On Mon, 31 Aug 2009 12:55:46 -0500 "Boyd Stephen Smith Jr." <b...@iguanasuicide.net> wrote:
... > Actually, I think I was referring to the earlier 12 to 15 minute attack, > although I didn't get either from slashdot. http://www.itworld.com/security/57285/once-thought-safe-wpa-wi-fi-encryption-cracked http://it.slashdot.org/article.pl?sid=08/11/06/1546245&tid=76 > In any case, it would appear that I was mis-remembering the severity of the > attack. Breaking the TKIP would let the attacker on the network, but it > wouldn't necessarily let them sniff your packets. The article actually claims that inbound packets from the AP *are* readable with the attack, although outbound packets aren't: "There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer. They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack" The article on the new attack also claims that packets can be read: http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi-fi.html http://hardware.slashdot.org/story/09/08/27/180249/WPA-Encryption-Cracked-In-60-Seconds "Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima." Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
