Comments on: WPA no longer considered reliable?

By: Chris Buechler

Chris Buechler — Mon, 24 Nov 2008 05:15:25 +0000

Thanks hawk, I updated the post. That was from the first day when the details weren’t so clear and I never went back and reviewed the content of the post.

By: hawk

hawk — Mon, 24 Nov 2008 05:10:16 +0000

It’s not really true that “WPA2 is not affected”, TKIP (the thing that has started showing cracks) is part of the WPA2 spec as well as the WPA spec.

However CCMP (AES), only mandatory in WPA2, is unaffected, so it is not as bad as it sounds.

By: Scott Ullrich

Scott Ullrich — Mon, 17 Nov 2008 18:26:53 +0000

Just because your paranoid does not mean they are not out to get you

By: RasKal

RasKal — Mon, 17 Nov 2008 08:29:15 +0000

Fully agree with p1nged and I’d also use x509 user certificate if L2TP/IPSec is not an option.
Bgrds.

By: p1nged

p1nged — Sun, 09 Nov 2008 03:37:16 +0000

yea, what blak111 said is true… they broke TKIP

in any case, the most secure for now is WPA2-Enterprise with AES & RADIUS authenication + using an L2TP/IPSec VPN on top of that… can all be done using pfsense

thats just being paranoid, but maybe required for certain applications

By: resmo

resmo — Fri, 07 Nov 2008 07:34:29 +0000

I wonder why people are so surprised about this “WPA cracked” story. Anybody knows WPA is WEP improved and so this can’t not be secure.

I think the reason is, that WPA and WPA2 looks almost like the same for common people. They only see WPA and remember they also used something called WPA, obviously WPA2 and start screaming.

By: Chris Buechler

Chris Buechler — Fri, 07 Nov 2008 01:31:12 +0000

I updated Scott’s post with some additional information.

By: blak111

blak111 — Thu, 06 Nov 2008 23:39:49 +0000

I believe this weakness is just with TKIP, which was just basically WEP on steroids. It’s very similar to WEP to avoid conflicts with needing better drivers or better hardware to support anything better like AES.