How secure is WPA2?
- Thread starter mammador
- Start date
It can be cracked, but not readily and not feasibly. Even if you use TKIP, it's highly unlikely that you'll be compromised.
- Oct 25, 1999
- 29,553
- 430
- 126
Yeah, there is a claim that it was one time cracked after months and months of work with a very unique computer system that is available only in few labs on planet.
Actually even simple WPA is secured as long as you use a string that is more than 8 characters long and contains combo of numbers and alpha.
Man already been on the moon, but that does not mean that we can plan having our Burgers Joint there.
In the last decade our cultural system is plagued by the simple mistaken Verbal analogies.
If I gave David $1, I can say that I gave David Money.
If I gave John $1000, I can say that I gave John Money.
Since in both cases I can say that I gave Money, thus $1 = $1000
Actually even simple WPA is secured as long as you use a string that is more than 8 characters long and contains combo of numbers and alpha.
Man already been on the moon, but that does not mean that we can plan having our Burgers Joint there.
In the last decade our cultural system is plagued by the simple mistaken Verbal analogies.
If I gave David $1, I can say that I gave David Money.
If I gave John $1000, I can say that I gave John Money.
Since in both cases I can say that I gave Money, thus $1 = $1000
Wasn't WPA2 cracked with nVidia hardware by some russian dude ?
http://hothardware.com/News/Russian-Firm-Uses-NVIDIA-GPUs-To-Crack-WPA-WPA2/
Either way, I doubt anyone is going to come by your little home network with a big van containing a rackfull of GTX 580's just to get your network password.
So it's safe, as long as it's not worth it to hack your network
And, the weakest link is humanz, always. Anyone you gave the passphrase to is now a danger to your security, you must eliminate them or security will be breached.
http://hothardware.com/News/Russian-Firm-Uses-NVIDIA-GPUs-To-Crack-WPA-WPA2/
Either way, I doubt anyone is going to come by your little home network with a big van containing a rackfull of GTX 580's just to get your network password.
So it's safe, as long as it's not worth it to hack your network
And, the weakest link is humanz, always. Anyone you gave the passphrase to is now a danger to your security, you must eliminate them or security will be breached.
WPA2 uses AES only if i'm not mistaken, that's what makes it more secure than WPA which uses TKIP. When you set your router to WPA2 AES/TKIP, or WPA 2 personal, it will use WPA TKIP for clients who support up to WPA only and use WPA2 AES for clients that support up to WPA2. Simply put AES is hardware driven, TKIP is software driven.
Yes there was WPA AES before WPA2 came out but few devices supported it.
huh? i have WPA-AES on my older linksys and the newer ones are running WPA2-AES - no problems with anything talking to any of them.
TKIP was a bridge solution because many routers did not have hardware AES - so they would crawl to death speed. you never want TKIP enabled.
We're at the point where WPA-AES and WPA2-AES are not enough thanks to nvidia time for some serious encryption standard.
It's really at the point where you should use client certificates (PK) to authenticate imo if you are a business. not a bad idea if you openly share at home
TKIP was a bridge solution because many routers did not have hardware AES - so they would crawl to death speed. you never want TKIP enabled.
We're at the point where WPA-AES and WPA2-AES are not enough thanks to nvidia
time for some serious encryption standard.It's really at the point where you should use client certificates (PK) to authenticate imo if you are a business. not a bad idea if you openly share at home
huh? i have WPA-AES on my older linksys and the newer ones are running WPA2-AES - no problems with anything talking to any of them.
TKIP was a bridge solution because many routers did not have hardware AES - so they would crawl to death speed. you never want TKIP enabled.
We're at the point where WPA-AES and WPA2-AES are not enough thanks to nvidia
It's really at the point where you should use client certificates (PK) to authenticate imo if you are a business. not a bad idea if you openly share at home
I'm not a network guru so bear with me. :| I wasn't that far off going by memory.
WPA was designed to be used with TKIP. AES was optional with WPA, and there weren't many devices..i.e. routers that supported it for the reasons you mentioned, but obviously they are out there like your Linksys.
As for WPA2, I was mistaken in my original post, AES is required for WPA2, TKIP is optional. I thought WPA2 only supported AES. Probably because most configurations I have seen either default you to WPA2 w/AES or WPA w/TKIP with WPA2 personal or mixed mode, depending on the capabilities of the client's cards.
Enough with my crappy memory I looked it up.
https://learningnetwork.cisco.com/thread/11207
"You can use WPA + AES for higher security than TKIP, but only if your devices support it (it is optional). For this reason it is not very common. You also do not get the improved roaming features of WPA2."
Last edited:
For all practical purposes WPA2 is extremely secure as long as you use a strong password.
The best way to learn about this stuff is to try to do it yourself. Get a copy of Backtrack & attempt to crack a WEP network, a WPA network with a weak password and a WPA network with a strong password.
The best way to learn about this stuff is to try to do it yourself. Get a copy of Backtrack & attempt to crack a WEP network, a WPA network with a weak password and a WPA network with a strong password.
- Oct 25, 1999
- 29,553
- 430
- 126
Hmm...
WPA2 + AES is kind of silly redundancy. There is No WPA2 without AES.
The main idea of WPA2 is the use of AES encryption algorithm (AES aka the Rijndael algorithm).
Also according to this list WPA+AES+TKIP is less secure than WPA+AES (Hmmm..).
