EggXpert

New attack cracks common Wi-Fi encryption in a minute

ComputerWorld
Aug. 29, 2009

Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to....

Continue reading here.

This is why I dropped TKIP+AES to just AES some time back.  The switch is painless, just change to AES (may have to re-enter your password -- which is a extremely long random string of alphanumeric with symbols (ASCII) right?).  Of course I am using "unaffected" WPA2--hopefully so is everyone else.  But you have to wonder how long before....

[originally posted by me on HardwareGuys] 

There are some video's out there as well as text files on how to break WEP and what you will need to do it.

During conferences like Def-Con and Blackhat they do war drive around here and will go around cracking anyone’s router that has WEP enabled encryption.

---

There are Linux tools, some of which come pre-packaged with the Linux installation media for some distros will automatically crack open a WEP protected access point as if there wasn't any encryption on it at all..  WPA2+TKIP will likely meet the same fate..

The problem with running WPA2+AES universally is that a lot of the cheaper wireless routers don't have the computational capabilities to do it well (at full speeds).. So even if you connect at full speeds, the wireless router itself can get overloaded..  I have a Rosewill wireless router that I paid about $15 for with free shipping and although I connect at 54MBits a few feet away from the router, turning on WPA2+AES drops the actual performance of the wireless to around 10MBit, even though I connect at 54MBit the latency of the wireless router itself goes through the roof...   So even in wireless technology, you get what you pay for.  

  I wasn't going to spend much on a wireless router because my entire network is wired for gigabit and I only use it for browsing the web so it's no big deal, but buyer beware of cheap wireless routers that can't do WPA2+AES at their advertised speeds.