Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > WPA Hacked?

Reply
Thread Tools

WPA Hacked?

 
 
Jack Simmons
Guest
Posts: n/a
 
      11-12-2008
I read that WPA wireless encryption has been hacked and should not be used.
True?


 
Reply With Quote
 
 
 
 
Big_Al
Guest
Posts: n/a
 
      11-12-2008
Jack Simmons wrote:
> I read that WPA wireless encryption has been hacked and should not be used.
> True?
>
>

This was pulled from a previous posting.

> From the weakest to the strongest, Wireless security capacity is.

No Security
MAC______(Band Aid if nothing else is available).
WEP64____(Easy, to "Break" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).
WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).
Note 1: WPA-AES the the current entry level rendition of WPA2.
Note 2: If you use WinXP and did not updated it you would have to
download the WPA2 patch from Microsoft.
http://support.microsoft.com/kb/893357

The Core differences between WEP, WPA, and WPA2 -
http://www.ezlan.net/wpa_wep.html
 
Reply With Quote
 
 
 
 
Mark Martin
Guest
Posts: n/a
 
      11-12-2008
The only part of WPA that is "hacked" is the use of weak passwords and
access being broken via brute force attacks. This "vulnerability" exists
anytime you use a weak password with any encryption method.


On 11/12/08 8:46 AM, in article http://www.velocityreviews.com/forums/(E-Mail Removed),
"Big_Al" <(E-Mail Removed)> wrote:

> Jack Simmons wrote:
>> I read that WPA wireless encryption has been hacked and should not be used.
>> True?
>>
>>

> This was pulled from a previous posting.
>
>> From the weakest to the strongest, Wireless security capacity is.

> No Security
> MAC______(Band Aid if nothing else is available).
> WEP64____(Easy, to "Break" by knowledgeable people).
> WEP128___(A little Harder, but "Hackable" too).
> WPA-PSK__(Very Hard to Break).
> WPA-AES__(Not functionally Breakable)
> WPA2____ (Not functionally Breakable).
> Note 1: WPA-AES the the current entry level rendition of WPA2.
> Note 2: If you use WinXP and did not updated it you would have to
> download the WPA2 patch from Microsoft.
> http://support.microsoft.com/kb/893357
>
> The Core differences between WEP, WPA, and WPA2 -
> http://www.ezlan.net/wpa_wep.html


 
Reply With Quote
 
Phillip Windell
Guest
Posts: n/a
 
      11-12-2008
"Mark Martin" <(E-Mail Removed)> wrote in message
news:C54061F3.BB9E%(E-Mail Removed)...
> The only part of WPA that is "hacked" is the use of weak passwords and
> access being broken via brute force attacks. This "vulnerability" exists
> anytime you use a weak password with any encryption method.


So it technically isn't really even "hacked",...it is simply just
discovering a password due to weak passwords which can happen with virtually
anything.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


 
Reply With Quote
 
Lem
Guest
Posts: n/a
 
      11-12-2008
Jack Simmons wrote:
> I read that WPA wireless encryption has been hacked and should not be used.
> True?
>
>


Yes and no.

There are basically 3 encryption standards available to home wifi users,
WEP, WPA, and WPA2. By 2001, WEP encryption could be defeated in about
1 or 2 hours using a regular consumer laptop. More recently, that time
dropped to about 50 seconds. If you are at all concerned about
security, don't use WEP.

WPA is considerably stronger than WEP, and until recently, the main
attack was to repeatedly guess passwords. Using a strong password is the
main defense to this sort of attack.

A few days ago, a paper was published describing a method of attacking
WPA. The authors claim to be able to break WPA with about 12-15 minutes
of access to a WPA-protected network. There are, however, two "flavors"
of WPA.

In order to permit WEP-capable systems to be firmware or driver
upgradable to WPA, one type of WPA uses a technique called TKIP, which
is a modification of the technique used in WEP. WPA-TKIP is the type of
WPA that is the subject of the paper.

The attack described will not work on the other type of WPA, which is
called WPA-AES. AES is a much stronger encryption algorithm than the
one used with WPA-TKIP. AES is also used in WPA2.

The attack is not complete decryption of all transmissions, but is still
worrying.

Thus, if your hardware permits, use WPA2-PSK or WPA-PSK (AES). If your
hardware only permits WPA-PSK (TKIP), then the authors of the paper
suggest lowering the rekeying interval from the usual default of 3600
seconds to 120 seconds or less.

For further info, see
http://arstechnica.com/articles/paed...-cracked.ars/2
--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm
 
Reply With Quote
 
Lem
Guest
Posts: n/a
 
      11-12-2008
Mark Martin wrote:
> The only part of WPA that is "hacked" is the use of weak passwords and
> access being broken via brute force attacks. This "vulnerability" exists
> anytime you use a weak password with any encryption method.
>

No longer accurate. See my other post

--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm
 
Reply With Quote
 
John
Guest
Posts: n/a
 
      11-12-2008
Yeah, I heard about that news too. My understanding is that WPA with TKIP
and/or weak password is no longer safe. On the other hand, WPA (or WPA2)
with AES and/or strong password is still unbreakable.

http://www.itworld.com/security/5728...yption-cracked

"Jack Simmons" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I read that WPA wireless encryption has been hacked and should not be used.
>True?
>



 
Reply With Quote
 
Jack
Guest
Posts: n/a
 
      11-14-2008
Hi
If you read the technical condition under which it was "Hacked", you would
see that it is Not very practical to employ.
I do not thing that End-Users need to worry.
Jack (MS, MVP-Networking)

"Jack Simmons" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I read that WPA wireless encryption has been hacked and should not be used.
>True?
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco WLC (WPA-TKIP) & iPad's - WPA MIC Error b_rizza Cisco 0 05-21-2010 05:52 AM
WPA PSK vs WPA Personal (D-Link products) Mike Webb Wireless Networking 6 02-13-2008 07:07 PM
WPA-PSK & WPA Dave Cox Wireless Networking 4 02-15-2006 10:11 PM
LEAP (or WPA-Ent) and WPA-PSK to work on a single 1200AP??? hax3 Cisco 10 10-05-2005 07:19 PM
Re: Using DLink DWL-G520+ with Q815485 but no WPA-PSK or any WPA? R.H. Wireless Networking 0 06-19-2004 05:51 AM



Advertisments