Researchers Erik Tews and Martin Beck have discovered a way to break the TKIP (Temporary Key Integrity Protocol) key used by WPA in about fifteen minutes. However, before you blindly panic and run to the hills or set fire to your network gear, relax. The research isn’t as bad as you think.
Wi-Fi Protected Access (WPA) is the method of wireless security that is preferred over WEP (Wired Equivalent Privacy). Yet, most will encourage the use of WPA2 if it is available.
Tews and Beck are scheduled to give a talk about their research next week in Japan during PacSec. Dragos Ruiu, the PacSec conference’s organizer, told the media in a few different interviews that, “Everybody has been saying, ‘Go to WPA because WEP is broken. This is a break in WPA”
Ruiu also said that he expects more research to follow, “It’s just the starting point,” he said to IDG News. “Erik and Martin have just opened the box on a whole new hacker playground.”
So what have the researchers done? They use math and a flood of data from a WPA enabled router, systematically pulling together the TKIP key. This is not a simple dictionary-based attack. However, in an interview quoted by ARS Technica, “We only have a single keystream; we do not recover the keys used for encryption in generating the keystream,” Tews said.
In short, news that TKIP keys are broken is false. They can be broken by dictionary attacks faster than they can with Tews and Beck’s methods. This is especially true for TKIP keys that use weak or small values.
The central point that needs mentioned, and ARS did a great job here, is that TKIP is a stepping stone for AES encryption. Business and even homes that are using AES are not vulnerable to the attack described in the talk to be given at PacSec.
If you use WPA, you are safe as well, even if you do use TKIP. All you have to do is follow the general rule of picking a long and strong network key. The longer the key, the harder it is to crack.
Tews even points out that networks using WPA with TKIP are fine, if all they are using it for is to protect their bandwidth, just remember the long and strong network key.
Another item of note is that the researchers, while cracking the TKIP key, were not able to access any data traversing the network.