Forgot your password?
Wireless Networking Security Hardware

WPA Encryption Cracked In 60 Seconds 322

Posted by timothy
from the nicholas-cage-has-an-alibi dept.
carusoj writes "Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level. The earlier attack worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm."
This discussion has been archived. No new comments can be posted.

WPA Encryption Cracked In 60 Seconds

Comments Filter:
  • Re:How Long? (Score:5, Informative)

    by 0100010001010011 (652467) on Thursday August 27, 2009 @02:46PM (#29220577)

    Backtrack really doesn't "do" anything, it's just an awesome integration of separate tools.

    aircrack is the base package that would most probably implement this.

  • by Hijacked Public (999535) on Thursday August 27, 2009 @02:49PM (#29220617)

    This list [] is still accurate, if you apply the comment on #4 up to #5 as well.

    And run DD-WRT.

  • by v1 (525388) on Thursday August 27, 2009 @02:51PM (#29220677) Homepage Journal

    It's probably not so much a matter of what base crypto they're using (a la AES, SHA, etc) but how they're implementing the key exchange when negotiating the connection. Implement good crypto wrong and you open the door. Initial negotiations between parties is a tricky, multistep affair for good security, to prevent MITM.

  • Re:so, uh, (Score:4, Informative)

    by rawls (1462507) on Thursday August 27, 2009 @02:58PM (#29220783) Homepage
    The original paper is here []
  • Re:Slashdot sucks... (Score:2, Informative)

    by Anonymous Coward on Thursday August 27, 2009 @02:58PM (#29220795)
    Jokes are supposed to be funny.
  • by arndawg (1468629) on Thursday August 27, 2009 @03:03PM (#29220861)
    That's why if you have really important information going through the wireless. You either A) Use a VPN tunnel or B) Don't use wireless.
  • As usual (Score:5, Informative)

    by trifish (826353) on Thursday August 27, 2009 @03:03PM (#29220873)

    And the most important piece of information comes at the very end of the summary (just not to diminish the sensation or prevent FUD):

    They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

  • It wasn't broken (Score:5, Informative)

    by mx_mx_mx (1625481) on Thursday August 27, 2009 @03:06PM (#29220919)
    They have just found a way to decrypt a packet using the WEP chopchop algorithm. Master key can't still be recovered. Move along, this isn't news
  • by Chris Burke (6130) on Thursday August 27, 2009 @03:10PM (#29220985) Homepage

    The question is can anything be secure in the long term if an attacker can monitor the conversation between alice and bob 24/7?

    Yes. It's a basic assumption in communication security that your communication medium is insecure and can be monitored or modified at will by an attacker.

    You can design an authentication/key exchange protocol so that the only way to access the data is to break the encryption algorithm, or via social engineering.

    You can design an encryption algorithm so that it cannot be broken except by a brute force attack in an infeasible amount of time, meaning like 1000 years assuming Moore's Law continues unabated the whole time and major world governments want your data.

    It's just a tricky thing to get right. And sometimes (WEP) it seems like they weren't even trying.

  • Wireless Routers (Score:2, Informative)

    by Wowlapalooza (1339989) on Thursday August 27, 2009 @03:11PM (#29220997)

    Minor nitpick with the article: WPA is a general wireless security protocol[1] which isn't limited to wireless routers. Regular APs (Access Points) use it, as of course do wireless clients.

    [1] Actually, to nitpick myself, WPA isn't even technically a protocol, it's a certification program which confirms that particular devices implement the IEEE 802.11i standard

  • by radish (98371) on Thursday August 27, 2009 @03:12PM (#29221029) Homepage

    MAC filters are worthless, always have been (it's trivial to change the MAC on a device to a whitelisted one). And I don't see any evidence that WPA2/AES is "fast becoming insecure", as this attack specifically doesn't work against that setup.

  • by xianthax (963773) on Thursday August 27, 2009 @03:31PM (#29221325)

    "Shielded Network Cables"

    have virtually no impact on emissions from the cable, and do have no impact if your equipment doesn't have shielded connectors which is unlikely, a shield that is not properly grounded will create higher emissions and increase external noise pickup. Shielding on Ethernet cables is to limit noise going into the wire, and is only effective at lower frequencies, its mostly for keeping 50/60Hz mains noise off the wires.

    You could install ferrites on the cable to limit common mode noise but i don't see a security benefit to that.

    The EM field from a network cable is already _extremely_ low do to it being a differential signal carried on a twisted pair i'd be extremely impressed if you could enough of a field to pick up the differential mode signal without physical contact with the bare wires. if you are getting emissions you are better off solving that problem with higher quality cable with lower resistance copper and tighter / more consistent twists in the pairs. If your getting high emissions your probably having trouble getting data through the cable anyway, if the EM fields aren't canceling you aren't getting a clean differential mode signal out the other end.

  • by mcrbids (148650) on Thursday August 27, 2009 @03:59PM (#29221813) Journal

    Are you *positive* that the VPN connection is uncrackable?

    No, and nobody ever is. Which is why security protocols are so conservatively deployed. Protocols are proposed and analyzed by lots of people who are (hopefully) much smarter than you or I. Protocols that withstand years of this scrutiny and review are slowly trusted more and more (EG: SSL) over other protocols that get picked apart. (like WEP)

    If it's going over wireless, then if someone is recording the cyphertext, they will be able to recover the VPN cyphertext out of the WPA cyphertext. If they then know of a way to recover the 'cleartext' from the VPN cyphertext, then you are still leaking your data.

