Fifteen minutes to crack WPA protocol, says researcher
Wi-Fi Protected Access (WPA) is considered a superior encryption protocol to the aged and inherently flawed WEP (Wired Equivalent Privacy), but it is not without its vulnerability, as one researcher is preparing to demonstrate.
Security researchers are now saying they have refined an existing WPA crack, making it more efficient that earlier reports.
Cryptographic expert Erik Tews will appear at PacSec security conference in Tokyo next week with his presentation, "Gone in 900 seconds: Some Crypto issues with WPA." There, Tews is expected to show off his discoveries in TKIP (Temporal Key Integrity Protocol) cracking, that allow WPA to be broken in a brief 12-15 minute window.
TKIP itself is not really crackable, since it is a Per-Packet Key, but once it is initialized, the Pairwise Master Key (PMK) can be obtained. From there, the conventional method of breaking in involved a brute force dictionary attack, or a long process of elimination by trying millions of options.
PC World says that Tews and his partner Martin Beck have discovered a "mathematical breakthrough" that allows the WPA encryption to be cracked dramatically faster. Some of the tools Tews and Beck used are rumored to have been already included in Aircrack-ng WEP/WPA PSK cracking tool. However, the encryption keys from PC to Router have not been cracked in this attack.