WPA TKIP security

[redlinethecar]

Just curious, I see a lot of articles saying that WPA TKIP has been neutralized in approx. 15 minutes by I think German researchers or scientists. What I'm missing is how it's being done. Is it just by weak pass-phases? If so why is WAP2 AES not a part of that? That two can have weak pass-phrases also.

[Thorn]

It isn't nearly as broken as people who don't know what they're talking about claim.

* WPA has always had the known TKIP flaw. WPA was made to bridge WEP and WPA2.
* This attack never reveals the actual WPA key.
* This attack works only one way, AP to client, and only with small packets (e.g. ARP packets). Furthermore, it can only be used for between 8-15 packets. After that, the attacker would need decode it all over again for the next 8-15 packets.

All-in-all, it's only mildly interesting, especially if you are using WPA2 and a VPN on top of that for any critical data.

This has been discussed in detail going back 14 months ago. You really need to search.
http://forums.remote-exploit.org/wir...ip-broken.html
http://forums.remote-exploit.org/wir...tml#post150062

Finally, WPA2 uses a different cryptological algorithm, and was designed to be stronger. As I stated above, WPA was made to bridge WEP and WPA2. As an algorithm, it has had known flaws which were considered acceptable for the reason that it was considered a stopgap. Simply put, WPA2 was designed NOT to have those flaws.

[LCF]

WPA2 and WPA are still safe. A vulnerability has been discovered with WPA TKIP. But even using it, nobody can figure out your password because of that... It's still a vulnerability though : if you can use WPA CCMP or WPA2, don't hesitate.