Thoughts on the “WPA crack”November 6, 2008 at 23:17 | Posted in Privacy/Security | Comments Off on Thoughts on the “WPA crack”
Tags: aes, crack, privacy, raduis, router, safe, safety, secure, security, TKIP, WPA, wpa2
There is going to be a lot of hubbub about the announced WPA crack.
Is it important?!
Is it the end of the world or Wifi!?
Not by a long shot.
First, It is important to note that all the detail aren’t out yet and wont be for a week. What we do know is that it’s TKIP that was cracked not all of WPA and only half of the conversation is cracked (router to client) the other half (client to router) is still secure (so far).
It is also important to remember that WPA/TKIP was a stopgap measure till until the industry could get WPA2/AES support out, hardware wise, and into the various operating system. Basically, if you set your router to WPA2/AES (not WPA2/AES-TKIP) you are still bullet proof. The only people that this will be a big problem for is people on older hardware that can not support WPA2/AES.
Also, any businesses with sensitive data on a wireless network SHOULD already be using WPA2 Enterprise and a Raduis server.
There is going to be huge amounts of hype about this. It’ll make good fodder for the content hungry non-tech savvy 24 hour news cycle. But the reality is that only part, of a stop-gap, and outdated version of WPA has been cracked. There is a widely available, well supported more secure option, readily available and probably in most peoples homes already.
So, I’m short, the crack is news. It will definitely be cool to see how it was achieved. Clearly serious study and thought went into it. It however, is not “the end of wifi”, or “a major problem” or even “something that wasn’t anticipated”.
So, breath, check that your wifi routers are set to WPA/AES and relax.