Announcement

Collapse
No announcement yet.

WPA TKIP Cracked --- Use WPA2 AES

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ænder
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Quite interesting. Seems I need some tweaking to do with my wifi. Thank you for that, Grey.

    Leave a comment:


  • Greyhatter
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    http://www.mobilecomputermag.co.uk/2...tion-hack.html

    Leave a comment:


  • Ænder
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Suddenly I feel hope. It tastes like sunshine.

    Leave a comment:


  • 0x58
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Eh, AES has not been cracked. What was cracked there was the method for storing the password which created the connection ... so if I have physical access to a machine to get their SSID and passphrase for WPA2 I am good to go as well!

    AES has a long way to go before it is cracked ... unless anyone from the NSA wishes to speak up?

    Leave a comment:


  • xor
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Originally posted by Ænder View Post
    Damn it! Well, there goes that idea. Can we do any better than AES?
    Actually the poor password history implementation is what killed it. The AES encryption itself is still solid.

    xor

    Leave a comment:


  • Ænder
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Originally posted by xor View Post
    Damn it! Well, there goes that idea. Can we do any better than AES?

    Leave a comment:


  • xor
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Originally posted by renderman View Post
    AES will probably last longer than WEP (with the already broken RC4) did. To their credit, the standards bodies do good work, it's usually concessions made to vendors being whiny that things end up getting FUBAR'd.
    You mean like this......
    USB-stick-with-hardware-AES-encryption-has-been-cracked

    xor
    Last edited by xor; November 13, 2008, 20:12. Reason: because I'm a schmuck

    Leave a comment:


  • Ænder
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Originally posted by renderman View Post
    AES will probably last longer than WEP (with the already broken RC4) did. To their credit, the standards bodies do good work, it's usually concessions made to vendors being whiny that things end up getting FUBAR'd.

    I would suggest watching my panel from Shmoocon 2007 where we put the screws to the IETF chairman about such things as the Michael countermeasures.

    http://www.shmoocon.org/2007/videos/...%20Housley.mp4
    Will do. And whiny vendors = fail. If only moral logic overrode the almighty $.

    Leave a comment:


  • renderman
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Originally posted by Ænder View Post
    Of course, even switching to WPA2 AES, how long will it be until this, too, is cracked? With the rate of encryption and security measures being compromised, I can't imagine it will be long.
    AES will probably last longer than WEP (with the already broken RC4) did. To their credit, the standards bodies do good work, it's usually concessions made to vendors being whiny that things end up getting FUBAR'd.

    I would suggest watching my panel from Shmoocon 2007 where we put the screws to the IETF chairman about such things as the Michael countermeasures.

    http://www.shmoocon.org/2007/videos/...%20Housley.mp4

    Leave a comment:


  • Ænder
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Of course, even switching to WPA2 AES, how long will it be until this, too, is cracked? With the rate of encryption and security measures being compromised, I can't imagine it will be long.

    Leave a comment:


  • renderman
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Not much to add.

    I knew that Micheal countermeasure / WMM things was going to be trouble.

    It's a step in the direction of larger attacks but I think were still a bit off from the level of brokeness that WEP has achieved.

    Leave a comment:


  • Thorn
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Originally posted by datalust View Post
    Just recapping for my own memory: With the announced vulnerability from Tews, sufficiently small TKIP encrypted packets traveling from AP to client can be decrypted, modified, and re-encrypted then sent to the client.

    Sound partly correct?
    That's what it looks like so far.


    Originally posted by datalust View Post
    Strong keys still safe?
    That's unclear to me at this point. In any event, use WPA2 with AES, and you'll be OK

    Leave a comment:


  • datalust
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Just recapping for my own memory: With the announced vulnerability from Tews, sufficiently small TKIP encrypted packets traveling from AP to client can be decrypted, modified, and re-encrypted then sent to the client.

    Sound partly correct? Strong keys still safe?

    Leave a comment:


  • Greyhatter
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    Originally posted by xor View Post
    I'm surprised Render or Thorn didn't beat me to the punch.
    Free wifi for some and trouble for the rest of us? Good reason to use other encryption on top or hard wiring to be sure. Open airwave signals are taunty things for ciphers.

    Could be Render and Thorn were waiting for more data as it is still spotty and the FUD is flowing.

    Here's what I have.
    Last edited by Greyhatter; November 12, 2008, 08:37.

    Leave a comment:


  • xor
    replied
    Re: WPA TKIP Cracked --- Use WPA2 AES

    The article I was reading stated that arp poisoning would be a trivial matter with this hack. Maybe even dns packet injection.

    xor

    Aircrack is already rolling it into their software. If you are a fan and haven't stopped by their site in awhile you should.

    Leave a comment:

Working...
X