WPA-PSK is vulnerable to offline attack.
WPA-TKIP has been cracked.
TO AVOID THESE PROBLEMS:
1. USE WPA-AES or WPA2 instead of WPA-TKIP (or WEP)
2. USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples:
BAD: "vintage wine"
GOOD: "floor hiking dirt ocean"
(pick your own words, even longer is better)
FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS.
BACKGROUND:
Weakness in Passphrase Choice in WPA Interface
<http://wifinetnews.com/archives/002452.html>
Practical attacks against WEP and WPA
<http://dl.aircrack-ng.org/breakingwepandwpa.pdf>
A Practical Message Falsi cation Attack on WPA
<http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%2 0on%20WPA.pdf>
New attack cracks common Wi-Fi encryption in a minute
<http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi-fi.html>
Passphrase Flaw Exposed in WPA Wireless Security
<http://www.technewsworld.com/story/32070.html>
Re: ALERT: WPA-TKIP isn't secure - use WPA2 instead
On Sat, 05 May 2012 14:29:45 +0000, John Navas wrote:
> WPA-PSK is vulnerable to offline attack.
> WPA-TKIP has been cracked.
Hi John Navas,
I don't know you but you seem to be crontabbing alerts so you might want
to consider making an alert for the WPS vulnerability which negates all
other security on all wi-fi certified routers.
Re: ALERT: WPA-TKIP isn't secure - use WPA2 instead
On Mon, 21 May 2012 16:45:16 +0000, Arklin K. wrote:
> On Sat, 05 May 2012 14:29:45 +0000, John Navas wrote:
>> WPA-PSK is vulnerable to offline attack.
>> WPA-TKIP has been cracked.
>
> Hi John Navas,
>
> I don't know you but you seem to be crontabbing alerts so you might want
> to consider making an alert for the WPS vulnerability which negates all
> other security on all wi-fi certified routers.
>
> Details here:
> http://www.kb.cert.org/vuls/id/924307
ALERT: WPA-TKIP isn't secure - use WPA2 instead 
Linear Mode
