Slashdot Mirror

← Back to Stories (view on slashdot.org)

WPA Encryption Cracked In 60 Seconds

Posted by timothy on from the nicholas-cage-has-an-alibi dept.

carusoj writes "Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level. The earlier attack worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm."

8 of 322 comments (clear)

  1. Gayz by Anonymous Coward · · Score: -1, Troll

    Gayz

  2. Slashdot sucks... by fractalVisionz · · Score: 1, Troll

    Slashdot sucks, eat my shorts.

    (Haha, we broke into your WPA v1, in less than a minute - Japanese Researchers)

  3. We will need swift legislation then... by Anonymous Coward · · Score: -1, Troll

    ...to make the use of any router which does NOT use WPA2/AES encryption illegal. Please call/write your congressperson today to encourage support for swift legislation to outlaw the use of these insecure routers/protocols. Please, think of the children.

  4. How about free secure wireless? by TheLink · · Score: 1, Troll

    But what if I want to provide free AND secure wireless in a user friendly way? What about the people who want to provide free wifi that doesn't allow users to eavesdrop on each other's traffic?

    WiFi security is pretty dismal.

    There's nothing at the level of https - where users can have confidential connections without messing about too much - no need even for "username and password".

    With WiFi, either users have zero security, or they have to enter a username and password (and possibly jump through other hoops).

    I'd love to know if there's an existing way and I'm missing something. Forcing users to use IPSEC does not count as "not jumping through hoops".

    Yes I know, https users still have to beware of MITM attacks, but at least fix WiFi to the https level.

    --
    1. Re:How about free secure wireless? by Anonymous Coward · · Score: -1, Troll

      Bad idea:

      1. Pedobear connects to the open wireless. He gets a low throughput, but enough for a day's fapping.
      2. The 4chan party van comes by and asks the wireless network's owner some very hard questions.
      3. Jury convicts because the prosecutor manages to equate IP address with person (which has a precedent in court by the RIAA.)
      4. Open wireless owner spends 5 to 20 farting mayonnaise and is for the rest of their lives a registered sex offender.

      I'd make router "A" locked down just to keep the wandering pervies and people looking to hide their IPs at bay.

  5. Re:TKIP | AES by Anonymous Coward · · Score: -1, Troll

    Yep, they are all broken. I've personally broken every other protocol aside from what's posted in this article.

  6. Re:The rat race continues.. by Leafheart · · Score: 0, Troll

    [citation needed]

    --
    --- "When you gotta do something wrong. You gotta do it right. (Fighter)"
  7. Re:How Long? by Sir_Lewk · · Score: 1, Troll

    If you are too oblivious to be able to look up the documentation for whatever individual security tools you want to use, then you probably have no business using them in the first place.

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)