This article seems a little misleading. The issue appears to be a sort of vulnerability in the TKIP method of encryption, not so much the WPA transport layer itself. Unless the WPA transport is whats broken. WPA2 uses the same type of encryption even though the transport layer itself is different.
On the other hand, if you are using WPA in a corporate environment (even a small one), you should be using WPA/2 Enterprise and not Personal.
While I'm no security expert, my opinion here is just that of a lowly network admin.
by Anonymous (not verified) on 11/6/08 at 1:56 pm |reply
WPA2
I thought WPA2 specifies the option to use AES (CCMP) which is totally different from WPA (TKIP), based on the RC4 cipher. I understand WPA2 is also backwards compatible, but wouldn't using AES CCMP mitigate this attack?
by Anonymous (not verified) on 11/6/08 at 3:49 pm |reply
WPA2 is NOT the same as WPA
>>I thought WPA2 specifies the option to use AES (CCMP) >>which is totally different from WPA (TKIP),
That's correct. If you're configured for WPA2 Enterprise (e.g. EAP-TLS) or WPA2 Personal (pre-shared key) you're using AES/CCMP exclusively.
There is a mixed mode that some authentication software supports (e.g. hostapd) which uses TKIP/RC4 for group traffic and either TKIP/RC4 or AES/CCMP for unicast traffic depending on the STA.
While I agree that AES/CCMP is stronger encryption than TKIP/RC4, I'd love to see the details that demonstrate that simply by snooping on existing traffic you can determine the keys. While that's possible with WEP, I don't think that's possible given nonce/sonce used in the WPA 4-way handshaking. Now, given WPA pre-shared keys can be as short as eight ASCII characters, dictionary attacks make either WPA Personal or WPA2 Personal vulnerable.
If you're a network administrator who is serious about security, you'll avoid sharing keys altogether by using EAP, or you'll use long hex keys instead of a short ASCII passphrase.
by Anonymous (not verified) on 11/6/08 at 5:08 pm |reply
Broken Already
Renowned CCIE Gregg Davis already cracked WPA TKIP last year.
by Anonymous (not verified) on 11/6/08 at 10:23 pm |reply
WPA-PSK is broken
Can somebody verify that WPA / TKIP can not be compromised if RADIUS is utilized in Cisco LWAPP environment?
by Anonymous (not verified) on 11/10/08 at 5:24 pm |reply
TKIP cracked even if PEAP / EAP auth is utilized via RADIUS
TKIP cracked even if PEAP / EAP authentication is utilized via RADIUS
by Anonymous (not verified) on 11/17/08 at 5:55 pm |reply
replica bags
Your comments on this question are pertinent replica bags .And people always do things like and they don't know what they replica handbags are doing at the same time .It is a really common fault .
by replica handbags (not verified) on 10/24/09 at 2:57 am |reply
Sidekick: The Good News & the Bad News Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Surviving Windows is easier than you think… MKS offers the power of an integrated all-in-one environment and provides you with the Power of UNIX on Windows Learn More
Brought to you by:
Free books
We have 5 copies of these two new books to give to some lucky readers. The deadline for entries is November 30, 2009.
AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.
In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases
built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC
technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability
and performance at a fraction of traditional cost.
On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.
jfruh
pasmith
Esther Schindler
mikelgan
David Strom
sjvn
Sandra Henry-Stocker
Quick, practical advice for IT pros. Made fresh daily.
This article seems a little
This article seems a little misleading. The issue appears to be a sort of vulnerability in the TKIP method of encryption, not so much the WPA transport layer itself. Unless the WPA transport is whats broken. WPA2 uses the same type of encryption even though the transport layer itself is different.On the other hand, if you are using WPA in a corporate environment (even a small one), you should be using WPA/2 Enterprise and not Personal.
While I'm no security expert, my opinion here is just that of a lowly network admin.
WPA2
I thought WPA2 specifies the option to use AES (CCMP) which is totally different from WPA (TKIP), based on the RC4 cipher. I understand WPA2 is also backwards compatible, but wouldn't using AES CCMP mitigate this attack?WPA2 is NOT the same as WPA
>>I thought WPA2 specifies the option to use AES (CCMP) >>which is totally different from WPA (TKIP),That's correct. If you're configured for WPA2 Enterprise (e.g. EAP-TLS) or WPA2 Personal (pre-shared key) you're using AES/CCMP exclusively.
There is a mixed mode that some authentication software supports (e.g. hostapd) which uses TKIP/RC4 for group traffic and either TKIP/RC4 or AES/CCMP for unicast traffic depending on the STA.
While I agree that AES/CCMP is stronger encryption than TKIP/RC4, I'd love to see the details that demonstrate that simply by snooping on existing traffic you can determine the keys. While that's possible with WEP, I don't think that's possible given nonce/sonce used in the WPA 4-way handshaking. Now, given WPA pre-shared keys can be as short as eight ASCII characters, dictionary attacks make either WPA Personal or WPA2 Personal vulnerable.
If you're a network administrator who is serious about security, you'll avoid sharing keys altogether by using EAP, or you'll use long hex keys instead of a short ASCII passphrase.
Broken Already
Renowned CCIE Gregg Davis already cracked WPA TKIP last year.WPA-PSK is broken
Can somebody verify that WPA / TKIP can not be compromised if RADIUS is utilized in Cisco LWAPP environment?TKIP cracked even if PEAP / EAP auth is utilized via RADIUS
TKIP cracked even if PEAP / EAP authentication is utilized via RADIUSreplica bags
Your comments on this question are pertinent replica bags .And people always do things like and they don't know what they replica handbags are doing at the same time .It is a really common fault .replica bags
I'am crazy about replica handbags . I think these replica bags are very attractive .