As already mentioned, this is OLD news, the TKIP bandaid was totally insufficient to remediate the totally incorrect manner in which the RC4 cipher promitive was utilized.

The only thing interesting about this story is that it is 4-5 years late!

Why anyone is messing with this stuff and simply not using 802.11i-AES is fascinating...But then the credit card PCI DSS system will have commercial vendors off WEP in 2 years! LOL!

This is like reading a paper taken from a time capsult stuck in the corner of an old building that has been razed.

What next? ...writing digitized data to new plastic disks?

This article is just stating that new research has got the crack time down to 15 minutes.

It's like when they reported on WEP being cracked within 1 minute quite recently.

Yes, it's been cracked before, but this is a refining of the method.

I understand.

But when someone essentially has an unlimited time period (limited only to the duration of the message and how continuous or bursty the transmission is) to crack it, what does this matter?

Does this have a real impact on the net result when someone doesn't even have to worry about being discovered in the act?

Aircrack has been out for years. This is only news to those oblivious to the Swiss cheese nature of the protocol. And ironically, these are the same people who CONTINUE to use it - regardless of the announcement.

I only wish it made a difference to the masses where the message should not be on how long it takes to crack it, but rather "Why in hell are you still using it?!"

Manwhile the credit card industry is still using WEP to transmit your credit card data 'for only 2 more years'!!

Just get a laptop (with a few extra batteries (as you are going to be BUSY!) and sit in a courtyard in the mall with Aircrack! And have a lucrative Christmas season. :-S

I hacked NATO Ghostcom in less than 15 seconds.

WPA using TKIP has been exploitable using brute force dictionary attack on the passphrase for years. This is nothing new. WPA2 with AES however has yet to be cracked. You're also safe if your passphrase is a bunch of random non-dictionary word characters (16+) even with TKIP.

Nothing like people taking credit for something that is common knowledge.

I think you misunderstood. The article says the brute force or the dictionary attack (two different options actually) were the OLD hacking techniques. "Martin Beck have discovered a "mathematical breakthrough" that allows the WPA encryption to be cracked dramatically faster."

I can't imagine an effective brute force without a word list. They are one in the same in my opinion. For the record, I've cracked WPA TKIP in about 20 minutes on a dual quad xeon number cruncher. So this is nothing new to me and many others. Regardless, I'm very interested in seeing the details behind their 'claims'. Because as of right now, that's all it is.

back to the drawing board then

Well the article specifically says WPA, so since we've already got WPA2, I don't think any drawing boards are necessary.

I never could get WPA to work on any network that I configured, regardless of brands, driver verions, etc. With WPA running nodes would never see the access point so I was forced to use WEP every time. Never did figure out what caused it.

keepin the wireless router/modem business alive =] its that easy.

Yeah, a lot easier than designing and releasing an actually working wireless N dual band gigabit router.

The security standard 802.11i has been ratified since spring of 2004. It is not dependent upon N or any channel or throughput.