Results 1 to 3 of 3

Thread: WPA TKIP security

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    7

    Default WPA TKIP security

    Just curious, I see a lot of articles saying that WPA TKIP has been neutralized in approx. 15 minutes by I think German researchers or scientists. What I'm missing is how it's being done. Is it just by weak pass-phases? If so why is WAP2 AES not a part of that? That two can have weak pass-phrases also.

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    It isn't nearly as broken as people who don't know what they're talking about claim.

    * WPA has always had the known TKIP flaw. WPA was made to bridge WEP and WPA2.
    * This attack never reveals the actual WPA key.
    * This attack works only one way, AP to client, and only with small packets (e.g. ARP packets). Furthermore, it can only be used for between 8-15 packets. After that, the attacker would need decode it all over again for the next 8-15 packets.

    All-in-all, it's only mildly interesting, especially if you are using WPA2 and a VPN on top of that for any critical data.

    This has been discussed in detail going back 14 months ago. You really need to search.
    http://forums.remote-exploit.org/wir...ip-broken.html
    http://forums.remote-exploit.org/wir...tml#post150062

    Finally, WPA2 uses a different cryptological algorithm, and was designed to be stronger. As I stated above, WPA was made to bridge WEP and WPA2. As an algorithm, it has had known flaws which were considered acceptable for the reason that it was considered a stopgap. Simply put, WPA2 was designed NOT to have those flaws.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Member
    Join Date
    Mar 2010
    Location
    /dev/null
    Posts
    455

    Default

    WPA2 and WPA are still safe. A vulnerability has been discovered with WPA TKIP. But even using it, nobody can figure out your password because of that... It's still a vulnerability though : if you can use WPA CCMP or WPA2, don't hesitate.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •