Sun, 9 November 2008
German graduate students Erik Tews and Martin Beck have discovered an exploitable hole in WPA, a popular wireless encryption protocol. This week, Tews will present a paper on the topic at the PacSec conference in Tokyo. In this podcast Mike Qaissaunee and I discuss wireless network security and this newly discovered WPA hole.
Here's a list of questions asked during the podcast:
Where is the information for this podcast coming from?
Why is this important?
So, we've now got a security issue with WPA encryption! Before we get to WPA - can you give us a little background on wireless encryption?
So, the first attempt was WEP. Most devices still support it - why should we not use it?
So, that's not good. What did the IEEE do?
What else did the 802.11i group do - what was the second solution?
So, let me make sure I understand. Older wireless devices can be updated to support WPA which includes TKIP. Now, I've heard of WPA2 - what is that?
So, the new products support both but old products only support WPA. I think I've got it! What did Tews and Beck actually crack?
So the problem is with old devices that only support WPA and TKIP and not WPA and AES?
What is the problem with TKIP?Now, didn't WEP use checksums this way?
The ars technica piece mentioned short packets are ideal - especially ARP broadcasts. Why?
Let me see if I understand, an attacker sniffs a packet, makes minor
modifications to affect the checksum, and checks the results by sending
the packet back to the access point.
So it is not something we should be worried about?
What can we do to protect our networks?
Can you describe rekeying?
Now, I've heard of this - you need to be careful. You don't want to enable rapid rekeying unless ALL of your clients support IEEE 802.1x and an authentication method (e.g. EAP-TLS) that supports key distribution.
So, let's get to the point here - WPA really is not broken?
Listen to get the answers!