WPA partially cracked in ~15mins.

kaimera

http://www.pcworld.com/article/153396/.html?tk=rss_news

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

Not sure if it's more suited to Nets & Comms but more people prolly read broadband and have wifi networks.

Only a matter of time until it's fully cracked. WPA2 then.

So aside from not using wifi, is there a practical way to keep your wifi connection safe?

AlmightyCushion

Kill anyone within a 10 mile radius of your router.

MunsterCycling

Loading my bazooka as I type...


MC

crawler

For all the stuff "done" there is always an ability to "undone" it - oddly it makes future security that bit better (usually!) - look at the iPhone, Android and Vista hacks that appeared only weeks after launch, at least WPA proved a bit more of a challenge

Lots of linux stuff out there that will get WPA access, like (see edit XXXXXXXX) and the likes - oddly or not oddly these same people run security courses! They have already cracked WPA2.

Such is life I guess...

mumhaabu

Distribute Trojans and Viruses to whoever hacks your wifi router or one of those ones that melts the processor chip!

crawler

That usually works the other way around - the bad guys are usually very clever and not all the bad guys are bad guys by the way

Cabaal

MOVING TO WIRELESS

Sherifu

WPA2 ftw.(until it's cracked too)

crawler

WPA2 has been cracked...

StickyMcGinty

crawler wrote: »

WPA2 has been cracked...

are you talking about just brute forcing the handshake in WPA2-PSK?? Any strong password will make it infeasible to crack

Sherifu

crawler wrote: »

WPA2 has been cracked...

From the link in the OP;

"A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck, but many WPA2 routers also support WPA."

crawler

Not going into specifics as some things are best left not said - any form of unchanging wireless broadcast network can be cracked with enough time and the right tools. The best practice is to use WPA2 and change your password frequently enough using a mix of upper and lower alphas, numerics and symbols.

crawler

StickyMcGinty wrote: »

are you talking about just brute forcing the handshake in WPA2-PSK?? Any strong password will make it infeasible to crack

infeasible does not equal impossible

Sherifu

If my neighbours are willing to spend that long cracking my wireless connection they're welcome to try. It's already a good old mix of symbols over 40 characters long afair. I think i'll hold off on the mac address filtering for the moment.

crawler

Me too, someone did try with mine - until they hit the IPSec tunnel and the fact that the SSIDs were fake....still, ya gotta love a tryer! Mind you some very good dictionaries and tables starting to appear...

MunsterCycling

Random 63 characters, number etc so would like to see a dictionary attack get past that.

MC

AlmightyCushion

MunsterCycling wrote: »

Random 63 characters, number etc so would like to see a dictionary attack get past that.

MC

Ditto. I've been intending to change it on a regular basis but that would mean having to manually enter it on the ps3 every time. Way too much effort.

MunsterCycling

Memory stick and copy and paste, yer only way...

MC

Jonathan

It is great having technologically incompetent neighbours.

AlmightyCushion

MunsterCycling wrote: »

Memory stick and copy and paste, yer only way...

MC

I do that for the pcs and laptops but I don't think you can do that for the ps3.

kazzer

crawler wrote: »

Me too, someone did try with mine - until they hit the IPSec tunnel and the fact that the SSIDs were fake....still, ya gotta love a tryer! Mind you some very good dictionaries and tables starting to appear...

Can you tell me how to set this up?! Or a link to a guide? Getting paranoid now with my default ssid and my 8 character passphrase.

kazzer

AlmightyCushion wrote: »

I do that for the pcs and laptops but I don't think you can do that for the ps3.

Do what exactly? Copy a key from a memory stick?

AlmightyCushion

kazzer wrote: »

Do what exactly? Copy a key from a memory stick?

Basically I save the key to a txt file on my memory stick. It's handy for connecting multiple pcs to the wireless because all I have to do is copy and paste it in. The ps3 on the other hand doesn't support this, or at least not that I know of.

MunsterCycling

No PS3 so can't comment on that AC

MC

AlmightyCushion

Well I haven't really thought about it much. Must look into it. Also, about your sig. That boffer "screw you" charge is £5 sterling so it will work out at more than €5.

Jonathan

MunsterCycling wrote: »

No PS3 so can't comment on that AC

MC

Initials overload

eddhorse

And when you are finished with your USB stick give it to your neighbour.

Nothing like "Physical Security".

Stick with cables it the only way....wireless was only a fad..

AlmightyCushion

eddhorse wrote: »

And when you are finished with your USB stick give it to your neighbour.

Or put it back on top of the router where it's been for months.

MunsterCycling

AlmightyCushion wrote: »

Well I haven't really thought about it much. Must look into it. Also, about your sig. That boffer "screw you" charge is £5 sterling so it will work out at more than €5.

Sorted, really laugh to think they still have that quaint currency!

That ok JMCC?

Jonathan

MunsterCycling wrote: »

That ok JMCC?

Smart arse