Chinks Appear in WPA's Wireless Security Armor

A partial crack could signal problems ahead, given today's wide reliance on WPA for wireless security.

Researchers with the British Computer Society (BCS) claim to have cracked the Wi-Fi Protected Access (WPA) wireless security standard and will reveal their findings at the PacSec conference to be held in Tokyo next week.

Researchers Erik Tews and Martin Beck say they broke the Temporal Key Integrity Protocol (TKIP) that provides WPA (define) security, in just under 15 minutes, the BCS quoted PacSec organizer Dragos Ruiu as saying.

WPA is widely used for wireless security in everything from home networks to retail stores to enterprises. It is used in place of the Wired Equivalent Privacy (WEP) protocol, which is considered ineffectual and easily cracked within minutes.

Tews would know. He is one of three students at Darmstadt University of Technology that developed a way to crack the WEP protocol in less than two minutes, according to The Register.

In that attack, they used the Aircrack-ptw WEP key cracking tool. This breaks 104-bit WEP security in less than 60 seconds, according to the Security Hacks Web site.

The news is not all bad -- TKIP is the weaker of two keys that is part of WPA and WPA2 (define), and the stronger AES (Advanced Encryption Standard) key method that can be used with WPA/WPA2 is not vulnerable. You can read about the AES (define) standard in this PDF.

Security experts contacted by InternetNews.com declined to comment until Tews and Beck make their presentation.

This article was first published on InternetNews.com.

Tags: security, server, wireless, privacy

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.