Results 1 to 3 of 3

Thread: WPA TKIP security

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010

    Default WPA TKIP security

    Just curious, I see a lot of articles saying that WPA TKIP has been neutralized in approx. 15 minutes by I think German researchers or scientists. What I'm missing is how it's being done. Is it just by weak pass-phases? If so why is WAP2 AES not a part of that? That two can have weak pass-phrases also.

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    The Green Dome


    It isn't nearly as broken as people who don't know what they're talking about claim.

    * WPA has always had the known TKIP flaw. WPA was made to bridge WEP and WPA2.
    * This attack never reveals the actual WPA key.
    * This attack works only one way, AP to client, and only with small packets (e.g. ARP packets). Furthermore, it can only be used for between 8-15 packets. After that, the attacker would need decode it all over again for the next 8-15 packets.

    All-in-all, it's only mildly interesting, especially if you are using WPA2 and a VPN on top of that for any critical data.

    This has been discussed in detail going back 14 months ago. You really need to search.

    Finally, WPA2 uses a different cryptological algorithm, and was designed to be stronger. As I stated above, WPA was made to bridge WEP and WPA2. As an algorithm, it has had known flaws which were considered acceptable for the reason that it was considered a stopgap. Simply put, WPA2 was designed NOT to have those flaws.
    Stop the TSA now! Boycott the airlines.

  3. #3
    Join Date
    Mar 2010


    WPA2 and WPA are still safe. A vulnerability has been discovered with WPA TKIP. But even using it, nobody can figure out your password because of that... It's still a vulnerability though : if you can use WPA CCMP or WPA2, don't hesitate.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts