WPA Hacked?

I read that WPA wireless encryption has been hacked and should not be used.
True?

Jack Simmons wrote:
> I read that WPA wireless encryption has been hacked and should not be used.
> True?
>
>
This was pulled from a previous posting.

> From the weakest to the strongest, Wireless security capacity is.
No Security
MAC______(Band Aid if nothing else is available).
WEP64____(Easy, to "Break" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).
WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).
Note 1: WPA-AES the the current entry level rendition of WPA2.
Note 2: If you use WinXP and did not updated it you would have to
download the WPA2 patch from Microsoft.
http://support.microsoft.com/kb/893357

The Core differences between WEP, WPA, and WPA2 -
http://www.ezlan.net/wpa_wep.html

The only part of WPA that is "hacked" is the use of weak passwords and
access being broken via brute force attacks. This "vulnerability" exists
anytime you use a weak password with any encryption method.


On 11/12/08 8:46 AM, in article (E-Mail Removed),
"Big_Al" <(E-Mail Removed)> wrote:

> Jack Simmons wrote:
>> I read that WPA wireless encryption has been hacked and should not be used.
>> True?
>>
>>
> This was pulled from a previous posting.
>
>> From the weakest to the strongest, Wireless security capacity is.
> No Security
> MAC______(Band Aid if nothing else is available).
> WEP64____(Easy, to "Break" by knowledgeable people).
> WEP128___(A little Harder, but "Hackable" too).
> WPA-PSK__(Very Hard to Break).
> WPA-AES__(Not functionally Breakable)
> WPA2____ (Not functionally Breakable).
> Note 1: WPA-AES the the current entry level rendition of WPA2.
> Note 2: If you use WinXP and did not updated it you would have to
> download the WPA2 patch from Microsoft.
> http://support.microsoft.com/kb/893357
>
> The Core differences between WEP, WPA, and WPA2 -
> http://www.ezlan.net/wpa_wep.html

"Mark Martin" <(E-Mail Removed)> wrote in message
news:C54061F3.BB9E%(E-Mail Removed)...
> The only part of WPA that is "hacked" is the use of weak passwords and
> access being broken via brute force attacks. This "vulnerability" exists
> anytime you use a weak password with any encryption method.

So it technically isn't really even "hacked",...it is simply just
discovering a password due to weak passwords which can happen with virtually
anything.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Jack Simmons wrote:
> I read that WPA wireless encryption has been hacked and should not be used.
> True?
>
>

Yes and no.

There are basically 3 encryption standards available to home wifi users,
WEP, WPA, and WPA2. By 2001, WEP encryption could be defeated in about
1 or 2 hours using a regular consumer laptop. More recently, that time
dropped to about 50 seconds. If you are at all concerned about
security, don't use WEP.

WPA is considerably stronger than WEP, and until recently, the main
attack was to repeatedly guess passwords. Using a strong password is the
main defense to this sort of attack.

A few days ago, a paper was published describing a method of attacking
WPA. The authors claim to be able to break WPA with about 12-15 minutes
of access to a WPA-protected network. There are, however, two "flavors"
of WPA.

In order to permit WEP-capable systems to be firmware or driver
upgradable to WPA, one type of WPA uses a technique called TKIP, which
is a modification of the technique used in WEP. WPA-TKIP is the type of
WPA that is the subject of the paper.

The attack described will not work on the other type of WPA, which is
called WPA-AES. AES is a much stronger encryption algorithm than the
one used with WPA-TKIP. AES is also used in WPA2.

The attack is not complete decryption of all transmissions, but is still
worrying.

Thus, if your hardware permits, use WPA2-PSK or WPA-PSK (AES). If your
hardware only permits WPA-PSK (TKIP), then the authors of the paper
suggest lowering the rekeying interval from the usual default of 3600
seconds to 120 seconds or less.

For further info, see
http://arstechnica.com/articles/paed...-cracked.ars/2
--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm

Mark Martin wrote:
> The only part of WPA that is "hacked" is the use of weak passwords and
> access being broken via brute force attacks. This "vulnerability" exists
> anytime you use a weak password with any encryption method.
>
No longer accurate. See my other post

--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm

Yeah, I heard about that news too. My understanding is that WPA with TKIP
and/or weak password is no longer safe. On the other hand, WPA (or WPA2)
with AES and/or strong password is still unbreakable.

http://www.itworld.com/security/5728...yption-cracked

"Jack Simmons" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I read that WPA wireless encryption has been hacked and should not be used.
>True?
>

Hi
If you read the technical condition under which it was "Hacked", you would
see that it is Not very practical to employ.
I do not thing that End-Users need to worry.
Jack (MS, MVP-Networking)

"Jack Simmons" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I read that WPA wireless encryption has been hacked and should not be used.
>True?
>