Thanks for the note. Some questions I would have before panicking.
At the low end, the common wisdom has been to use WPA-PSK (TKIP ) with a very long passphrase. I'm not sure this attack works with long passphrase but if it's not a dictionary attack, maybe it does? WPA-PSK (with long passphrase) is very valuable for devices that only supports it and for Home/Soho environments. The other question I would have is does it impact WPA-Enterprise (TKIP encryption with rotating keys?). Yes, WPA2 with AES is great but it's slower and takes up more processing (meaning less battery life on handheld devices). I get a sense that all some people are interested in saying is "wireless security is futile, we told you!" which is a little annoying and counterproductive. OK, the motive is to publish papers and fill conference seats but it's still annoying for wireless LAN architects, sysadmin and instructors. Half the secret to a successful deployment is understanding where the flaws really are. In Infosec (the other stuff I teach), risk assessment is a huge portion of information security. Where exactly are the risks here? I guess we'll only find out after the "full house" presentation at PacSec? ;-) You can't buy this type of advertising! :-) Jonn Martell, CWNE #47 [EMAIL PROTECTED] (not speaking on behalf of my EDU). On Thu, Nov 6, 2008 at 6:14 AM, Mike King <[EMAIL PROTECTED]> wrote: > Just saw this on one of my RSS feeds > http://www.pcworld.com/businesscenter/article/153396/once_thought_safe_wpa_wifi_encryption_is_cracked.html > > The short list of points: > 1. Only affects WPA (NOT WPA2) > 2. Only affects TKIP (NOT AES) > 3. Only affects traffic from router to PC (NOT PC to router) > Can also be used to send bogus info from router to PC > 4. Takes approx 12-15 minutes to crack key > 5. Some of the code used to demonstrate this was added to Aircrack-ng two > weeks ago. > Authors state this is not the dictionary attack that has been around for > awhile, but a new way to "trick" the router into sending the attacker larges > amount of data, and a new cryptographic attack that decodes the WPA TKIP > key. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
