The Real Story On WPA's Flaw

Glenn Fleishman writes "The reports earlier today on WPA's TKIP key type being cracked were incorrect. I spoke at length with Erik Tews, the joint author of the paper that discloses a checksum weakness in TKIP that allows individual short packets to be decrypted without revealing the TKIP key. I wrote this up for Ars Technica with quite a bit of background on WEP and WPA. Tews's paper, co-written with Martin Beck, whom he credits as discovering and implementing a working crack (in aircrack-ng as a module), describes a way to use a backwards-compatible part of TKIP to exploit a weakness that remains from WEP. ARP packets and similarly short packets can be decoded. Longer packets are likely still safe, and TKIP hasn't been cracked. Don't believe the hype, but the exploit is still notable."

Re:A crack

[ledow]

Someone didn't RTFA.

WPA isn't broken. TKIP (and *ONLY* TKIP) has a flaw which means it is susceptible for small packets, assuming that people are able to send unlimited amounts of data at the router and have it respond to that data - this might even be fixable in firmware by implementing the same time limits as WPA2 uses for such things.

TKIP is an *option* in the standard, the alternative being the still-secure AES. So one (little-used) protocol out of two (or more) possible protocols in an ageing standard that has been superceded in all practically available hardware by WPA2, has a flaw in that an attacker who can send unlimited data and recieved unlimited responses to that data may, after lots of analysis be able to craft a *small* packet (which is admittedly no worse or better than being able to generate any packet). It's a crack, yes, but you can:

Use AES instead of TKIP
Wait for the manufacturers to put out an updated firmware
Use WPA2 (which is probably the default already)

It isn't the end of the world, but the horsemen of the Apocalypse might well be getting their horses some nice new shoes ready...