WPA Hacked?

Discussion in 'Wireless Networks' started by Jack Simmons, Nov 12, 2008.

  1. Jack Simmons

    Jack Simmons Guest

    I read that WPA wireless encryption has been hacked and should not be used.
    True?
     
    Jack Simmons, Nov 12, 2008
    #1
    1. Advertisements

  2. Jack Simmons

    Big_Al Guest

    This was pulled from a previous posting.
    No Security
    MAC______(Band Aid if nothing else is available).
    WEP64____(Easy, to "Break" by knowledgeable people).
    WEP128___(A little Harder, but "Hackable" too).
    WPA-PSK__(Very Hard to Break).
    WPA-AES__(Not functionally Breakable)
    WPA2____ (Not functionally Breakable).
    Note 1: WPA-AES the the current entry level rendition of WPA2.
    Note 2: If you use WinXP and did not updated it you would have to
    download the WPA2 patch from Microsoft.
    http://support.microsoft.com/kb/893357

    The Core differences between WEP, WPA, and WPA2 -
    http://www.ezlan.net/wpa_wep.html
     
    Big_Al, Nov 12, 2008
    #2
    1. Advertisements

  3. Jack Simmons

    Mark Martin Guest

    The only part of WPA that is "hacked" is the use of weak passwords and
    access being broken via brute force attacks. This "vulnerability" exists
    anytime you use a weak password with any encryption method.
     
    Mark Martin, Nov 12, 2008
    #3
  4. So it technically isn't really even "hacked",...it is simply just
    discovering a password due to weak passwords which can happen with virtually
    anything.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Nov 12, 2008
    #4
  5. Jack Simmons

    Lem Guest

    Yes and no.

    There are basically 3 encryption standards available to home wifi users,
    WEP, WPA, and WPA2. By 2001, WEP encryption could be defeated in about
    1 or 2 hours using a regular consumer laptop. More recently, that time
    dropped to about 50 seconds. If you are at all concerned about
    security, don't use WEP.

    WPA is considerably stronger than WEP, and until recently, the main
    attack was to repeatedly guess passwords. Using a strong password is the
    main defense to this sort of attack.

    A few days ago, a paper was published describing a method of attacking
    WPA. The authors claim to be able to break WPA with about 12-15 minutes
    of access to a WPA-protected network. There are, however, two "flavors"
    of WPA.

    In order to permit WEP-capable systems to be firmware or driver
    upgradable to WPA, one type of WPA uses a technique called TKIP, which
    is a modification of the technique used in WEP. WPA-TKIP is the type of
    WPA that is the subject of the paper.

    The attack described will not work on the other type of WPA, which is
    called WPA-AES. AES is a much stronger encryption algorithm than the
    one used with WPA-TKIP. AES is also used in WPA2.

    The attack is not complete decryption of all transmissions, but is still
    worrying.

    Thus, if your hardware permits, use WPA2-PSK or WPA-PSK (AES). If your
    hardware only permits WPA-PSK (TKIP), then the authors of the paper
    suggest lowering the rekeying interval from the usual default of 3600
    seconds to 120 seconds or less.

    For further info, see
    http://arstechnica.com/articles/paedia/wpa-cracked.ars/2
    --
    Lem -- MS-MVP

    To the moon and back with 2K words of RAM and 36K words of ROM.
    http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
    http://history.nasa.gov/afj/compessay.htm
     
    Lem, Nov 12, 2008
    #5
  6. Jack Simmons

    Lem Guest

    Lem, Nov 12, 2008
    #6
  7. Jack Simmons

    John Guest

    John, Nov 12, 2008
    #7
  8. Jack Simmons

    Jack Guest

    Hi
    If you read the technical condition under which it was "Hacked", you would
    see that it is Not very practical to employ.
    I do not thing that End-Users need to worry.
    Jack (MS, MVP-Networking)
     
    Jack, Nov 14, 2008
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.