WPA cracked in 60 seconds

2009-08-27

in Geek stuff, Internet matters, Security

WPA is a more secure encryption system for wireless networks than the older WEP system, which was notoriously vulnerable. Now, Japanese researchers have devised an attack that cracks WPA networks using the Temporal Key Integrity Protocol (TKIP) algorithm quickly and easily. So far, WPA2 and WPA using AES are not vulnerable to the attack. On past form, it seems likely that those will eventually become vulnerable to rapid compromise, as well.

The broader point this demonstrates is how attacks always get better and never get worse. As such, the longer any particular system has been deployed, the less likely it is to be secure. Threat analysis needs to be ongoing, and accompanied by the patching and replacement of vulnerable systems. Both because of improving computer power and new mathematical developments, this is especially true when it comes to cryptography. As MC Frontalot explains (in a song that references rainbow tables), “you can’t hide secrets from the future with math.”

Report a typo or inaccuracy

{ 4 comments… read them below or add one }

. December 8, 2009 at 10:37 am

WPA-PSK Cracking As a Service

“Moxie Marlinspike, a security researcher well known for his SSL/TLS attacks, today launched a cloud-based WPA cracking service, where for $34 you can test the security of your WPA password. The WPA Cracker Web site states: ‘WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes.'”

. May 6, 2010 at 10:17 am

Chinese WiFinders with built-in password-crackers
By Cory Doctorow on wifi

NetworkWorld reports on a hot-selling Chinese gadget: a WiFi network-locator with a built-in password cracker. These things show you which networks are available in your area and which password to use to get online with them. Alas, they’re not stand-alone USB keys with a little LCD display, just WiFi cards with some specialized software. I betcha next year’s model is self-contained, though:

With one of the “network-scrounging cards,” or “ceng wang ka” in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people.

The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan ($24), a price that included setup help from a man at the other end of the sprawling, multistory building.

The main piece of the kits, an adapter with a six-inch antenna that plugs into a USB port, comes with a CD-ROM to install its driver and a separate live CD-ROM that boots up an operating system called BackTrack. In BackTrack, the user can run applications that try to obtain keys for two protocols used to secure Wi-Fi networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). After a successful attack by the applications, called Spoonwep and Spoonwpa, a user can restart Windows and use the revealed key to access its Wi-Fi network.

benl June 17, 2010 at 5:27 pm

Tristen

You still haven’t explained (no cyclist with this “belief” has) why a cyclist should get a “rolling yield” at a red light/stop sign when everyone else has to come to a complete stop.

I’m not some anticycling hater driver.. I cycle. I stop completely at every red light and every stop sign. How is this ‘more dangerous’ to me? I’ve never had a collision/incident with a vehicle while stopped at an intersection. What’s the “secret argument” because the only thing I can see is some cyclists don’t want to stop because they don’t want to “break” their momentum, which isn’t really a legally defensible reason, it’s just “more convenient” for the cyclist, not safer. It’s safer for every vehicle sharing the road to obey the same traffic laws. Just because cyclists think it’s a bad law and the cop who gave them a ticket is a ‘jerk’, doesn’t mean it should change to give the cyclist “special dispensation” compared to drivers. The argument doesn’t hold water.

benl June 17, 2010 at 5:28 pm

sorry, wrong board…don’t know how that happened….

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Previous post:

Next post: