.
    Stores plaintext packet and keystream in seperate files.

Page 1 of 5 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •