Once thought safe, WPA Wi-Fi encryption is cracked
Researchers plan to disclose a partial crack of the WPA wireless security standard next week.
View full article »
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
This article seems a little
This article seems a little misleading. The issue appears to be a sort of vulnerability in the TKIP method of encryption, not so much the WPA transport layer itself. Unless the WPA transport is whats broken. WPA2 uses the same type of encryption even though the transport layer itself is different.On the other hand, if you are using WPA in a corporate environment (even a small one), you should be using WPA/2 Enterprise and not Personal.
While I'm no security expert, my opinion here is just that of a lowly network admin.
WPA2
I thought WPA2 specifies the option to use AES (CCMP) which is totally different from WPA (TKIP), based on the RC4 cipher. I understand WPA2 is also backwards compatible, but wouldn't using AES CCMP mitigate this attack?WPA2 is NOT the same as WPA
>>I thought WPA2 specifies the option to use AES (CCMP) >>which is totally different from WPA (TKIP),That's correct. If you're configured for WPA2 Enterprise (e.g. EAP-TLS) or WPA2 Personal (pre-shared key) you're using AES/CCMP exclusively.
There is a mixed mode that some authentication software supports (e.g. hostapd) which uses TKIP/RC4 for group traffic and either TKIP/RC4 or AES/CCMP for unicast traffic depending on the STA.
While I agree that AES/CCMP is stronger encryption than TKIP/RC4, I'd love to see the details that demonstrate that simply by snooping on existing traffic you can determine the keys. While that's possible with WEP, I don't think that's possible given nonce/sonce used in the WPA 4-way handshaking. Now, given WPA pre-shared keys can be as short as eight ASCII characters, dictionary attacks make either WPA Personal or WPA2 Personal vulnerable.
If you're a network administrator who is serious about security, you'll avoid sharing keys altogether by using EAP, or you'll use long hex keys instead of a short ASCII passphrase.
Broken Already
Renowned CCIE Gregg Davis already cracked WPA TKIP last year.WPA-PSK is broken
Can somebody verify that WPA / TKIP can not be compromised if RADIUS is utilized in Cisco LWAPP environment?TKIP cracked even if PEAP / EAP auth is utilized via RADIUS
TKIP cracked even if PEAP / EAP authentication is utilized via RADIUSreplica bags
Your comments on this question are pertinent replica bags .And people always do things like and they don't know what they replica handbags are doing at the same time .It is a really common fault .replica bags
I'am crazy about replica handbags . I think these replica bags are very attractive .Laptop Battery Laptop
Laptop Battery Laptop Battery Laptop BatteriesLaptop Batteries discount laptop battery
discount laptop battery
notebook battery notebook battery
computer battery computer battery
replacement laptop battery replacement laptop battery
notebook batteries notebook batteries