Is WPA-PSK + TKIP really that easily breakable? I don't think so.

I have a network using WPA-PSK + TKIP and I have seen articles like on Tom's hardware about how to crack it but I am not particularly confident its *that* insecure if you configure other options and use very long complex passwords. I have run Kismet, airsnort, etc, etc to try to crack my own key and after 18 hours was unable to get enough IV's to get anywhere.

I am using a group key interval that changes frequently, SSID is indeed broadcast but the password strength is extremely strong. Antenna gain on my wireless ap's are cranked down to my building only with particularily weak signal > 10 ft from the outside. I also have physical security patrolling 24/7 on the perimeter of this property (security guards).

Feel free to lambast me and tell me I'm wrong but I don't believe WPA-PSK + TKIP is all that easy to crack- if at all with proper passwords and other efforts.

Of course intend to go 802.1x when available but this is my current option. If there is strong reason to believe that this is easily compromisable I would love to know this as I will shutdown my AP's until stronger auth is available to me.

Thank You!

Reply to
foo
Loading thread data ...

Welll...I'm not so sure about that.

formatting link
formatting link
Although these mostly indicate that there are weak passwords it *is* indeed breakable in certain conditions.

Reply to
foo

I haven't read anywhere that AES or TKIP is weak.

Of course, a pre-shared key is the weak point in any encryption. But with choice of a good pre-shared key and keeping it a secret should be very secure. Other than a dictionary search for weak keys, I don't believe there are any reports of WPA-PSK being broken.

Reply to
Jerry Park

Great this was my suspicion.

Thanks!

Reply to
foo

Damn! Now I have to change my key...

Reply to
Derek Broughton

Both of those links only show a weakness in WPA-PSK if you use a poor phase to generate the key. If you use a random 63 character key something like;

)G{i=EH8$2W*=aSK ([ZFuE-9y-/DRZL'MRSimiQ>L}ebUP\\MRN.]meim o!P7s

A brute force or directory attack will not be able to crack it. Even a man-in-the-middle attack will fail with such a random set of characters.

So at the moment WPA-PSK is ultra safe if implemented correctly.

-- JM

Reply to
JM

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.