    This whole paragraph makes no sense at all, and makes it clear that you do not understand encryption, especially dual-key cryptography. Please RTFM.

    If the VPN system is so secure, why aren't we using it for the wireless connection? That is, make the wireless network a VPN using the same algorithms you use for your VPN?

    WEP, WPA, and AES are protocols that logically establish a sort of Virtual Private Network on otherwise public radio waves. The main difference between these protocols and a true VPN is that they aren't layered on top of IP, like a VPN, but are instead layered on the datagram protocol of the radio signal itself. The problem is that WEP was quickly implemented and was never really peer reviewed. Thus, it had numerous flaws that were discovered very quickly.

    From a security standpoint, WEP is sort of like locking your ground-floor window. It allows you to announce your intention of privacy, but it's quite easily compromised by somebody with the digital equivalent of the nearest rock.

  • Not new (Score:5, Informative)

    by MobyDisk (75490) on Thursday August 27, 2009 @04:00PM (#29221835) Homepage

    TKIP was fundamentally broken, by design. We knew that. TKIP was invented as an intermediate encryption that could run on the same hardware that WEP ran on. It allowed router manufacturers to use something better than WEP without having to beef-up their hardware. It worked well, and bought several years before it was completely broken. Anyone who has a router using TKIP bought at a bad time, and is stuck with something that's only a little better than WEP. The solution is to buy a router that supports WPA2, which has real AES encryption.

  • by Cyner (267154) on Thursday August 27, 2009 @04:10PM (#29222023) Homepage
    SMC SMC10GPCIE-XFP 10Gbps Ethernet Card, available at NewEgg []
  • Re:How Long? (Score:2, Informative)

    by mftb (1522365) on Thursday August 27, 2009 @04:16PM (#29222141) Homepage


  • by dissy (172727) on Thursday August 27, 2009 @04:24PM (#29222299)

    When your options for your internet connection top out below 10mbps, does it matter that your LAN can only do 22? Or 144?

    Yes, it matters.

    It might not be needed for you, if all you use your PCs for is to use the internet, but not talk to each other heavily.

    Others however have an internal autonomous network of machines that all talk to each other and only occasionally out to the internet.

    Running a fileserver to play videos on your multiple entertainment PC devices on TVs, tossing large files around, running onsite+online backups... None of those things need an internet connection at all to do, yet there is a slight noticeable difference between doing them at 11mbit and doing them at 1000.

  • by azrider (918631) on Thursday August 27, 2009 @04:30PM (#29222409)

    TKIP was fundamentally broken, by design. We knew that. TKIP was invented as an intermediate encryption that could run on the same hardware that WEP ran on.

    TKIP (Timed Key Interchange Protocol, for those who don't know) does have a weak spot. This is that the new key is sent out from the access point on a regular basis. Cisco's implementation (supported by most companies that supply 802.11a equipment) makes two changes. One is that the time value set is a maximum value (the key change interval is actually random). The other is that the new key is sent via the encrypted session. You therefore have to have cracked the old key to receive the new key.

    It will be interesting to see if that is discussed when the paper is presented.

  • by JoshuaZ (1134087) on Thursday August 27, 2009 @05:05PM (#29223041) Homepage
    Doesn't work. You can't transmit this way more bits than your pad started with. So you end up with just as many bits worth of shared random data that you started with.
  • by Anonymous Coward on Thursday August 27, 2009 @08:14PM (#29225321)
    Tomato handles AES too.
  • Re:I'm safe. (Score:4, Informative)

    by marcansoft (727665) <> on Friday August 28, 2009 @01:30AM (#29227333) Homepage

    Nintendo loves the ancient concept of having games statically link the system libraries and drivers (they still do that, even for the Wii). That's the reason - each WiFi-enabled game includes a copy of the WiFi setup screen and talks directly to the hardware. They've (shortsightedly) defined the DS hardware to support WEP only, and they can't change that now without breaking existing software.

    I've already ranted about this before. Basically, Nintendo has locked themselves out of practically any update or improvement on both the DS and Wii fronts. For example, they will never be able to improve upon the Wii home menu, since a copy of it is bundled with every game and they can't replace it. The only exception to this rule are the IOS drivers for Wii titles, which are upgradable, but they make up for that by using retardedly low-level interfaces for them and apparently having policies in place of never touching existing versions of IOS except for security purposes (i.e. closing exploits). This is, say, why a system-level all-game background WiiSpeak VoIP will never, ever happen.

  • by Sique (173459) on Friday August 28, 2009 @07:17AM (#29228841) Homepage

    Or to be more specific:

    Let's call the first OTP P1 and the new one P2.

    We encrypt Message M1 with P1 by using M1^P1, then we send the new Pad P2 as P1^P2. Finally we send M2 encrypted with P2.

    To guess a part of M2 with a known part of M1, you just do:

    (M1^P1)^(P1^P2)^(P2^M2), and you get M1^(P1^P1)^(P2^P2)^M2 = M1^M2.

    So each part of M1 you already know reveals a part of M2.

With your bare hands?!?