Discussion in 'Tomato Firmware' started by Kiwi8, Nov 13, 2008.
There's a fairly good description of the attack at http://arstechnica.com/articles/paedia/wpa-cracked.ars/1. It's serious but it's not that bad.
The summary is:
So security freaks should now use WPA2 or WPA-AES encryption for their WiFi networks, eh?
I wouldn't say security freaks, I would say anyone who wants a secure wireless network.
Though people probably do attack business networks, I would bet more home users wireless security is attacked by people in their neighborhood looking for free/alternative internet service for downloading music & movies Illegally.
Definitely a good thing keeping your wireless locked down and as secure as possible, Though I wouldn't consider myself a security freak.
Using good security is so easy, everyone should do it. Other than older devices that can't use WPA/AES, there's no good reason not to.
I'd say it all depends on how paranoid you are.
The break means that hackers can inject small packets that are slight variants of already existing small packets into your network. Your password isn't cracked, and neighbors can't use your network for their downloading.
How much damage can the injection of small packets cause? Who knows.
I'd say the claim is either a bit wide, or perhaps misrepresented on itworld: They cracked WPA/TKIP (partly), they did not crack WPA/AES. AES encryption has long been an optional encryption algorithm for WPA, so to crack WPA, you should have cracked both TKIP and AES.
A bit academic, but I know there will be people out there propagating "Don't use WPA, it's been cracked", while they should propagate "Don't use TKIP (even with WPA2), use AES".
Anyway, the bottom line is never to use TKIP when you can use AES - it's faster AND more secure.
I'm not worried. I still have 3 WEP neighbors.