WPA Cracked

The Arstechnica blog has reported that some researchers have found a whole in WiFi Protected Access (WPA). This was presented in a paper by Erik Tews and Martin Beck. It discusses how they cracked the WPA encryption. They are able to successfully send bogus data to a WiFi client. The researchers started with an existing attack on Wired Equivalent Privacy (WEP). The original hack sniffed packers and modified them. They are only able to decrypt short packets.

WEP came out with a basic encryption technique. However the checksums were too weak. The replacement had a goal to be stronger. But it also needed to maintain backward compatibility. An advanced encryption system (AES) option was added. Using AES alleviates the risk of your packets being cracked. Some other techniques to make it hard for the crackers is to employ the option to rekey regularly. This makes transmission more secure. The best method is to choose a very long key.

The idea to move from WEP to WPA was a good one. However the limitation was that they wanted to still run on legacy hardware. The solution chosen was to use a 128 bit key. WPA, or more specifically Temporal Key Integrity Protocol (TKIP), changes the key for every packet. There is a sequence in the key. The length of the sequence is 48 bits. This is good because it will be a long time before such a long number is ever repeated.

I have seen the options to enable both WEP and WPA on my router. Previously they were just weird acronyms. However I want to get more into security and encryption and all that good stuff. There is a lot to learn however. Luckily I have a little bit of background in networking programming. Hopefully that will enable me to get up to speed quickly. The problem is that I am doing this as a side project. I am hoping that maybe I can get a job, even if it is a short term one, in this field to totally immerse myself in it.