Announcement

Collapse
No announcement yet.

WPA TKIP Cracked --- Use WPA2 AES

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • WPA TKIP Cracked --- Use WPA2 AES

    I'm surprised Render or Thorn didn't beat me to the punch.

    http://www.heise-online.co.uk/securi...--/news/111922

    xor

    For those that don't have routers that support WPA2....well it's that time of year; ho ho ho.
    Last edited by xor; November 11, 2008, 15:52. Reason: because I'm a schmuck
    Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

  • #2
    Re: WPA TKIP Cracked --- Use WPA2 AES

    I've been slightly confused at this. When I had first read the white paper I thought they were saying that they had only partially broken TKIP and at a rate which made it not very practical. Although I do see the application of this in the creation of covert clear text channel, the figures made it seem like the data rate would be obnoxiously slow. It also seemed like only small packets are effected. Could someone with better knowledge comment on this?

    Originally posted by xor View Post
    For those that don't have routers that support WPA2....well it's that time of year; ho ho ho.
    For those on a small budget, switching to AES (if supported) or modifying TKIP values seems like a stop gate, and key phrase here, for now...
    afterburn

    Comment


    • #3
      Re: WPA TKIP Cracked --- Use WPA2 AES

      No expert, but my understanding is that in can allow an attacker packet injection in about 15 minutes. Which will lead to other possible and more damaging attacks. Y

      Yes, I believe you are correct; partially broken.

      xor
      Last edited by xor; November 11, 2008, 20:17.
      Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

      Comment


      • #4
        Re: WPA TKIP Cracked --- Use WPA2 AES

        Hope this also helps you afterburn188

        http://arstechnica.com/articles/paedia/wpa-cracked.ars/

        It's titled Battered not Broken Understanding the WPA Crack.

        xor
        Last edited by xor; November 11, 2008, 20:48. Reason: because I'm a schmuck
        Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

        Comment


        • #5
          Re: WPA TKIP Cracked --- Use WPA2 AES

          Originally posted by xor View Post
          Hope this also helps you afterburn188

          http://arstechnica.com/articles/paedia/wpa-cracked.ars/

          It's titled Battered not Broken Understanding the WPA Crack.

          xor
          Thanks xor! I had this completely backwards in my head not realizing that this was a data injection method as opposed to data extraction. Goes to show how easily things like this can be misunderstood and misreported.
          afterburn

          Comment


          • #6
            Re: WPA TKIP Cracked --- Use WPA2 AES

            The article I was reading stated that arp poisoning would be a trivial matter with this hack. Maybe even dns packet injection.

            xor

            Aircrack is already rolling it into their software. If you are a fan and haven't stopped by their site in awhile you should.
            Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

            Comment


            • #7
              Re: WPA TKIP Cracked --- Use WPA2 AES

              Originally posted by xor View Post
              I'm surprised Render or Thorn didn't beat me to the punch.
              Free wifi for some and trouble for the rest of us? Good reason to use other encryption on top or hard wiring to be sure. Open airwave signals are taunty things for ciphers.

              Could be Render and Thorn were waiting for more data as it is still spotty and the FUD is flowing.

              Here's what I have.
              Last edited by Greyhatter; November 12, 2008, 08:37.

              Comment


              • #8
                Re: WPA TKIP Cracked --- Use WPA2 AES

                Just recapping for my own memory: With the announced vulnerability from Tews, sufficiently small TKIP encrypted packets traveling from AP to client can be decrypted, modified, and re-encrypted then sent to the client.

                Sound partly correct? Strong keys still safe?

                Comment


                • #9
                  Re: WPA TKIP Cracked --- Use WPA2 AES

                  Originally posted by datalust View Post
                  Just recapping for my own memory: With the announced vulnerability from Tews, sufficiently small TKIP encrypted packets traveling from AP to client can be decrypted, modified, and re-encrypted then sent to the client.

                  Sound partly correct?
                  That's what it looks like so far.


                  Originally posted by datalust View Post
                  Strong keys still safe?
                  That's unclear to me at this point. In any event, use WPA2 with AES, and you'll be OK
                  Thorn
                  "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                  Comment


                  • #10
                    Re: WPA TKIP Cracked --- Use WPA2 AES

                    Not much to add.

                    I knew that Micheal countermeasure / WMM things was going to be trouble.

                    It's a step in the direction of larger attacks but I think were still a bit off from the level of brokeness that WEP has achieved.
                    Never drink anything larger than your head!





                    Comment


                    • #11
                      Re: WPA TKIP Cracked --- Use WPA2 AES

                      Of course, even switching to WPA2 AES, how long will it be until this, too, is cracked? With the rate of encryption and security measures being compromised, I can't imagine it will be long.
                      Now known as Lord Nikon.

                      Comment


                      • #12
                        Re: WPA TKIP Cracked --- Use WPA2 AES

                        Originally posted by Ænder View Post
                        Of course, even switching to WPA2 AES, how long will it be until this, too, is cracked? With the rate of encryption and security measures being compromised, I can't imagine it will be long.
                        AES will probably last longer than WEP (with the already broken RC4) did. To their credit, the standards bodies do good work, it's usually concessions made to vendors being whiny that things end up getting FUBAR'd.

                        I would suggest watching my panel from Shmoocon 2007 where we put the screws to the IETF chairman about such things as the Michael countermeasures.

                        http://www.shmoocon.org/2007/videos/...%20Housley.mp4
                        Never drink anything larger than your head!





                        Comment


                        • #13
                          Re: WPA TKIP Cracked --- Use WPA2 AES

                          Originally posted by renderman View Post
                          AES will probably last longer than WEP (with the already broken RC4) did. To their credit, the standards bodies do good work, it's usually concessions made to vendors being whiny that things end up getting FUBAR'd.

                          I would suggest watching my panel from Shmoocon 2007 where we put the screws to the IETF chairman about such things as the Michael countermeasures.

                          http://www.shmoocon.org/2007/videos/...%20Housley.mp4
                          Will do. And whiny vendors = fail. If only moral logic overrode the almighty $.
                          Now known as Lord Nikon.

                          Comment


                          • #14
                            Re: WPA TKIP Cracked --- Use WPA2 AES

                            Originally posted by renderman View Post
                            AES will probably last longer than WEP (with the already broken RC4) did. To their credit, the standards bodies do good work, it's usually concessions made to vendors being whiny that things end up getting FUBAR'd.
                            You mean like this......
                            USB-stick-with-hardware-AES-encryption-has-been-cracked

                            xor
                            Last edited by xor; November 13, 2008, 20:12. Reason: because I'm a schmuck
                            Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                            Comment


                            • #15
                              Re: WPA TKIP Cracked --- Use WPA2 AES

                              Originally posted by xor View Post
                              Damn it! Well, there goes that idea. Can we do any better than AES?
                              Now known as Lord Nikon.

                              Comment

                              Working...
                              X