WPA TKIP broken by Erik Tews
Sunday, November 09 2008 @ 12:11 PM EST
Views: 4,069
Erik Tews and Martin Beck of TU-Darmstadt, Germany (Both contributors to aircrack-ng) yesterday released the first published work on cracking WPA encryption in less then 15
minutes without the use of brute-force or dictionary based attacks in a paper titled
Practical attacks against WEP and WPA
From: dl.aircrack-ng.org
In this paper, we describe two attacks on IEEE 802.11 based wireless
LANs[2]. The first attack is an improved key recovery attack on WEP,
which reduces the average number of packets an attacker has to intercept
to recover the secret key. The second attack is (according to our know-
ledge) the fi rst practical attack on WPA secured wireless networks, besides
launching a dictionary attack when a weak pre shared key (PSK) is used.
The attack works if the network is using TKIP to encrypt the traffic. An
attacker, who has about 12-15 minutes access to the network is then able
to decrypt an ARP request or response and send 7 packets with custom
content to network.
See the full paper at dl.aircrack-ng.org