The WPA Crack

| Comments

Glenn Fleishmann over at Ars Technica has a great article explaining the new WPA crack. Here’s the quick & dirty explanation:

[I]t’s a method of decrypting and arbitrarily and successfully re-encrypting and re-injecting short packets on networks that have devices using TKIP. That’s a very critical distinction; this is a serious attack, and the first real flaw in TKIP that’s been found and exploited. But it’s still a subset of a true key crack.

Tews pointed out that “if you used security features just for preventing other people from using your bandwidth, you are perfectly safe,” which is the case for most home users. Someone can’t use this attack to break into a home or corporate network, nor decipher all the data that passes.

Fortunately, WPA2’s AES encryption is not susceptible to this crack, so making sure your AirPort & WiFi networks are switched over to WPA2 is best done sooner rather than later. If you still have some 802.11b/g clients that only support WPA, you’ll want to assess how much of a risk this is for your environment.

[Via Daring Fireball]