SUMMARY:
WPA-PSK is vulnerable to offline attack. WPA-TKIP has been cracked.
TO AVOID THESE PROBLEMS:
- USE WPA-AES or WPA2 instead of WPA-TKIP (or WEP)
- USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples: BAD: "vintage wine" GOOD: "floor hiking dirt ocean" (pick your own words, even longer is better) FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS.
BACKGROUND:
Weakness in Passphrase Choice in WPA Interface
Practical attacks against WEP and WPA
A Practical Message Falsication Attack on WPA
New attack cracks common Wi-Fi encryption in a minute
Passphrase Flaw Exposed in WPA Wireless Security
Cracking Wi-Fi Protected Access (WPA)
Cracking WEP and WPA Wireless Networks