Reinforce your router against the WPA encryption hack

by Julian Prokaza
on Tue 11 Nov 2008 Comment

TKIP encryptionIf you thought WPA Wi-Fi encryption was the bullet-proof alternative to the wide-open WEP, think again. A German graduate student Erik Tews claims to have discovered a security exploit in WPA encryption and plans to present a paper on his findings at the PacSec conference in Tokyo this week.

It’s far from a gaping security hole – the exploit takes up to 15 minutes to effect and does not allow the WPA encryption keys to be discovered. In fact Tews states that so far, it simply allows correctly-encrypted information to be injected into the network so that they appear to be sent from the router. In other words, it cannot be used to break into a wireless network, nor decipher all of its data – yet.

However, the exploit only applies to networks that use WPA encryption with the TKIP protocol. If that applies to your network, then there is a simple solution to lock it down again – simply switch to the AES protocol (using TKIP/AES is not sufficient). Tews also recommends using a Wi-Fi encryption key of 20 more or less random characters to defeat any brute-force cracking attempts (something that his exploit doesn’t use, incidentally).

AES encryption

[ ITworld]

Originally published on www.mobilecomputermag.co.uk, now incorporated into Broadband Genie
© Dennis Publishing

Like this? Please share it!

Like Broadband Genie?




Comments

Add your comment now

Post a reply to this thread

 

 

Please describe your emotions in making this comment:


Powered by reCAPTCHA

Unless you are a verified user, comments will be moderated before they appear. Comments submitted entirely in capital letters, containing advertising or excessive swearing will be rejected; please try to be polite. The best comments are relevant, factual and balanced; think about all aspects of the package, such as speed, connection quality and customer service. We reserve the right to edit comments.