22

I understand at least theoretically WPA2 is more secure than WPA, but in practice does it make any difference which one you use? From what I know there are no known attacks for either except for dictionary attacks, in which case if you are using WPA or WPA2 it is the same.

What about specific implementations? Have there been attacks against particular routers or AP's for either WPA or WPA2?

Basically, at the moment, is WPA just as practically secure as WPA2?

AviD
  • 72,138
  • 22
  • 136
  • 218
Sonny Ordell
  • 3,476
  • 9
  • 33
  • 56

1 Answers1

10

Timing attacks against WPA TKIP have been successfull: http://www.itworld.com/security/57285/once-thought-safe-wpa-wi-fi-encryption-cracked

Also curtusy of @Iszi Japanese researchers in 2009 published a paper saying that they had been able to decrypt WPA-TKIP traffic: http://pcworld.about.net/od/securit1/New-Attack-Cracks-Common-Wi-Fi.htm

If you are using WPA - AES no practical difference as you say other than bruteforcing or guessing password. Although unless you need it for backward compatibility why not use WPA2?

Rakkhi
  • 5,783
  • 1
  • 23
  • 47
  • 1
    I actually thought of mentioning the TKIP timing attacks in my question, but hadn't bothered to clarify. Even then, they don't allow for joining the network, just DoS attacks in the way of interfering with ARP messages, right? – Sonny Ordell Jun 02 '11 at 08:56
  • 1
    You could be right, I didn't dig much further than WPA broken TBH. Probably like SHA1, technically broken, still ok to use but don't if you can avoid it. – Rakkhi Jun 02 '11 at 09:43
  • 2
    Might want to add this one to your answer. Not quite a year after your article, this one claims a newer attack can *"...give hackers a way to read encrypted traffic..."* on some WPA-TKIP networks. http://pcworld.about.net/od/securit1/New-Attack-Cracks-Common-Wi-Fi.htm – Iszi Jun 02 '11 at 12:50