Thursday, 27 August 2009

WPA Wi-Fi encryption now cracked in a minute

Wireless networkScientists at the Hiroshima University and Kobe University in Japan revealed that they can break WPA (WiFi Protected Access) encryption in wireless routers, in about one minute.

The initial encryption (WEP) used on wireless routers was cracked a few years ago and was therefore quickly identified as a very weak encryption to use. Industry experts have always suggested to use the much stronger WPA security on your router instead. Great, everyone was happy and felt safe. WPA's TKIP algorithm was first cracked in November 2008 but the exploit by the Japanese takes it to a new level.

Bad news

Once the Japanese scientists make their findings public, users who use the WPA encryption standard will suddenly become vulnerable. The weakness lies specifically in the TKIP (Temporal Key Integrity Protocol) algorithm used by WPA.

Good news

All is not lost though, most of the latest wireless routers available today offers WPA and WPA2 encryption with the much stronger AES (Advanced Encryption Standard) algorithm. The AES algorithm has not been cracked yet (at time of writing anyway, haha).

Stay safe

If you therefore have a wireless network in your home and your wireless router and wireless adapter supports WPA and/or WPA2 encryption, go into the router configuration and change the algorithm option from TKIP to AES.

If only TKIP is supported by your router, then you'll probably be fine for a while but know that the encryption has now been cracked already and you'll eventually be left vulnerable to attacks. WPA/WPA2 with the AES algorithm is the way to go.

Related link
New Attack Cracks Common Wi-Fi Encryption in a Minute - PCWorld

For the Netgear fans

I use a Netgear DG834GT wireless router and the latest firmware version 1.02.19 does support WPA2 with AES but unfortunately the 1.02.19 firmware release is very unstable and causes several other problems as well, as discussed in that blogpost. So that meant I had to downgrade to version 1.02.16 again, which is the latest stable release for the router but unfortunately... it does not support WPA2 with AES!

So I'm sincerely hoping that Netgear will get their act together and release another firmware version soon in order for users of the Netgear DG834GT wireless router to utilise the WPA2 with AES encryption.


Post a Comment

Feel free to leave a Comment!
Please do not post as 'Anonymous'. If you're not registered, rather use the 'Name/URL' option instead.

Name (or nickname) and location is preferred. It simply makes it easier to respond to individual comments. Thanks. :)

Back to top