Quote:
Originally Posted by fastboi
so is there any news on this one or not really?
|
Not Really.
There has been a lot of hype over this particular attack in the last few days, and I want people to understand that this only another partial break in WPA.
Anyone who's using WPA should not panic over this. Yes, it's compromised, but this is just a faster version of the Tews-Beck attack. Tews-Beck, basically the WEP chopchop attack with a timer, came out last year. This is very a slight refinement that reduces the time to inject from about 15 minutes to about 1 minute by offloading the CRC checks to the attacker instead of using the AP failure messages to do the work.
This attack allows disclosure of the MIC key. That in turn allows for injection of limited number of packets
but does not disclose the WPA encryption key. Now, packet injection is a bad thing, but the amount that can be injected is limited by several factors.
While switching to a stronger encryption method is always a good idea, this isn't going to allow wide attacks on WPA encrypted networks. It is just a refinement to an existing, limited attack. WPA was always known to be somewhat vulnerable since it was introduced, as WPA is based on WEP for backward compatibility reasons.
The mildly paranoid among us switched to WPA2 when it was first introduced. The moderately paranoid switched to WPA-RADIUS. The truly paranoid don't even use wireless.
The bottom line is that this is another warning shot to WPA, which as I stated, has been know to be somewhat weak since its very introduction. If people are still using WPA, they ought to be actively planning to a switch to WPA2 or better, as soon as is reasonably possible.