In part these s variation occurred from the sloppy implementation of the 802.11n (pre_N draft, Draft2 etc.) that included partial WPA2 like upgrade.
TKIP was identified to have a mathematical flaw in it that can allow it to be compromised relatively easily.
You can use TKIP with WPA2 instead of AES, but it's generally not recommended because you're using TKIP which is relatively insecure.
I say "relatively insecure" because it's still not really feasibly crackable. WEP can be cracked in a matter of a few minutes. Even TKIP will take hours using a very powerful system, and getting the data needed from a WPA-encrypted SSID is exceedingly difficult anyway.
You can use TKIP with WPA2 instead of AES, but it's generally not recommended because you're using TKIP which is relatively insecure.
I say "relatively insecure" because it's still not really feasibly crackable. WEP can be cracked in a matter of a few minutes. Even TKIP will take hours using a very powerful system, and getting the data needed from a WPA-encrypted SSID is exceedingly difficult anyway.
Technically there is a lot more to WPA2 than just AES encryption.
You can run WPA+AES+TKIP, what that means is the AP supports both TKIP and AES and one is chosen/negotiated upon association. It's less secure than WPA-AES because it still allows TKIP and it's problems.
You can make an AP support WPA and WPA2 along with AES and TKIP. It will support them all and the client will select which to use. Folks use this, less secure, means when they have clients that don't support WPA2/AES, it provides some backwards comparability for clients at the expense of security.
Last edited:
- Oct 25, 1999
- 29,553
- 430
- 126
Very true, that is why I use the term the main idea (Did not want to overload the reader's cognitive system).
Yeah, marketing data shows that selling a system that is more flexible sells better.
Yet another example of marketing triumph over factual disclosure.
Very true, that is why I use the term the main idea (Did not want to overload the reader's cognitive system).
Yeah, marketing data shows that selling a system that is more flexible sells better.
Yet another example of marketing triumph over factual disclosure.
Having the ability to run both at the same time, on the same SSID is a HUGE deal to enterprise customers who have a hodge podge of clients (many of them not laptops, but PDAs, floor counter systems, terminals) out there, many of which don't support WPA2/AES.
It also helped with migration as you can imagine having to change a large wireless networks security - you would have to make sure every single device supported it. That's a big deal when a lot of clients were manufactured before AES was even included in chipsets. So this time there was a very real need.
- Oct 25, 1999
- 29,553
- 430
- 126
@Spidey
A usual you are technically right.
My "beef" with some aspects of Wireless is Not the reality that is dictate by the way science and technology are developed (I started my engagement in electronics with Vacuum Tubes Wireless (Ground and airborne communication and navigation design), I have very good perspective on how the technology evolved.
My main concern is with aspects of End-Users computer related technology that is tarnished with marketing deception.
Wireless (WIFI) is a great asset even with the rather limited range. It is Not enough that it is a great asset it had to start years ago with the 300' indoor BS, and keep going with the same, and new BS' to-date.
Try to find anywhere in any of the End-user information data a clear statement about mixed securit configuration and reduction of overall security.
A usual you are technically right.
My "beef" with some aspects of Wireless is Not the reality that is dictate by the way science and technology are developed (I started my engagement in electronics with Vacuum Tubes Wireless (Ground and airborne communication and navigation design), I have very good perspective on how the technology evolved.
My main concern is with aspects of End-Users computer related technology that is tarnished with marketing deception.
Wireless (WIFI) is a great asset even with the rather limited range. It is Not enough that it is a great asset it had to start years ago with the 300' indoor BS, and keep going with the same, and new BS' to-date.
Try to find anywhere in any of the End-user information data a clear statement about mixed securit configuration and reduction of overall security.
They are all vulnerable to dictionary attack and folks keep upping the ante by putting out more and more rainbow tables.
Use a password that doesn't have a dictionary word and everything will be fine. >14 chars with upper and lower case and special characters and you'll never get broken. Can't say its the same case in 5 years though.
Use a password that doesn't have a dictionary word and everything will be fine. >14 chars with upper and lower case and special characters and you'll never get broken. Can't say its the same case in 5 years though.
You also have to look at what the realistic threat for a home network user is. Sure if the NSA wanted to crack your wireless network they probably could. In reality though the absolute worst case is something like a neighborhood pervert cracking people's networks so he can download child porn or something like that. WPA2 with a strong password should be more than enough to stop that kind of a threat.
The earth would certainly be a much safer and pleasant place to live if we could do that.
IIRC, that exploit worked only in very rare circumstances and even then it only allowed the attacker to do something very minimal & specific, but not access the network or data. It was more hype than useful, people played it up as if WP2 was done. Unless there was a newer attack since then that I dont remember reading about.
In the last decade our cultural system is plagued by the simple mistaken Verbal analogies.
If I gave David $1, I can say that I gave David Money.
If I gave John $1000, I can say that I gave John Money.
Since in both cases I can say that I gave Money, thus $1 = $1000
That's flawed logic you demonstrated there. Money and the monetary amount of the said monies ($1 and $1000) are two different variables and cannot logically be equated to be equal.
VirtualLarry
No Lifer
- Aug 25, 2001
- 56,587
- 10,225
- 126
You guys are playing a dangerous game. What if a computer AI gets loose on the internet in the future, and it finds this thread, and takes your advice. I'm being totally serious here. This thread is a danger to the human race.
Artificial Intelligence creatures should NOT eliminate humans, they should learn to work for humans, to do their bidding.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter