WiFi WPA Encryption Partially Hacked

WPA Encryption, Temporal Key Integrity Protocol (TKIP) has been partially hacked.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference’s organizer.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

The key things to note is:

  1. The TKIP key has been hacked, but they haven’t managed to crack the encryption keys for data…. yet.
  2. This involves WPA, not WPA2 which supports AES.

I personally started using WPA2 and completely disabled support for TKIP a long time ago. I’m sure it will eventually be cracked, but hopefully I’ll be using something else by then.

Another good idea is to always ensure sensitive info is done using HTTPS if you can help it.

Edit [11/8/2008 @ 11:49 AM EST]: More info.

Skype is pretty good

I rarely do software reviews, but thought I’d quickly give a mention to Skype.

Skype is not VoIP, but allows you to voice chat with other users. For free. But it’s better than it’s competitors.

AIM has “talk” but it doesn’t work behind any firewalls. Quality isn’t great. Yahoo works behind some firewalls, but quality is even worse. Skype works behind firewalls and has excellent quality. I’d say better than most phones. It’s also encrypted for your protection (using AES) Skype is overall very sexy in performance. Minimal bandwidth, and optimal quality. My hope is that they manage to keep PC to PC calls free forever (without ads).

I do hope however that some open source alternatives become available. This technology will be big in the next year or two. Just as VoIP is kicking off, this going to be something worth looking into for many people. But I hope it will be open protocols like Email, rather than a closed protocol mess like IM. This has the potential to be a real golden internet tool. Hopefully it won’t loose out to patents and proprietary networks.

Anyway. It’s a great product to look at, and give it a shot. I’m personally convinced this concept has finally come of age. It’s just a matter of them opening the protocol so others can build clients to use their network (and perhaps subscribe to their paid services), or if the open source community needs to create their own universal network.