People, please stop the fear mongering. The F-Secure blog has a post titled There Goes WPA telling us how insecure WPA is now with Elcomsoft (great guys BTW) using the GPU to gain a factor 100 in the breaking speed and researchers breaking the TKIP part.
What it fails to do is to point out is that adding just two characters to the WEP password negates the Elcomsoft problem and that breaking TKIP is only a part of the encryption of WPA. It also fails to give some actionable advice like:
- When possible, use WPA2 (WPA2 is not affected – it uses an entirely different – and much stronger – encryption algorithm – AES vs. a modified version of RC4)
- Access points can be set to “rekey” themselves regularly. Until you can migrate over to
- This doesn’t affect the “enterprise” deployments of the access points, only the “pre-shared key” deployments.
Update: take a look at the RaDaJo blog for more technical details (as opposed to senseless fearmongering).