One year after a vulnerability in the Wi-Fi Protected Access encryption algorithm was reported, a proof-of-concept program for the attack has been released. . . .
One year after a vulnerability in the Wi-Fi Protected Access encryption algorithm was reported, a proof-of-concept program for the attack has been released.

The attack affects only Wi-Fi networks using WPA in pre-shared key mode. It is a dictionary attack, meaning that it cycles through a list of words and combinations of words attempting to find one that matches the data on the network. Longer, more random passwords or passphrases, and enterprise implementations that use external authentication systems, are not affected by the vulnerability.

The group that released the crack program, Tinypeap, writes Wi-Fi-related software, including a small radius server for certain Linksys routers. The company also wrote a white paper that explains how the crack works and criticizing WPA for the broadcast of data necessary in the creation and verification of a session key. This is the information that the program subjects to the dictionary attack. The white paper also recommends using the company's Tinypeap radius server as a solution to the problem.

The link for this article located at eweek.com is no longer available.