hype-free: There goes nothing

Tuesday, November 11, 2008

There goes nothing

People, please stop the fear mongering. The F-Secure blog has a post titled There Goes WPA telling us how insecure WPA is now with Elcomsoft (great guys BTW) using the GPU to gain a factor 100 in the breaking speed and researchers breaking the TKIP part.

What it fails to do is to point out is that adding just two characters to the WEP password negates the Elcomsoft problem and that breaking TKIP is only a part of the encryption of WPA. It also fails to give some actionable advice like:

When possible, use WPA2 (WPA2 is not affected - it uses an entirely different - and much stronger - encryption algorithm - AES vs. a modified version of RC4)
Access points can be set to "rekey" themselves regularly. Until you can migrate over to
This doesn't affect the "enterprise" deployments of the access points, only the "pre-shared key" deployments.

Update: take a look at the RaDaJo blog for more technical details (as opposed to senseless fearmongering).

0 comments:

Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.

Using the embedded comment form requires JavaScript to be turned on for the blogger.com domain. However, you can still comment using the traditional method.